Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multi instance type implementation part 4 - Ansible Security workshop #2019

Merged
merged 7 commits into from
Aug 9, 2023
Merged

Multi instance type implementation part 4 - Ansible Security workshop #2019

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
b895c21
devel -> stable-2.15
heatmiser Jul 12, 2023
3fdbd67
Merge remote-tracking branch 'upstream/devel' into devel
heatmiser Jul 13, 2023
ab2ebaa
Merge remote-tracking branch 'upstream/devel' into devel
heatmiser Jul 29, 2023
636bff2
retry loop for chkpnt, qradar, splunk, windows
heatmiser Aug 8, 2023
27604df
Use only supported instance sizes
heatmiser Aug 9, 2023
63df3b3
*a types as fallback for windows, qradar
heatmiser Aug 9, 2023
da4fda1
m5a performance flaky with windows
heatmiser Aug 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 16 additions & 4 deletions roles/manage_ec2_instances/defaults/main/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,10 @@ ec2_info:
owners: 679593333241
filter: 'Check Point CloudGuard IaaS BYOL*R80.40*'
architecture: x86_64
size: m5.xlarge
size:
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
ami: "{{ checkpoint_mgmt_ami| default(omit) }}"
username: admin
checkpoint_gw:
Expand All @@ -92,7 +95,10 @@ ec2_info:
windows_ws:
owners: 679593333241
filter: 'Windows_Server-2016-English-Full-Base*'
size: m5.xlarge
size:
- m5.xlarge
- m6i.xlarge
- r5.xlarge
ami: "{{ windows_ws_ami| default(omit) }}"
username: Administrator
disk_volume_type: gp3
Expand Down Expand Up @@ -222,7 +228,10 @@ ec2_info:
username: admin
splunk_enterprise:
owners: 309956199498
size: c4.4xlarge
size:
- c5a.4xlarge
- c5.4xlarge
- c4.4xlarge
os_type: linux
disk_volume_type: gp3
disk_space: 200
Expand All @@ -245,7 +254,10 @@ ec2_info:
username: ec2-user
qradar:
owners: 721066863947
size: t2.2xlarge
size:
- t3.2xlarge
- t3a.2xlarge
- t2.2xlarge
os_type: linux
disk_volume_type: gp3
disk_space: 300
Expand Down
185 changes: 31 additions & 154 deletions roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,85 +1,17 @@
---
- name: Create EC2 instances for qradar
amazon.aws.ec2_instance:
key_name: "{{ ec2_name_prefix }}-key"
security_group: "{{ ec2_security_group }}"
instance_type: "{{ ec2_info['qradar']['size'] }}"
image_id: "{{ qradar_ami['image_id'] }}"
region: "{{ ec2_region }}"
exact_count: "{{ student_total }}"
state: running
filters:
"tag:Workshop_qradar": "{{ ec2_name_prefix }}-qradar"
instance-state-name: running
tags:
Workshop_qradar: "{{ ec2_name_prefix }}-qradar"
Workshop: "{{ ec2_name_prefix }}"
Workshop_type: "{{ workshop_type }}"
AWS_USERNAME: "{{ aws_user }}"
owner: "{{ aws_user }}"
Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}"
Ansible_Workshops: "This was provisioned through the ansible workshops provisioner"
Students: "{{ student_total }}"
username: '{{ ec2_info["rhel8"]["username"] }}'
short_name: "qradar"
ansible-workshops: "true"
wait: "{{ ec2_wait }}"
network:
assign_public_ip: true
vpc_subnet_id: "{{ ec2_vpc_subnet_id }}"
volumes:
- device_name: /dev/sda1
ebs:
volume_type: "{{ ec2_info['qradar']['disk_volume_type'] }}"
volume_size: "{{ ec2_info['qradar']['disk_space'] }}"
iops: "{{ ec2_info['qradar']['disk_iops'] }}"
throughput: "{{ ec2_info['qradar']['disk_throughput'] }}"
delete_on_termination: true
when: security_console == 'qradar'
async: "{{ async_timeout_seconds }}"
poll: 0
register: qradar_async

- name: Create EC2 instances for splunk
amazon.aws.ec2_instance:
key_name: "{{ ec2_name_prefix }}-key"
security_group: "{{ ec2_security_group }}"
instance_type: "{{ ec2_info['splunk_enterprise']['size'] }}"
image_id: "{{ splunk_ami['image_id'] }}"
region: "{{ ec2_region }}"
exact_count: "{{ student_total }}"
state: running
filters:
"tag:Workshop_splunk": "{{ ec2_name_prefix }}-splunk"
instance-state-name: running
tags:
Workshop_splunk: "{{ ec2_name_prefix }}-splunk"
Workshop: "{{ ec2_name_prefix }}"
Workshop_type: "{{ workshop_type }}"
AWS_USERNAME: "{{ aws_user }}"
owner: "{{ aws_user }}"
Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}"
Ansible_Workshops: "This was provisioned through the ansible workshops provisioner"
Students: "{{ student_total }}"
username: '{{ ec2_info["rhel8"]["username"] }}'
short_name: "splunk"
ansible-workshops: "true"
wait: "{{ ec2_wait }}"
network:
assign_public_ip: true
vpc_subnet_id: "{{ ec2_vpc_subnet_id }}"
volumes:
- device_name: /dev/sda1
ebs:
volume_type: "{{ ec2_info['splunk_enterprise']['disk_volume_type'] }}"
volume_size: "{{ ec2_info['splunk_enterprise']['disk_space'] }}"
iops: "{{ ec2_info['splunk_enterprise']['disk_iops'] }}"
throughput: "{{ ec2_info['splunk_enterprise']['disk_throughput'] }}"
delete_on_termination: true
when: security_console == 'splunk'
async: "{{ async_timeout_seconds }}"
poll: 0
register: splunk_async
- name: Initialize/reset list count
ansible.builtin.set_fact:
list_count: "reset"

- name: Call qradar retry tasks include
ansible.builtin.include_tasks: security_ec2_create_loop_qradar.yml

- name: Initialize/reset list count
ansible.builtin.set_fact:
list_count: "reset"

- name: Call splunk retry tasks include
ansible.builtin.include_tasks: security_ec2_create_loop_splunk.yml

- set_fact:
siem_async: "{{ splunk_async }}"
Expand All @@ -99,82 +31,26 @@
- name: Call snort retry tasks include
ansible.builtin.include_tasks: security_ec2_create_loop_snort.yml

- name: Initialize/reset list count
ansible.builtin.set_fact:
list_count: "reset"

- name: Call attack sim retry tasks include
ansible.builtin.include_tasks: security_ec2_create_loop_attacksim.yml

- name: Create EC2 instances for Check Point CloudGuard Security Management
amazon.aws.ec2_instance:
key_name: "{{ ec2_name_prefix }}-key"
security_group: "{{ ec2_security_group }}"
instance_type: "{{ ec2_info['checkpoint_mgmt']['size'] }}"
image_id: "{{ checkpoint_mgmt_ami['image_id'] }}"
region: "{{ ec2_region }}"
exact_count: "{{ student_total }}"
user_data: "{{ lookup('template', 'gaia-mgmt-ftw-user-data.sh.j2') }}"
state: running
filters:
"tag:Workshop_checkpoint_mgmt": "{{ ec2_name_prefix }}-checkpoint"
instance-state-name: running
tags:
Workshop_checkpoint_mgmt: "{{ ec2_name_prefix }}-checkpoint"
Workshop: "{{ ec2_name_prefix }}"
Workshop_type: "{{ workshop_type }}"
AWS_USERNAME: "{{ aws_user }}"
owner: "{{ aws_user }}"
Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}"
Ansible_Workshops: "This was provisioned through the ansible workshops provisioner"
Students: "{{ student_total }}"
username: "{{ ec2_info['checkpoint_mgmt']['username'] }}"
short_name: "checkpoint_mgmt"
ansible-workshops: "true"
wait: "{{ ec2_wait }}"
network:
assign_public_ip: true
vpc_subnet_id: "{{ ec2_vpc_subnet_id }}"
async: "{{ async_timeout_seconds }}"
poll: 0
register: checkpoint_mgmt_async

- name: Create EC2 instances for Windows Workstation (SECURITY MODE)
amazon.aws.ec2_instance:
key_name: "{{ ec2_name_prefix }}-key"
security_group: "{{ ec2_security_group }}"
instance_type: "{{ ec2_info['windows_ws']['size'] }}"
image_id: "{{ windows_ws_ami['image_id'] }}"
region: "{{ ec2_region }}"
exact_count: "{{ student_total }}"
state: running
user_data: "{{ lookup('template', 'windows_userdata.txt.j2') }}"
filters:
"tag:Workshop_windows": "{{ ec2_name_prefix }}-windows"
instance-state-name: running
tags:
Workshop_windows: "{{ ec2_name_prefix }}-windows"
Workshop: "{{ ec2_name_prefix }}"
Workshop_type: "{{ workshop_type }}"
AWS_USERNAME: "{{ aws_user }}"
owner: "{{ aws_user }}"
Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}"
Ansible_Workshops: "This was provisioned through the ansible workshops provisioner"
Students: "{{ student_total }}"
username: "{{ ec2_info['windows_ws']['username'] }}"
short_name: "windows_ws"
ansible-workshops: "true"
wait: "{{ ec2_wait }}"
network:
assign_public_ip: true
vpc_subnet_id: "{{ ec2_vpc_subnet_id }}"
volumes:
- device_name: /dev/sda1
ebs:
volume_type: "{{ ec2_info['windows_ws'].disk_volume_type }}"
volume_size: "{{ ec2_info['windows_ws'].disk_space }}"
iops: "{{ ec2_info['windows_ws'].disk_iops }}"
throughput: "{{ ec2_info['windows_ws'].disk_throughput }}"
delete_on_termination: true
async: "{{ async_timeout_seconds }}"
poll: 0
register: windows_ws_async
- name: Initialize/reset list count
ansible.builtin.set_fact:
list_count: "reset"

- name: Call Check Point CloudGuard Security Management retry tasks include
ansible.builtin.include_tasks: security_ec2_create_loop_checkpoint_mgmt.yml

- name: Initialize/reset list count
ansible.builtin.set_fact:
list_count: "reset"

- name: Call Windows Workstation (SECURITY MODE) retry tasks include
ansible.builtin.include_tasks: security_ec2_create_loop_windows_ws.yml

###########################################################################
### THIS IS A BIT OF A HACK AND REQUIRES BOOK KEEPING BUT IT'S FAST
Expand Down Expand Up @@ -208,3 +84,4 @@

###
###########################################################################
...
34 changes: 34 additions & 0 deletions ...e_ec2_instances/tasks/security_includes/security_ec2_create_instances_checkpoint_mgmt.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---
- name: Create EC2 instances for Check Point CloudGuard Security Management
amazon.aws.ec2_instance:
key_name: "{{ ec2_name_prefix }}-key"
security_group: "{{ ec2_security_group }}"
instance_type: "{{ ec2_info['checkpoint_mgmt']['size'][list_count|int] }}"
image_id: "{{ checkpoint_mgmt_ami['image_id'] }}"
region: "{{ ec2_region }}"
exact_count: "{{ student_total }}"
user_data: "{{ lookup('template', 'gaia-mgmt-ftw-user-data.sh.j2') }}"
state: running
filters:
"tag:Workshop_checkpoint_mgmt": "{{ ec2_name_prefix }}-checkpoint"
instance-state-name: running
tags:
Workshop_checkpoint_mgmt: "{{ ec2_name_prefix }}-checkpoint"
Workshop: "{{ ec2_name_prefix }}"
Workshop_type: "{{ workshop_type }}"
AWS_USERNAME: "{{ aws_user }}"
owner: "{{ aws_user }}"
Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}"
Ansible_Workshops: "This was provisioned through the ansible workshops provisioner"
Students: "{{ student_total }}"
username: "{{ ec2_info['checkpoint_mgmt']['username'] }}"
short_name: "checkpoint_mgmt"
ansible-workshops: "true"
wait: "{{ ec2_wait }}"
network:
assign_public_ip: true
vpc_subnet_id: "{{ ec2_vpc_subnet_id }}"
async: "{{ async_timeout_seconds }}"
poll: 0
register: checkpoint_mgmt_async
...
42 changes: 42 additions & 0 deletions roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_qradar.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
- name: Create EC2 instances for qradar
amazon.aws.ec2_instance:
key_name: "{{ ec2_name_prefix }}-key"
security_group: "{{ ec2_security_group }}"
instance_type: "{{ ec2_info['qradar']['size'][list_count|int] }}"
image_id: "{{ qradar_ami['image_id'] }}"
region: "{{ ec2_region }}"
exact_count: "{{ student_total }}"
state: running
filters:
"tag:Workshop_qradar": "{{ ec2_name_prefix }}-qradar"
instance-state-name: running
tags:
Workshop_qradar: "{{ ec2_name_prefix }}-qradar"
Workshop: "{{ ec2_name_prefix }}"
Workshop_type: "{{ workshop_type }}"
AWS_USERNAME: "{{ aws_user }}"
owner: "{{ aws_user }}"
Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}"
Ansible_Workshops: "This was provisioned through the ansible workshops provisioner"
Students: "{{ student_total }}"
username: '{{ ec2_info["qradar"]["username"] }}'
short_name: "qradar"
ansible-workshops: "true"
wait: "{{ ec2_wait }}"
network:
assign_public_ip: true
vpc_subnet_id: "{{ ec2_vpc_subnet_id }}"
volumes:
- device_name: /dev/sda1
ebs:
volume_type: "{{ ec2_info['qradar']['disk_volume_type'] }}"
volume_size: "{{ ec2_info['qradar']['disk_space'] }}"
iops: "{{ ec2_info['qradar']['disk_iops'] }}"
throughput: "{{ ec2_info['qradar']['disk_throughput'] }}"
delete_on_termination: true
when: security_console == 'qradar'
async: "{{ async_timeout_seconds }}"
poll: 0
register: qradar_async
...
42 changes: 42 additions & 0 deletions roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_splunk.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
- name: Create EC2 instances for splunk
amazon.aws.ec2_instance:
key_name: "{{ ec2_name_prefix }}-key"
security_group: "{{ ec2_security_group }}"
instance_type: "{{ ec2_info['splunk_enterprise']['size'][list_count|int] }}"
image_id: "{{ splunk_ami['image_id'] }}"
region: "{{ ec2_region }}"
exact_count: "{{ student_total }}"
state: running
filters:
"tag:Workshop_splunk": "{{ ec2_name_prefix }}-splunk"
instance-state-name: running
tags:
Workshop_splunk: "{{ ec2_name_prefix }}-splunk"
Workshop: "{{ ec2_name_prefix }}"
Workshop_type: "{{ workshop_type }}"
AWS_USERNAME: "{{ aws_user }}"
owner: "{{ aws_user }}"
Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}"
Ansible_Workshops: "This was provisioned through the ansible workshops provisioner"
Students: "{{ student_total }}"
username: '{{ ec2_info["splunk_enterprise"]["username"] }}'
short_name: "splunk"
ansible-workshops: "true"
wait: "{{ ec2_wait }}"
network:
assign_public_ip: true
vpc_subnet_id: "{{ ec2_vpc_subnet_id }}"
volumes:
- device_name: /dev/sda1
ebs:
volume_type: "{{ ec2_info['splunk_enterprise']['disk_volume_type'] }}"
volume_size: "{{ ec2_info['splunk_enterprise']['disk_space'] }}"
iops: "{{ ec2_info['splunk_enterprise']['disk_iops'] }}"
throughput: "{{ ec2_info['splunk_enterprise']['disk_throughput'] }}"
delete_on_termination: true
when: security_console == 'splunk'
async: "{{ async_timeout_seconds }}"
poll: 0
register: splunk_async
...
Loading