Restructured repo and brought tf examples

README.md

@@ -1,52 +1,27 @@
-# Corelight Cloud
+# Corelight Deployment Guide
 
-IaC used to deploy Corelight Sensors into various Cloud Providers.
+This repository provides sample configurations for deploying Corelight products
+across AWS, Azure, and Google Cloud Platform (GCP). The examples offer both
+**Terraform-based** and **cloud-native IaC solutions**, allowing users to
+choose based on their preferences and platform requirements.
 
-## Cloud Enrichment Service
+## Directory Structure
 
-Code to deploy Corelight's Cloud Enrichment services.
+### `terraform/`
 
-### AWS
+Contains **Terraform** modules for deploying Corelight products with consistent
+configurations across multiple clouds.
 
-* [Terraform][terraform-aws-enrichment]
+- **`aws/`**: Terraform modules for AWS deployments.
+- **`azure/`**: Terraform modules for Azure deployments.
+- **`gcp/`**: Terraform modules for GCP deployments.
 
-[terraform-aws-enrichment]: https://github.com/corelight/terraform-aws-enrichment/
+### `cloud-native-iac/`
 
-### Azure
+Includes cloud provider-native infrastructure-as-code (IaC) templates for deeper
+integration with specific cloud services.
 
-* [Terraform][terraform-azure-enrichment]
-
-[terraform-azure-enrichment]: https://github.com/corelight/terraform-azure-enrichment/
-
-### GCP
-
-* [Terraform][terraform-gcp-enrichment]
-
-[terraform-gcp-enrichment]: https://github.com/corelight/terraform-gcp-sensor/
-
-## Cloud Sensor
-
-Code to deploy Corelight's Cloud Sensor.
-
-### AWS
-
-* [CFN][cfn-aws-sensor]
-* [Terraform][terraform-aws-sensor]
-
-[cfn-aws-sensor]: https://github.com/corelight/corelight-cloud/tree/main/cloud-native-iac/AWS
-[terraform-aws-sensor]: https://github.com/corelight/terraform-aws-sensor/
-
-### Azure
-
-* [Terraform][terraform-azure-sensor]
-
-[terraform-azure-sensor]: https://github.com/corelight/terraform-azure-sensor/
-
-### GCP
-
-* [Terraform][terraform-gcp-sensor]
-
-[terraform-gcp-sensor]: https://github.com/corelight/terraform-gcp-enrichment/
+- **`aws/`**: CloudFormation templates for AWS deployments.
 
 ## License
 

cloud-native-iac/README.md

@@ -0,0 +1,21 @@
+# Cloud-Native IaC
+
+This directory contains **cloud provider-native IaC templates** used to deploy
+Corelight products across multiple cloud providers. These templates leverage
+the native infrastructure-as-code tools for each platform, such as AWS
+CloudFormation, Azure Resource Manager (ARM), and Google Deployment Manager.
+
+## Corelight Sensor
+
+Cloud-native templates for deploying Corelight Sensors in the following environments:
+
+- **AWS**
+
+  - [CloudFormation Template](./sensor/aws/README.md)
+
+
+## How to Use
+
+Navigate into the appropriate cloud provider's directory and follow the
+instructions provided in the `README.md` for each module or template. Each
+template aligns with the native IaC approach for the respective cloud platform.

cloud-native-iac/AWS/README.md → cloud-native-iac/sensor/aws/README.md

@@ -1,22 +1,13 @@
-# AWS
+# Corelight Sensor Deployment - AWS
 
-AWS specific deployment scripts.
+This directory provides Cloud Formation code for deploying Corelight's Sensor
+on **AWS**.
 
-## Cloud Formation
-
-A Cloud Formation template for deploying Corelight Sensors.
-
-## Dependencies
-
-* Install [AWS Command Line Interface][awscli]
-
-### Deployment Instructions
+## Usage
 
 Execute the following commands making sure to provide the appropriate
 parameters for your environment.
 
-#### Sensor
-
 Create a new stack:
 
 ```bash

terraform/README.md

@@ -0,0 +1,43 @@
+# Terraform
+
+This directory contains **Terraform** modules used to deploy Corelight products
+across multiple cloud providers.
+
+## Corelight Sensor
+
+Terraform modules for deploying Corelight Sensors in the following cloud
+environments:
+
+- **AWS**
+
+  - [Terraform Module](./sensor/aws/README.md)
+
+- **Azure**
+
+  - [Terraform Module](./sensor/azure/README.md)
+
+- **GCP**
+
+  - [Terraform Module](./sensor/gcp/README.md)
+
+## Cloud Enrichment Service
+
+Modules for deploying Corelight's Cloud Enrichment services, enabling data
+enrichment across cloud ecosystems:
+
+- **AWS**
+
+  - [Terraform Module](./cloud-enrichment/aws/README.md)
+
+- **Azure**
+
+  - [Terraform Module](./cloud-enrichment/azure/README.md)
+
+- **GCP**
+
+  - [Terraform Module](./cloud-enrichment/gcp/README.md)
+
+## How to Use
+
+Navigate into the appropriate cloud provider's directory and follow the
+instructions provided in the `README.md` for each module.

terraform/cloud-enrichment/aws/README.md

@@ -0,0 +1,17 @@
+# Corelight Cloud Enrichment Service Deployment - AWS
+
+This directory provides Terraform code for deploying Corelight's Cloud Enrichment
+on **GCP**.
+
+## Overview
+
+This deployment uses the [terraform-aws-enrichment][] module, which simplifies the
+setup of Corelight Cloud Enrichment by automating the provisioning of AWS resources.
+
+[terraform-aws-enrichment]: https://github.com/corelight/terraform-aws-enrichment/
+
+## Examples Directory
+
+The `examples/` directory demonstrates how to use the Terraform module with
+various configurations. These examples showcase best practices and common
+deployment scenarios.

terraform/cloud-enrichment/aws/examples/deployment/main.tf

@@ -0,0 +1,211 @@
+locals {
+  bucket_name              = "corelight-enrichment"
+  image_name               = "12345.dkr.ecr.us-east-1.amazonaws.com/corelight/sensor-enrichment-aws"
+  image_tag                = "0.1.1"
+  secondary_rule_name      = "corelight-ec2-state-change"
+  vpc_id                   = "<vpc where resources are deployed>"
+  monitoring_subnet        = "<monitoring subnet id>"
+  management_subnet        = "<management subnet id>"
+  sensor_ssh_key_pair_name = "<name of the ssh key in AWS used to access the sensor EC2 instances>"
+  sensor_ami_id            = "<sensor ami id from Corelight>"
+  license_key_file         = "/path/to/license.txt"
+  my_regions = [
+    "us-east-1",
+    "us-east-2",
+    "us-west-1",
+    "us-west-2"
+  ]
+
+  tags = {
+    terraform : true,
+    example : true,
+    purpose : "Corelight"
+  }
+}
+
+####################################################################################################
+# Create the bucket where all enrichment data will be stored
+####################################################################################################
+provider "aws" {
+  alias  = "primary"
+  region = "us-east-1"
+}
+
+resource "aws_s3_bucket" "enrichment_bucket" {
+  provider = aws.primary
+
+  bucket = local.bucket_name
+
+  tags = local.tags
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "enrichment_bucket_encryption" {
+  provider = aws.primary
+
+  bucket = aws_s3_bucket.enrichment_bucket.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
+
+####################################################################################################
+# Deploy the lambda and supporting resources for the primary region
+####################################################################################################
+data "aws_ecr_repository" "enrichment_repo" {
+  name = "corelight/sensor-enrichment-aws"
+}
+
+module "enrichment_eventbridge_role" {
+  source = "github.com/corelight/terraform-aws-enrichment//modules/iam/eventbridge"
+
+  primary_event_bus_arn = module.enrichment.primary_event_bus_arn
+
+  tags = local.tags
+}
+
+module "enrichment_lambda_role" {
+  source = "github.com/corelight/terraform-aws-enrichment//modules/iam/lambda"
+
+  enrichment_bucket_arn           = aws_s3_bucket.enrichment_bucket.arn
+  enrichment_ecr_repository_arn   = data.aws_ecr_repository.enrichment_repo.arn
+  lambda_cloudwatch_log_group_arn = module.enrichment.cloudwatch_log_group_arn
+
+  tags = local.tags
+}
+
+module "enrichment" {
+  source = "github.com/corelight/terraform-aws-enrichment"
+
+  providers = {
+    aws = aws.primary
+  }
+
+  corelight_cloud_enrichment_image      = local.image_name
+  corelight_cloud_enrichment_image_tag  = local.image_tag
+  enrichment_bucket_name                = aws_s3_bucket.enrichment_bucket.bucket
+  scheduled_sync_regions                = local.my_regions
+  eventbridge_iam_cross_region_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn
+  lambda_iam_role_arn                   = module.enrichment_lambda_role.lambda_iam_role_arn
+
+  tags = local.tags
+}
+
+####################################################################################################
+# Deploy Corelight sensor and assign autoscaling group permission to read from the bucket
+####################################################################################################
+
+data "aws_subnet" "management" {
+  id = local.management_subnet
+}
+
+module "asg_lambda_role" {
+  source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda"
+
+  lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn
+  security_group_arn              = module.sensor.management_security_group_arn
+  sensor_autoscaling_group_name   = module.sensor.autoscaling_group_name
+  subnet_arn                      = data.aws_subnet.management.arn
+
+  tags = local.tags
+}
+
+module "sensor" {
+  source = "github.com/corelight/terraform-aws-sensor"
+
+  auto_scaling_availability_zones = ["us-east-1a"]
+  aws_key_pair_name               = local.sensor_ssh_key_pair_name
+  corelight_sensor_ami_id         = local.sensor_ami_id
+  license_key                     = file(local.license_key_file)
+  management_subnet_id            = local.management_subnet
+  monitoring_subnet_id            = local.monitoring_subnet
+  community_string                = "<password for the sensor api>"
+  vpc_id                          = local.vpc_id
+  asg_lambda_iam_role_arn         = module.asg_lambda_role.role_arn
+
+  # Setting these will automatically configure cloud enrichment
+  enrichment_bucket_name          = aws_s3_bucket.enrichment_bucket.id
+  enrichment_bucket_region        = aws_s3_bucket.enrichment_bucket.region
+  enrichment_instance_profile_arn = aws_iam_instance_profile.corelight_sensor.arn
+
+  tags = local.tags
+}
+
+module "sensor_iam" {
+  source = "github.com/corelight/terraform-aws-enrichment//modules/iam/sensor"
+
+  enrichment_bucket_arn = aws_s3_bucket.enrichment_bucket.arn
+
+  tags = local.tags
+}
+
+resource "aws_iam_instance_profile" "corelight_sensor" {
+  name = "corelight-sensor-profile"
+  role = module.sensor_iam.sensor_role_name
+
+  tags = local.tags
+}
+
+####################################################################################################
+# Setup providers and deploy the "Fan In" event bus resources in each secondary region
+####################################################################################################
+
+provider "aws" {
+  alias  = "us-east-2"
+  region = "us-east-2"
+}
+
+
+module "secondary_eventbridge_rule_us-east-2" {
+  source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule"
+
+  providers = {
+    aws = aws.us-east-2
+  }
+
+  cross_region_eventbridge_role_arn    = module.enrichment_eventbridge_role.cross_region_role_arn
+  primary_event_bus_arn                = module.enrichment.primary_event_bus_arn
+  secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-east-2"
+
+  tags = local.tags
+}
+
+provider "aws" {
+  alias  = "us-west-1"
+  region = "us-west-1"
+}
+
+module "secondary_eventbridge_rule_us-west-1" {
+  source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule"
+
+  providers = {
+    aws = aws.us-west-1
+  }
+
+  cross_region_eventbridge_role_arn    = module.enrichment_eventbridge_role.cross_region_role_arn
+  primary_event_bus_arn                = module.enrichment.primary_event_bus_arn
+  secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-west-1"
+
+  tags = local.tags
+}
+
+provider "aws" {
+  alias  = "us-west-2"
+  region = "us-west-2"
+}
+
+module "secondary_eventbridge_rule_us-west-2" {
+  source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule"
+
+  providers = {
+    aws = aws.us-west-2
+  }
+
+  cross_region_eventbridge_role_arn    = module.enrichment_eventbridge_role.cross_region_role_arn
+  primary_event_bus_arn                = module.enrichment.primary_event_bus_arn
+  secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-west-2"
+
+  tags = local.tags
+}