diff --git a/.github/workflows/dev.yaml b/.github/workflows/dev.yaml index dc48570..5155edd 100644 --- a/.github/workflows/dev.yaml +++ b/.github/workflows/dev.yaml @@ -20,7 +20,7 @@ jobs: role-duration-seconds: 1200 - name: Push Files run: | - aws s3 cp cloud-native-iac/AWS/*.yaml s3://${{ env.S3_BUCKET }} + aws s3 cp cloud-native-iac/sensor/aws/*.yaml s3://${{ env.S3_BUCKET }} permissions: id-token: write - contents: read \ No newline at end of file + contents: read diff --git a/.github/workflows/prod.yaml b/.github/workflows/prod.yaml index c875404..ea298b9 100644 --- a/.github/workflows/prod.yaml +++ b/.github/workflows/prod.yaml @@ -20,7 +20,7 @@ jobs: role-duration-seconds: 1200 - name: Push Files run: | - aws s3 cp cloud-native-iac/AWS/*.yaml s3://${{ env.S3_BUCKET }} + aws s3 cp cloud-native-iac/sensor/aws/*.yaml s3://${{ env.S3_BUCKET }} permissions: id-token: write - contents: read \ No newline at end of file + contents: read diff --git a/README.md b/README.md index 57a3ae7..52611e4 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,27 @@ -# Corelight Cloud +# Corelight Deployment Guide -IaC used to deploy Corelight Sensors into various Cloud Providers. +This repository provides sample configurations for deploying Corelight products +across AWS, Azure, and Google Cloud Platform (GCP). The examples offer both +**Terraform-based** and **cloud-native IaC solutions**, allowing users to +choose based on their preferences and platform requirements. -## Cloud Enrichment Service +## Directory Structure -Code to deploy Corelight's Cloud Enrichment services. +### `terraform/` -### AWS +Contains **Terraform** modules for deploying Corelight products with consistent +configurations across multiple clouds. -* [Terraform][terraform-aws-enrichment] +- **`aws/`**: Terraform modules for AWS deployments. +- **`azure/`**: Terraform modules for Azure deployments. +- **`gcp/`**: Terraform modules for GCP deployments. -[terraform-aws-enrichment]: https://github.com/corelight/terraform-aws-enrichment/ +### `cloud-native-iac/` -### Azure +Includes cloud provider-native infrastructure-as-code (IaC) templates for deeper +integration with specific cloud services. -* [Terraform][terraform-azure-enrichment] - -[terraform-azure-enrichment]: https://github.com/corelight/terraform-azure-enrichment/ - -### GCP - -* [Terraform][terraform-gcp-enrichment] - -[terraform-gcp-enrichment]: https://github.com/corelight/terraform-gcp-sensor/ - -## Cloud Sensor - -Code to deploy Corelight's Cloud Sensor. - -### AWS - -* [CFN][cfn-aws-sensor] -* [Terraform][terraform-aws-sensor] - -[cfn-aws-sensor]: https://github.com/corelight/corelight-cloud/tree/main/cloud-native-iac/AWS -[terraform-aws-sensor]: https://github.com/corelight/terraform-aws-sensor/ - -### Azure - -* [Terraform][terraform-azure-sensor] - -[terraform-azure-sensor]: https://github.com/corelight/terraform-azure-sensor/ - -### GCP - -* [Terraform][terraform-gcp-sensor] - -[terraform-gcp-sensor]: https://github.com/corelight/terraform-gcp-enrichment/ +- **`aws/`**: CloudFormation templates for AWS deployments. ## License diff --git a/cloud-native-iac/README.md b/cloud-native-iac/README.md new file mode 100644 index 0000000..313e2de --- /dev/null +++ b/cloud-native-iac/README.md @@ -0,0 +1,21 @@ +# Cloud-Native IaC + +This directory contains **cloud provider-native IaC templates** used to deploy +Corelight products across multiple cloud providers. These templates leverage +the native infrastructure-as-code tools for each platform, such as AWS +CloudFormation, Azure Resource Manager (ARM), and Google Deployment Manager. + +## Corelight Sensor + +Cloud-native templates for deploying Corelight Sensors in the following environments: + +- **AWS** + + - [CloudFormation Template](./sensor/aws/README.md) + + +## How to Use + +Navigate into the appropriate cloud provider's directory and follow the +instructions provided in the `README.md` for each module or template. Each +template aligns with the native IaC approach for the respective cloud platform. diff --git a/cloud-native-iac/AWS/README.md b/cloud-native-iac/sensor/aws/README.md similarity index 89% rename from cloud-native-iac/AWS/README.md rename to cloud-native-iac/sensor/aws/README.md index a5a4a20..79d65e2 100644 --- a/cloud-native-iac/AWS/README.md +++ b/cloud-native-iac/sensor/aws/README.md @@ -1,22 +1,13 @@ -# AWS +# Corelight Sensor Deployment - AWS -AWS specific deployment scripts. +This directory provides Cloud Formation code for deploying Corelight's Sensor +on **AWS**. -## Cloud Formation - -A Cloud Formation template for deploying Corelight Sensors. - -## Dependencies - -* Install [AWS Command Line Interface][awscli] - -### Deployment Instructions +## Usage Execute the following commands making sure to provide the appropriate parameters for your environment. -#### Sensor - Create a new stack: ```bash diff --git a/cloud-native-iac/AWS/cfn.yaml b/cloud-native-iac/sensor/aws/cfn.yaml similarity index 100% rename from cloud-native-iac/AWS/cfn.yaml rename to cloud-native-iac/sensor/aws/cfn.yaml diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 0000000..71e4fa2 --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,43 @@ +# Terraform + +This directory contains **Terraform** modules used to deploy Corelight products +across multiple cloud providers. + +## Corelight Sensor + +Terraform modules for deploying Corelight Sensors in the following cloud +environments: + +- **AWS** + + - [Terraform Module](./sensor/aws/README.md) + +- **Azure** + + - [Terraform Module](./sensor/azure/README.md) + +- **GCP** + + - [Terraform Module](./sensor/gcp/README.md) + +## Cloud Enrichment Service + +Modules for deploying Corelight's Cloud Enrichment services, enabling data +enrichment across cloud ecosystems: + +- **AWS** + + - [Terraform Module](./cloud-enrichment/aws/README.md) + +- **Azure** + + - [Terraform Module](./cloud-enrichment/azure/README.md) + +- **GCP** + + - [Terraform Module](./cloud-enrichment/gcp/README.md) + +## How to Use + +Navigate into the appropriate cloud provider's directory and follow the +instructions provided in the `README.md` for each module. diff --git a/terraform/cloud-enrichment/aws/README.md b/terraform/cloud-enrichment/aws/README.md new file mode 100644 index 0000000..bdfd2a9 --- /dev/null +++ b/terraform/cloud-enrichment/aws/README.md @@ -0,0 +1,17 @@ +# Corelight Cloud Enrichment Service Deployment - AWS + +This directory provides Terraform code for deploying Corelight's Cloud Enrichment +on **GCP**. + +## Overview + +This deployment uses the [terraform-aws-enrichment][] module, which simplifies the +setup of Corelight Cloud Enrichment by automating the provisioning of AWS resources. + +[terraform-aws-enrichment]: https://github.com/corelight/terraform-aws-enrichment/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/cloud-enrichment/aws/examples/deployment/main.tf b/terraform/cloud-enrichment/aws/examples/deployment/main.tf new file mode 100644 index 0000000..cbd7096 --- /dev/null +++ b/terraform/cloud-enrichment/aws/examples/deployment/main.tf @@ -0,0 +1,211 @@ +locals { + bucket_name = "corelight-enrichment" + image_name = "12345.dkr.ecr.us-east-1.amazonaws.com/corelight/sensor-enrichment-aws" + image_tag = "0.1.1" + secondary_rule_name = "corelight-ec2-state-change" + vpc_id = "" + monitoring_subnet = "" + management_subnet = "" + sensor_ssh_key_pair_name = "" + sensor_ami_id = "" + license_key_file = "/path/to/license.txt" + my_regions = [ + "us-east-1", + "us-east-2", + "us-west-1", + "us-west-2" + ] + + tags = { + terraform : true, + example : true, + purpose : "Corelight" + } +} + +#################################################################################################### +# Create the bucket where all enrichment data will be stored +#################################################################################################### +provider "aws" { + alias = "primary" + region = "us-east-1" +} + +resource "aws_s3_bucket" "enrichment_bucket" { + provider = aws.primary + + bucket = local.bucket_name + + tags = local.tags +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "enrichment_bucket_encryption" { + provider = aws.primary + + bucket = aws_s3_bucket.enrichment_bucket.id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +#################################################################################################### +# Deploy the lambda and supporting resources for the primary region +#################################################################################################### +data "aws_ecr_repository" "enrichment_repo" { + name = "corelight/sensor-enrichment-aws" +} + +module "enrichment_eventbridge_role" { + source = "github.com/corelight/terraform-aws-enrichment//modules/iam/eventbridge" + + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + + tags = local.tags +} + +module "enrichment_lambda_role" { + source = "github.com/corelight/terraform-aws-enrichment//modules/iam/lambda" + + enrichment_bucket_arn = aws_s3_bucket.enrichment_bucket.arn + enrichment_ecr_repository_arn = data.aws_ecr_repository.enrichment_repo.arn + lambda_cloudwatch_log_group_arn = module.enrichment.cloudwatch_log_group_arn + + tags = local.tags +} + +module "enrichment" { + source = "github.com/corelight/terraform-aws-enrichment" + + providers = { + aws = aws.primary + } + + corelight_cloud_enrichment_image = local.image_name + corelight_cloud_enrichment_image_tag = local.image_tag + enrichment_bucket_name = aws_s3_bucket.enrichment_bucket.bucket + scheduled_sync_regions = local.my_regions + eventbridge_iam_cross_region_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + lambda_iam_role_arn = module.enrichment_lambda_role.lambda_iam_role_arn + + tags = local.tags +} + +#################################################################################################### +# Deploy Corelight sensor and assign autoscaling group permission to read from the bucket +#################################################################################################### + +data "aws_subnet" "management" { + id = local.management_subnet +} + +module "asg_lambda_role" { + source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda" + + lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn + security_group_arn = module.sensor.management_security_group_arn + sensor_autoscaling_group_name = module.sensor.autoscaling_group_name + subnet_arn = data.aws_subnet.management.arn + + tags = local.tags +} + +module "sensor" { + source = "github.com/corelight/terraform-aws-sensor" + + auto_scaling_availability_zones = ["us-east-1a"] + aws_key_pair_name = local.sensor_ssh_key_pair_name + corelight_sensor_ami_id = local.sensor_ami_id + license_key = file(local.license_key_file) + management_subnet_id = local.management_subnet + monitoring_subnet_id = local.monitoring_subnet + community_string = "" + vpc_id = local.vpc_id + asg_lambda_iam_role_arn = module.asg_lambda_role.role_arn + + # Setting these will automatically configure cloud enrichment + enrichment_bucket_name = aws_s3_bucket.enrichment_bucket.id + enrichment_bucket_region = aws_s3_bucket.enrichment_bucket.region + enrichment_instance_profile_arn = aws_iam_instance_profile.corelight_sensor.arn + + tags = local.tags +} + +module "sensor_iam" { + source = "github.com/corelight/terraform-aws-enrichment//modules/iam/sensor" + + enrichment_bucket_arn = aws_s3_bucket.enrichment_bucket.arn + + tags = local.tags +} + +resource "aws_iam_instance_profile" "corelight_sensor" { + name = "corelight-sensor-profile" + role = module.sensor_iam.sensor_role_name + + tags = local.tags +} + +#################################################################################################### +# Setup providers and deploy the "Fan In" event bus resources in each secondary region +#################################################################################################### + +provider "aws" { + alias = "us-east-2" + region = "us-east-2" +} + + +module "secondary_eventbridge_rule_us-east-2" { + source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule" + + providers = { + aws = aws.us-east-2 + } + + cross_region_eventbridge_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-east-2" + + tags = local.tags +} + +provider "aws" { + alias = "us-west-1" + region = "us-west-1" +} + +module "secondary_eventbridge_rule_us-west-1" { + source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule" + + providers = { + aws = aws.us-west-1 + } + + cross_region_eventbridge_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-west-1" + + tags = local.tags +} + +provider "aws" { + alias = "us-west-2" + region = "us-west-2" +} + +module "secondary_eventbridge_rule_us-west-2" { + source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule" + + providers = { + aws = aws.us-west-2 + } + + cross_region_eventbridge_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-west-2" + + tags = local.tags +} \ No newline at end of file diff --git a/terraform/cloud-enrichment/aws/examples/deployment/versions.tf b/terraform/cloud-enrichment/aws/examples/deployment/versions.tf new file mode 100644 index 0000000..bec63b0 --- /dev/null +++ b/terraform/cloud-enrichment/aws/examples/deployment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">=5.45.0" + } + } +} \ No newline at end of file diff --git a/terraform/cloud-enrichment/azure/README.md b/terraform/cloud-enrichment/azure/README.md new file mode 100644 index 0000000..c317189 --- /dev/null +++ b/terraform/cloud-enrichment/azure/README.md @@ -0,0 +1,17 @@ +# Corelight Cloud Enrichment Service Deployment - Azure + +This directory provides Terraform code for deploying Corelight's Cloud Enrichment +on **GCP**. + +## Overview + +This deployment uses the [terraform-azure-enrichment][] module, which simplifies the +setup of Corelight Cloud Enrichment by automating the provisioning of Azure resources. + +[terraform-azure-enrichment]: https://github.com/corelight/terraform-azure-enrichment/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/cloud-enrichment/azure/examples/deployment/main.tf b/terraform/cloud-enrichment/azure/examples/deployment/main.tf new file mode 100644 index 0000000..6db72e4 --- /dev/null +++ b/terraform/cloud-enrichment/azure/examples/deployment/main.tf @@ -0,0 +1,74 @@ +locals { + subscription_id = "12345" # Your Azure Subscription ID (UUID) + resource_group_name = "corelight" + deployment_location = "eastus" + tags = { + terraform : true, + example : true, + purpose : "Corelight" + } +} + +data "azurerm_subscription" "subscription" { + subscription_id = local.subscription_id +} + +#################################################################################################### +# There is only one system topic per Azure subscription. Create a new one or use the existing one +#################################################################################################### +resource "azurerm_eventgrid_system_topic" "system_topic" { + location = "Global" + name = "subscription-system-topic" + resource_group_name = azurerm_resource_group.corelight_resource_group.name + source_arm_resource_id = data.azurerm_subscription.subscription.id + topic_type = "microsoft.resources.subscriptions" + + tags = local.tags +} + +#################################################################################################### +# Create a new resource group or re-use an existing one +#################################################################################################### +resource "azurerm_resource_group" "corelight_resource_group" { + name = local.resource_group_name + location = local.deployment_location + + tags = local.tags +} + +#################################################################################################### +# Create a new storage account and container to store the enrichment data or re-use an existing one +#################################################################################################### +resource "azurerm_storage_account" "enrichment_data" { + # Azure Storage account names must be globally unique and have character restrictions + # https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview#storage-account-name + name = "corelightenrichment" + resource_group_name = azurerm_resource_group.corelight_resource_group.name + location = local.deployment_location + account_replication_type = "LRS" + account_tier = "Standard" + + tags = local.tags +} + +resource "azurerm_storage_container" "enrichment_bucket" { + name = "enrichment" + storage_account_name = azurerm_storage_account.enrichment_data.name +} + +#################################################################################################### +# Deploy the Container App and its supporting infrastructure +# Replace relative source with "source = github.com/corelight/terraform-azure-enrichment" +#################################################################################################### +module "enrichment" { + source = "../.." + + resource_group_name = azurerm_resource_group.corelight_resource_group.name + enrichment_storage_account = azurerm_storage_account.enrichment_data.name + enrichment_storage_account_container = azurerm_storage_container.enrichment_bucket.name + event_grid_system_topic_name = azurerm_eventgrid_system_topic.system_topic.name + location = local.deployment_location + subscription_id = local.subscription_id + + tags = local.tags +} diff --git a/terraform/cloud-enrichment/azure/examples/deployment/versions.tf b/terraform/cloud-enrichment/azure/examples/deployment/versions.tf new file mode 100644 index 0000000..93b6701 --- /dev/null +++ b/terraform/cloud-enrichment/azure/examples/deployment/versions.tf @@ -0,0 +1,15 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.97.1" + } + } +} + +provider "azurerm" { + features {} + subscription_id = local.subscription_id +} diff --git a/terraform/cloud-enrichment/gcp/README.md b/terraform/cloud-enrichment/gcp/README.md new file mode 100644 index 0000000..f67298c --- /dev/null +++ b/terraform/cloud-enrichment/gcp/README.md @@ -0,0 +1,17 @@ +# Corelight Cloud Enrichment Service Deployment - GCP + +This directory provides Terraform code for deploying Corelight's Cloud Enrichment +on **GCP**. + +## Overview + +This deployment uses the [terraform-gcp-enrichment][] module, which simplifies the +setup of Corelight Cloud Enrichment by automating the provisioning of GCP resources. + +[terraform-gcp-enrichment]: https://github.com/corelight/terraform-gcp-enrichment/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/cloud-enrichment/gcp/examples/deployment/main.tf b/terraform/cloud-enrichment/gcp/examples/deployment/main.tf new file mode 100644 index 0000000..1f9a752 --- /dev/null +++ b/terraform/cloud-enrichment/gcp/examples/deployment/main.tf @@ -0,0 +1,67 @@ +locals { + organization_id = "12345" + custom_org_role_id = "corelight_enrichment_role" + location = "us-central1" + zone = "us-central1-a" + folder_to_observe = "54321" + project_id = "corelight-enrichment-project" + service_account_id = "corelight-enrichment" + + labels = { + terraform : true, + example : true, + purpose : "Corelight" + } +} + +provider "google" { + project = local.project_id + region = local.location + + # Uncomment this if needed + # user_project_override = true +} + +#################################################################################################### +# Set up the GCS bucket for enrichment data +#################################################################################################### +resource "random_id" "bucket_nonce" { + byte_length = 4 +} + +resource "google_storage_bucket" "enrichment_bucket" { + location = local.location + name = "corelight-enrichment-${random_id.bucket_nonce.hex}" + public_access_prevention = "enforced" + + labels = local.labels +} + +#################################################################################################### +# Create the organizational role with access to enumerate folders and projects +#################################################################################################### +module "custom_org_role" { + source = "../../modules/org_iam" + + custom_org_role_id = local.custom_org_role_id + organization_id = local.organization_id +} + +#################################################################################################### +# Deploy Cloud Run service and create service account with proper permissions +# Replace relative source with "source = github.com/corelight/terraform-gcp-enrichment" +#################################################################################################### +module "enrichment" { + source = "../.." + + enrichment_bucket_name = google_storage_bucket.enrichment_bucket.name + folder_id = local.folder_to_observe + project_id = local.project_id + zone = local.zone + location = local.location + organization_role_id = module.custom_org_role.custom_org_role_id + service_account_id = local.service_account_id + + labels = local.labels +} + diff --git a/terraform/cloud-enrichment/gcp/examples/deployment/versions.tf b/terraform/cloud-enrichment/gcp/examples/deployment/versions.tf new file mode 100644 index 0000000..de76f8b --- /dev/null +++ b/terraform/cloud-enrichment/gcp/examples/deployment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + google = { + source = "hashicorp/google" + version = ">=5.21.0" + } + } +} \ No newline at end of file diff --git a/terraform/sensor/aws/README.md b/terraform/sensor/aws/README.md new file mode 100644 index 0000000..5a7868b --- /dev/null +++ b/terraform/sensor/aws/README.md @@ -0,0 +1,17 @@ +# Corelight Sensor Deployment - AWS + +This directory provides Terraform code for deploying Corelight's Cloud Sensor +on **AWS**. + +## Overview + +This deployment uses the [terraform-aws-sensor][] module, which simplifies the +setup of Corelight Sensors by automating the provisioning of AWS resources. + +[terraform-aws-sensor]: https://github.com/corelight/terraform-aws-sensor/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/sensor/aws/examples/deployment/main.tf b/terraform/sensor/aws/examples/deployment/main.tf new file mode 100644 index 0000000..3671c63 --- /dev/null +++ b/terraform/sensor/aws/examples/deployment/main.tf @@ -0,0 +1,59 @@ +locals { + vpc_id = "" + monitoring_subnet = "" + management_subnet = "" + sensor_ssh_key_pair_name = "" + sensor_ami_id = "" + license = "" + tags = { + terraform : true, + purpose : "Corelight" + } + fleet_token = "b1cd099ff22ed8a41abc63929d1db126" + fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket" +} + +data "aws_subnet" "management" { + id = local.management_subnet +} + +module "asg_lambda_role" { + source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda" + + lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn + security_group_arn = module.sensor.management_security_group_arn + sensor_autoscaling_group_name = module.sensor.autoscaling_group_name + subnet_arn = data.aws_subnet.management.arn + + tags = local.tags +} + +module "sensor" { + source = "github.com/corelight/terraform-aws-sensor" + + auto_scaling_availability_zones = ["us-east-1a"] + aws_key_pair_name = local.sensor_ssh_key_pair_name + corelight_sensor_ami_id = local.sensor_ami_id + license_key = local.license + management_subnet_id = local.management_subnet + monitoring_subnet_id = local.monitoring_subnet + community_string = "" + vpc_id = local.vpc_id + asg_lambda_iam_role_arn = module.asg_lambda_role.role_arn + fleet_token = local.fleet_token + fleet_url = local.fleet_url + + tags = local.tags +} + +module "bastion" { + source = "github.com/corelight/terraform-aws-sensor//modules/bastion" + + bastion_key_pair_name = "" + subnet_id = data.aws_subnet.management.id + management_security_group_id = module.sensor.management_security_group_id + vpc_id = local.vpc_id + public_ssh_allow_cidr_blocks = ["0.0.0.0/0"] + + tags = local.tags +} diff --git a/terraform/sensor/aws/examples/deployment/versions.tf b/terraform/sensor/aws/examples/deployment/versions.tf new file mode 100644 index 0000000..554f427 --- /dev/null +++ b/terraform/sensor/aws/examples/deployment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5" + } + } +} \ No newline at end of file diff --git a/terraform/sensor/azure/README.md b/terraform/sensor/azure/README.md new file mode 100644 index 0000000..115b153 --- /dev/null +++ b/terraform/sensor/azure/README.md @@ -0,0 +1,17 @@ +# Corelight Sensor Deployment - Azure + +This directory provides Terraform code for deploying Corelight's Cloud Sensor +on **Azure**. + +## Overview + +This deployment uses the [terraform-azure-sensor][] module, which simplifies the +setup of Corelight Sensors by automating the provisioning of AWS resources. + +[terraform-azure-sensor]: https://github.com/corelight/terraform-azure-sensor/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/sensor/azure/examples/deployment/main.tf b/terraform/sensor/azure/examples/deployment/main.tf new file mode 100644 index 0000000..529940f --- /dev/null +++ b/terraform/sensor/azure/examples/deployment/main.tf @@ -0,0 +1,63 @@ +locals { + subscription_id = "" + resource_group_name = "corelight" + location = "eastus" + license = "" + tags = { + terraform : true, + purpose : "Corelight" + } + fleet_token = "b1cd099ff22ed8a41abc63929d1db126" + fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket" +} + +#################################################################################################### +# Create a resource group for the corelight resources +#################################################################################################### +resource "azurerm_resource_group" "sensor_rg" { + location = local.location + name = local.resource_group_name + + tags = local.tags +} + +#################################################################################################### +# Get data on the existing vnet and create a subnet in that vnet for the sensor +#################################################################################################### +data "azurerm_virtual_network" "existing_vnet" { + name = "" + resource_group_name = "" +} + +#################################################################################################### +# Deploy the Sensor +#################################################################################################### +module "sensor" { + source = "../.." + + license_key = local.license + location = local.location + resource_group_name = azurerm_resource_group.sensor_rg.name + virtual_network_name = data.azurerm_virtual_network.existing_vnet.name + virtual_network_resource_group = "" + virtual_network_address_space = "" + corelight_sensor_image_id = "" + community_string = "" + fleet_token = local.fleet_token + fleet_url = local.fleet_url + sensor_ssh_public_key = "" + + # (Optional) Cloud Enrichment Variables + enrichment_storage_account_name = "" + enrichment_storage_container_name = "" + tags = local.tags +} + +#################################################################################################### +# (Optional) Assign the VMSS identity access to the enrichment bucket if enabled +#################################################################################################### +resource "azurerm_role_assignment" "enrichment_data_access" { + principal_id = module.sensor.sensor_identity_principal_id + scope = "" + role_definition_name = "Storage Blob Data Reader" +} diff --git a/terraform/sensor/azure/examples/deployment/versions.tf b/terraform/sensor/azure/examples/deployment/versions.tf new file mode 100644 index 0000000..7a8b113 --- /dev/null +++ b/terraform/sensor/azure/examples/deployment/versions.tf @@ -0,0 +1,16 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.97.1" + } + } +} + +provider "azurerm" { + features {} + subscription_id = local.subscription_id +} + diff --git a/terraform/sensor/gcp/README.md b/terraform/sensor/gcp/README.md new file mode 100644 index 0000000..7a0f33c --- /dev/null +++ b/terraform/sensor/gcp/README.md @@ -0,0 +1,17 @@ +# Corelight Sensor Deployment - GCP + +This directory provides Terraform code for deploying Corelight's Cloud Sensor +on **GCP**. + +## Overview + +This deployment uses the [terraform-gcp-sensor][] module, which simplifies the +setup of Corelight Sensors by automating the provisioning of AWS resources. + +[terraform-gcp-sensor]: https://github.com/corelight/terraform-gcp-sensor/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/sensor/gcp/examples/deployment/main.tf b/terraform/sensor/gcp/examples/deployment/main.tf new file mode 100644 index 0000000..765c684 --- /dev/null +++ b/terraform/sensor/gcp/examples/deployment/main.tf @@ -0,0 +1,150 @@ +locals { + region = "us-west1" + zone = "us-west1-a" + project_id = "" + auth = file("~/.config/gcloud/application_default_credentials.json") + instance_ssh_key_pub = "~/.ssh/id_ed25519_cl.pub" + instance_bastion_image = "ubuntu-os-cloud/ubuntu-2004-lts" + instance_sensor_image = "alma-8-20240516193720" + subnetwork_mgmt_cidr = "10.129.0.0/24" + subnetwork_mon_cidr = "10.3.0.0/24" + subnetwork_mon_gateway = "10.3.0.1" + license_key = file("~/corelight-license.txt") + community_string = "managedPassword!" + fleet_token = "b1cd099ff22ed8a41abc63929d1db126" + fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket" +} + +#################################################################################################### +# Configure the provider +#################################################################################################### + +provider "google" { + project = local.project_id + credentials = local.auth + region = local.region + zone = local.zone +} + +#################################################################################################### +# Create a VPC +#################################################################################################### + +# firewall + +# allow ssh traffic to mgmt (default is inbound) +resource "google_compute_firewall" "allow_ssh_to_mgmt" { + name = "corelight-allow-ssh-inbound-to-mgmt" + direction = "INGRESS" + network = google_compute_network.mgmt.name + + allow { + protocol = "tcp" + ports = ["22"] + } + + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-ssh"] +} + +# allow internal SSH traffic in mgmt network +resource "google_compute_firewall" "allow_internal" { + name = "corelight-allow-internal" + direction = "INGRESS" + network = google_compute_network.mgmt.name + + allow { + protocol = "tcp" + ports = ["22"] + } + + source_ranges = [local.subnetwork_mgmt_cidr] + target_tags = ["allow-ssh"] +} + +# nat + +resource "google_compute_router" "mgmt_router" { + name = "corelight-mgmt-router" + region = local.region + network = google_compute_network.mgmt.name +} + +resource "google_compute_router_nat" "mon_nat" { + name = "corelight-mgmt-nat" + router = google_compute_router.mgmt_router.name + region = local.region + nat_ip_allocate_option = "AUTO_ONLY" + source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" + + log_config { + enable = true + filter = "ERRORS_ONLY" + } +} + +# network + +resource "google_compute_network" "mgmt" { + name = "corelight-mgmt" + routing_mode = "GLOBAL" + auto_create_subnetworks = false +} + +resource "google_compute_network" "prod" { + name = "corelight-prod" + routing_mode = "GLOBAL" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "mgmt_subnet" { + name = "corelight-subnet" + ip_cidr_range = local.subnetwork_mgmt_cidr + network = google_compute_network.mgmt.name + region = local.region +} + +resource "google_compute_subnetwork" "mon_subnet" { + name = "corelight-mon-subnet" + ip_cidr_range = local.subnetwork_mon_cidr + network = google_compute_network.prod.name + region = local.region +} + +#################################################################################################### +# Create a Bastion +#################################################################################################### + +module "custom_bastion" { + source = "../../modules/bastion" + + zone = local.zone + network_mgmt_name = google_compute_network.mgmt.name + subnetwork_mgmt_name = google_compute_subnetwork.mgmt_subnet.name + instance_ssh_key_pub = local.instance_ssh_key_pub + image = local.instance_bastion_image +} + +#################################################################################################### +# Create Sensor Managed Instance Group +#################################################################################################### + +module "sensor" { + source = "../.." + + region = local.region + zone = local.zone + network_mgmt_name = google_compute_network.mgmt.name + subnetwork_mgmt_name = google_compute_subnetwork.mgmt_subnet.name + subnetwork_mgmt_cidr = local.subnetwork_mgmt_cidr + network_prod_name = google_compute_network.prod.name + subnetwork_mon_name = google_compute_subnetwork.mon_subnet.name + subnetwork_mon_cidr = local.subnetwork_mon_cidr + subnetwork_mon_gateway = local.subnetwork_mon_gateway + instance_ssh_key_pub = local.instance_ssh_key_pub + image = local.instance_sensor_image + license_key = local.license_key + community_string = local.community_string + fleet_token = local.fleet_token + fleet_url = local.fleet_url +} diff --git a/terraform/sensor/gcp/examples/deployment/versions.tf b/terraform/sensor/gcp/examples/deployment/versions.tf new file mode 100644 index 0000000..7bb0ff6 --- /dev/null +++ b/terraform/sensor/gcp/examples/deployment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + google = { + source = "hashicorp/google" + version = ">=5.21.0" + } + } +}