From 239c0a3d6bc03ef3ea5d739f39a598849f413f61 Mon Sep 17 00:00:00 2001 From: John Dewey Date: Fri, 25 Oct 2024 12:29:15 -0700 Subject: [PATCH] Restructured repo and brought tf examples --- README.md | 57 +- cloud-native-iac/README.md | 21 + .../{AWS => sensor/aws}/README.md | 17 +- cloud-native-iac/{AWS => sensor/aws}/cfn.yaml | 0 terraform/README.md | 43 + terraform/cloud-enrichment/aws/README.md | 17 + .../aws/examples/deployment/main.tf | 211 ++++ .../aws/examples/deployment/versions.tf | 10 + terraform/cloud-enrichment/azure/README.md | 17 + .../azure/examples/deployment/main.tf | 74 ++ .../azure/examples/deployment/versions.tf | 15 + terraform/cloud-enrichment/gcp/README.md | 17 + .../gcp/examples/deployment/main.tf | 67 + .../gcp/examples/deployment/versions.tf | 10 + terraform/sensor/aws/README.md | 17 + .../examples/deployment/.terraform.lock.hcl | 85 ++ .../sensor/aws/examples/deployment/main.tf | 59 + .../aws/examples/deployment/versions.tf | 10 + terraform/sensor/azure/README.md | 17 + .../examples/deployment/.terraform.lock.hcl | 42 + .../sensor/azure/examples/deployment/main.tf | 63 + .../azure/examples/deployment/versions.tf | 16 + terraform/sensor/gcp/README.md | 17 + .../examples/deployment/.terraform.lock.hcl | 41 + .../sensor/gcp/examples/deployment/main.tf | 150 +++ .../gcp/examples/deployment/terraform.tfstate | 1097 +++++++++++++++++ .../deployment/terraform.tfstate.backup | 1097 +++++++++++++++++ .../gcp/examples/deployment/versions.tf | 10 + 28 files changed, 3243 insertions(+), 54 deletions(-) create mode 100644 cloud-native-iac/README.md rename cloud-native-iac/{AWS => sensor/aws}/README.md (89%) rename cloud-native-iac/{AWS => sensor/aws}/cfn.yaml (100%) create mode 100644 terraform/README.md create mode 100644 terraform/cloud-enrichment/aws/README.md create mode 100644 terraform/cloud-enrichment/aws/examples/deployment/main.tf create mode 100644 terraform/cloud-enrichment/aws/examples/deployment/versions.tf create mode 100644 terraform/cloud-enrichment/azure/README.md create mode 100644 terraform/cloud-enrichment/azure/examples/deployment/main.tf create mode 100644 terraform/cloud-enrichment/azure/examples/deployment/versions.tf create mode 100644 terraform/cloud-enrichment/gcp/README.md create mode 100644 terraform/cloud-enrichment/gcp/examples/deployment/main.tf create mode 100644 terraform/cloud-enrichment/gcp/examples/deployment/versions.tf create mode 100644 terraform/sensor/aws/README.md create mode 100644 terraform/sensor/aws/examples/deployment/.terraform.lock.hcl create mode 100644 terraform/sensor/aws/examples/deployment/main.tf create mode 100644 terraform/sensor/aws/examples/deployment/versions.tf create mode 100644 terraform/sensor/azure/README.md create mode 100644 terraform/sensor/azure/examples/deployment/.terraform.lock.hcl create mode 100644 terraform/sensor/azure/examples/deployment/main.tf create mode 100644 terraform/sensor/azure/examples/deployment/versions.tf create mode 100644 terraform/sensor/gcp/README.md create mode 100644 terraform/sensor/gcp/examples/deployment/.terraform.lock.hcl create mode 100644 terraform/sensor/gcp/examples/deployment/main.tf create mode 100644 terraform/sensor/gcp/examples/deployment/terraform.tfstate create mode 100644 terraform/sensor/gcp/examples/deployment/terraform.tfstate.backup create mode 100644 terraform/sensor/gcp/examples/deployment/versions.tf diff --git a/README.md b/README.md index 57a3ae7..52611e4 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,27 @@ -# Corelight Cloud +# Corelight Deployment Guide -IaC used to deploy Corelight Sensors into various Cloud Providers. +This repository provides sample configurations for deploying Corelight products +across AWS, Azure, and Google Cloud Platform (GCP). The examples offer both +**Terraform-based** and **cloud-native IaC solutions**, allowing users to +choose based on their preferences and platform requirements. -## Cloud Enrichment Service +## Directory Structure -Code to deploy Corelight's Cloud Enrichment services. +### `terraform/` -### AWS +Contains **Terraform** modules for deploying Corelight products with consistent +configurations across multiple clouds. -* [Terraform][terraform-aws-enrichment] +- **`aws/`**: Terraform modules for AWS deployments. +- **`azure/`**: Terraform modules for Azure deployments. +- **`gcp/`**: Terraform modules for GCP deployments. -[terraform-aws-enrichment]: https://github.com/corelight/terraform-aws-enrichment/ +### `cloud-native-iac/` -### Azure +Includes cloud provider-native infrastructure-as-code (IaC) templates for deeper +integration with specific cloud services. -* [Terraform][terraform-azure-enrichment] - -[terraform-azure-enrichment]: https://github.com/corelight/terraform-azure-enrichment/ - -### GCP - -* [Terraform][terraform-gcp-enrichment] - -[terraform-gcp-enrichment]: https://github.com/corelight/terraform-gcp-sensor/ - -## Cloud Sensor - -Code to deploy Corelight's Cloud Sensor. - -### AWS - -* [CFN][cfn-aws-sensor] -* [Terraform][terraform-aws-sensor] - -[cfn-aws-sensor]: https://github.com/corelight/corelight-cloud/tree/main/cloud-native-iac/AWS -[terraform-aws-sensor]: https://github.com/corelight/terraform-aws-sensor/ - -### Azure - -* [Terraform][terraform-azure-sensor] - -[terraform-azure-sensor]: https://github.com/corelight/terraform-azure-sensor/ - -### GCP - -* [Terraform][terraform-gcp-sensor] - -[terraform-gcp-sensor]: https://github.com/corelight/terraform-gcp-enrichment/ +- **`aws/`**: CloudFormation templates for AWS deployments. ## License diff --git a/cloud-native-iac/README.md b/cloud-native-iac/README.md new file mode 100644 index 0000000..313e2de --- /dev/null +++ b/cloud-native-iac/README.md @@ -0,0 +1,21 @@ +# Cloud-Native IaC + +This directory contains **cloud provider-native IaC templates** used to deploy +Corelight products across multiple cloud providers. These templates leverage +the native infrastructure-as-code tools for each platform, such as AWS +CloudFormation, Azure Resource Manager (ARM), and Google Deployment Manager. + +## Corelight Sensor + +Cloud-native templates for deploying Corelight Sensors in the following environments: + +- **AWS** + + - [CloudFormation Template](./sensor/aws/README.md) + + +## How to Use + +Navigate into the appropriate cloud provider's directory and follow the +instructions provided in the `README.md` for each module or template. Each +template aligns with the native IaC approach for the respective cloud platform. diff --git a/cloud-native-iac/AWS/README.md b/cloud-native-iac/sensor/aws/README.md similarity index 89% rename from cloud-native-iac/AWS/README.md rename to cloud-native-iac/sensor/aws/README.md index a5a4a20..79d65e2 100644 --- a/cloud-native-iac/AWS/README.md +++ b/cloud-native-iac/sensor/aws/README.md @@ -1,22 +1,13 @@ -# AWS +# Corelight Sensor Deployment - AWS -AWS specific deployment scripts. +This directory provides Cloud Formation code for deploying Corelight's Sensor +on **AWS**. -## Cloud Formation - -A Cloud Formation template for deploying Corelight Sensors. - -## Dependencies - -* Install [AWS Command Line Interface][awscli] - -### Deployment Instructions +## Usage Execute the following commands making sure to provide the appropriate parameters for your environment. -#### Sensor - Create a new stack: ```bash diff --git a/cloud-native-iac/AWS/cfn.yaml b/cloud-native-iac/sensor/aws/cfn.yaml similarity index 100% rename from cloud-native-iac/AWS/cfn.yaml rename to cloud-native-iac/sensor/aws/cfn.yaml diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 0000000..71e4fa2 --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,43 @@ +# Terraform + +This directory contains **Terraform** modules used to deploy Corelight products +across multiple cloud providers. + +## Corelight Sensor + +Terraform modules for deploying Corelight Sensors in the following cloud +environments: + +- **AWS** + + - [Terraform Module](./sensor/aws/README.md) + +- **Azure** + + - [Terraform Module](./sensor/azure/README.md) + +- **GCP** + + - [Terraform Module](./sensor/gcp/README.md) + +## Cloud Enrichment Service + +Modules for deploying Corelight's Cloud Enrichment services, enabling data +enrichment across cloud ecosystems: + +- **AWS** + + - [Terraform Module](./cloud-enrichment/aws/README.md) + +- **Azure** + + - [Terraform Module](./cloud-enrichment/azure/README.md) + +- **GCP** + + - [Terraform Module](./cloud-enrichment/gcp/README.md) + +## How to Use + +Navigate into the appropriate cloud provider's directory and follow the +instructions provided in the `README.md` for each module. diff --git a/terraform/cloud-enrichment/aws/README.md b/terraform/cloud-enrichment/aws/README.md new file mode 100644 index 0000000..bdfd2a9 --- /dev/null +++ b/terraform/cloud-enrichment/aws/README.md @@ -0,0 +1,17 @@ +# Corelight Cloud Enrichment Service Deployment - AWS + +This directory provides Terraform code for deploying Corelight's Cloud Enrichment +on **GCP**. + +## Overview + +This deployment uses the [terraform-aws-enrichment][] module, which simplifies the +setup of Corelight Cloud Enrichment by automating the provisioning of AWS resources. + +[terraform-aws-enrichment]: https://github.com/corelight/terraform-aws-enrichment/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/cloud-enrichment/aws/examples/deployment/main.tf b/terraform/cloud-enrichment/aws/examples/deployment/main.tf new file mode 100644 index 0000000..cbd7096 --- /dev/null +++ b/terraform/cloud-enrichment/aws/examples/deployment/main.tf @@ -0,0 +1,211 @@ +locals { + bucket_name = "corelight-enrichment" + image_name = "12345.dkr.ecr.us-east-1.amazonaws.com/corelight/sensor-enrichment-aws" + image_tag = "0.1.1" + secondary_rule_name = "corelight-ec2-state-change" + vpc_id = "" + monitoring_subnet = "" + management_subnet = "" + sensor_ssh_key_pair_name = "" + sensor_ami_id = "" + license_key_file = "/path/to/license.txt" + my_regions = [ + "us-east-1", + "us-east-2", + "us-west-1", + "us-west-2" + ] + + tags = { + terraform : true, + example : true, + purpose : "Corelight" + } +} + +#################################################################################################### +# Create the bucket where all enrichment data will be stored +#################################################################################################### +provider "aws" { + alias = "primary" + region = "us-east-1" +} + +resource "aws_s3_bucket" "enrichment_bucket" { + provider = aws.primary + + bucket = local.bucket_name + + tags = local.tags +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "enrichment_bucket_encryption" { + provider = aws.primary + + bucket = aws_s3_bucket.enrichment_bucket.id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +#################################################################################################### +# Deploy the lambda and supporting resources for the primary region +#################################################################################################### +data "aws_ecr_repository" "enrichment_repo" { + name = "corelight/sensor-enrichment-aws" +} + +module "enrichment_eventbridge_role" { + source = "github.com/corelight/terraform-aws-enrichment//modules/iam/eventbridge" + + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + + tags = local.tags +} + +module "enrichment_lambda_role" { + source = "github.com/corelight/terraform-aws-enrichment//modules/iam/lambda" + + enrichment_bucket_arn = aws_s3_bucket.enrichment_bucket.arn + enrichment_ecr_repository_arn = data.aws_ecr_repository.enrichment_repo.arn + lambda_cloudwatch_log_group_arn = module.enrichment.cloudwatch_log_group_arn + + tags = local.tags +} + +module "enrichment" { + source = "github.com/corelight/terraform-aws-enrichment" + + providers = { + aws = aws.primary + } + + corelight_cloud_enrichment_image = local.image_name + corelight_cloud_enrichment_image_tag = local.image_tag + enrichment_bucket_name = aws_s3_bucket.enrichment_bucket.bucket + scheduled_sync_regions = local.my_regions + eventbridge_iam_cross_region_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + lambda_iam_role_arn = module.enrichment_lambda_role.lambda_iam_role_arn + + tags = local.tags +} + +#################################################################################################### +# Deploy Corelight sensor and assign autoscaling group permission to read from the bucket +#################################################################################################### + +data "aws_subnet" "management" { + id = local.management_subnet +} + +module "asg_lambda_role" { + source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda" + + lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn + security_group_arn = module.sensor.management_security_group_arn + sensor_autoscaling_group_name = module.sensor.autoscaling_group_name + subnet_arn = data.aws_subnet.management.arn + + tags = local.tags +} + +module "sensor" { + source = "github.com/corelight/terraform-aws-sensor" + + auto_scaling_availability_zones = ["us-east-1a"] + aws_key_pair_name = local.sensor_ssh_key_pair_name + corelight_sensor_ami_id = local.sensor_ami_id + license_key = file(local.license_key_file) + management_subnet_id = local.management_subnet + monitoring_subnet_id = local.monitoring_subnet + community_string = "" + vpc_id = local.vpc_id + asg_lambda_iam_role_arn = module.asg_lambda_role.role_arn + + # Setting these will automatically configure cloud enrichment + enrichment_bucket_name = aws_s3_bucket.enrichment_bucket.id + enrichment_bucket_region = aws_s3_bucket.enrichment_bucket.region + enrichment_instance_profile_arn = aws_iam_instance_profile.corelight_sensor.arn + + tags = local.tags +} + +module "sensor_iam" { + source = "github.com/corelight/terraform-aws-enrichment//modules/iam/sensor" + + enrichment_bucket_arn = aws_s3_bucket.enrichment_bucket.arn + + tags = local.tags +} + +resource "aws_iam_instance_profile" "corelight_sensor" { + name = "corelight-sensor-profile" + role = module.sensor_iam.sensor_role_name + + tags = local.tags +} + +#################################################################################################### +# Setup providers and deploy the "Fan In" event bus resources in each secondary region +#################################################################################################### + +provider "aws" { + alias = "us-east-2" + region = "us-east-2" +} + + +module "secondary_eventbridge_rule_us-east-2" { + source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule" + + providers = { + aws = aws.us-east-2 + } + + cross_region_eventbridge_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-east-2" + + tags = local.tags +} + +provider "aws" { + alias = "us-west-1" + region = "us-west-1" +} + +module "secondary_eventbridge_rule_us-west-1" { + source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule" + + providers = { + aws = aws.us-west-1 + } + + cross_region_eventbridge_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-west-1" + + tags = local.tags +} + +provider "aws" { + alias = "us-west-2" + region = "us-west-2" +} + +module "secondary_eventbridge_rule_us-west-2" { + source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule" + + providers = { + aws = aws.us-west-2 + } + + cross_region_eventbridge_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-west-2" + + tags = local.tags +} \ No newline at end of file diff --git a/terraform/cloud-enrichment/aws/examples/deployment/versions.tf b/terraform/cloud-enrichment/aws/examples/deployment/versions.tf new file mode 100644 index 0000000..bec63b0 --- /dev/null +++ b/terraform/cloud-enrichment/aws/examples/deployment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">=5.45.0" + } + } +} \ No newline at end of file diff --git a/terraform/cloud-enrichment/azure/README.md b/terraform/cloud-enrichment/azure/README.md new file mode 100644 index 0000000..c317189 --- /dev/null +++ b/terraform/cloud-enrichment/azure/README.md @@ -0,0 +1,17 @@ +# Corelight Cloud Enrichment Service Deployment - Azure + +This directory provides Terraform code for deploying Corelight's Cloud Enrichment +on **GCP**. + +## Overview + +This deployment uses the [terraform-azure-enrichment][] module, which simplifies the +setup of Corelight Cloud Enrichment by automating the provisioning of Azure resources. + +[terraform-azure-enrichment]: https://github.com/corelight/terraform-azure-enrichment/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/cloud-enrichment/azure/examples/deployment/main.tf b/terraform/cloud-enrichment/azure/examples/deployment/main.tf new file mode 100644 index 0000000..6db72e4 --- /dev/null +++ b/terraform/cloud-enrichment/azure/examples/deployment/main.tf @@ -0,0 +1,74 @@ +locals { + subscription_id = "12345" # Your Azure Subscription ID (UUID) + resource_group_name = "corelight" + deployment_location = "eastus" + tags = { + terraform : true, + example : true, + purpose : "Corelight" + } +} + +data "azurerm_subscription" "subscription" { + subscription_id = local.subscription_id +} + +#################################################################################################### +# There is only one system topic per Azure subscription. Create a new one or use the existing one +#################################################################################################### +resource "azurerm_eventgrid_system_topic" "system_topic" { + location = "Global" + name = "subscription-system-topic" + resource_group_name = azurerm_resource_group.corelight_resource_group.name + source_arm_resource_id = data.azurerm_subscription.subscription.id + topic_type = "microsoft.resources.subscriptions" + + tags = local.tags +} + +#################################################################################################### +# Create a new resource group or re-use an existing one +#################################################################################################### +resource "azurerm_resource_group" "corelight_resource_group" { + name = local.resource_group_name + location = local.deployment_location + + tags = local.tags +} + +#################################################################################################### +# Create a new storage account and container to store the enrichment data or re-use an existing one +#################################################################################################### +resource "azurerm_storage_account" "enrichment_data" { + # Azure Storage account names must be globally unique and have character restrictions + # https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview#storage-account-name + name = "corelightenrichment" + resource_group_name = azurerm_resource_group.corelight_resource_group.name + location = local.deployment_location + account_replication_type = "LRS" + account_tier = "Standard" + + tags = local.tags +} + +resource "azurerm_storage_container" "enrichment_bucket" { + name = "enrichment" + storage_account_name = azurerm_storage_account.enrichment_data.name +} + +#################################################################################################### +# Deploy the Container App and its supporting infrastructure +# Replace relative source with "source = github.com/corelight/terraform-azure-enrichment" +#################################################################################################### +module "enrichment" { + source = "../.." + + resource_group_name = azurerm_resource_group.corelight_resource_group.name + enrichment_storage_account = azurerm_storage_account.enrichment_data.name + enrichment_storage_account_container = azurerm_storage_container.enrichment_bucket.name + event_grid_system_topic_name = azurerm_eventgrid_system_topic.system_topic.name + location = local.deployment_location + subscription_id = local.subscription_id + + tags = local.tags +} diff --git a/terraform/cloud-enrichment/azure/examples/deployment/versions.tf b/terraform/cloud-enrichment/azure/examples/deployment/versions.tf new file mode 100644 index 0000000..93b6701 --- /dev/null +++ b/terraform/cloud-enrichment/azure/examples/deployment/versions.tf @@ -0,0 +1,15 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.97.1" + } + } +} + +provider "azurerm" { + features {} + subscription_id = local.subscription_id +} diff --git a/terraform/cloud-enrichment/gcp/README.md b/terraform/cloud-enrichment/gcp/README.md new file mode 100644 index 0000000..f67298c --- /dev/null +++ b/terraform/cloud-enrichment/gcp/README.md @@ -0,0 +1,17 @@ +# Corelight Cloud Enrichment Service Deployment - GCP + +This directory provides Terraform code for deploying Corelight's Cloud Enrichment +on **GCP**. + +## Overview + +This deployment uses the [terraform-gcp-enrichment][] module, which simplifies the +setup of Corelight Cloud Enrichment by automating the provisioning of GCP resources. + +[terraform-gcp-enrichment]: https://github.com/corelight/terraform-gcp-enrichment/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/cloud-enrichment/gcp/examples/deployment/main.tf b/terraform/cloud-enrichment/gcp/examples/deployment/main.tf new file mode 100644 index 0000000..1f9a752 --- /dev/null +++ b/terraform/cloud-enrichment/gcp/examples/deployment/main.tf @@ -0,0 +1,67 @@ +locals { + organization_id = "12345" + custom_org_role_id = "corelight_enrichment_role" + location = "us-central1" + zone = "us-central1-a" + folder_to_observe = "54321" + project_id = "corelight-enrichment-project" + service_account_id = "corelight-enrichment" + + labels = { + terraform : true, + example : true, + purpose : "Corelight" + } +} + +provider "google" { + project = local.project_id + region = local.location + + # Uncomment this if needed + # user_project_override = true +} + +#################################################################################################### +# Set up the GCS bucket for enrichment data +#################################################################################################### +resource "random_id" "bucket_nonce" { + byte_length = 4 +} + +resource "google_storage_bucket" "enrichment_bucket" { + location = local.location + name = "corelight-enrichment-${random_id.bucket_nonce.hex}" + public_access_prevention = "enforced" + + labels = local.labels +} + +#################################################################################################### +# Create the organizational role with access to enumerate folders and projects +#################################################################################################### +module "custom_org_role" { + source = "../../modules/org_iam" + + custom_org_role_id = local.custom_org_role_id + organization_id = local.organization_id +} + +#################################################################################################### +# Deploy Cloud Run service and create service account with proper permissions +# Replace relative source with "source = github.com/corelight/terraform-gcp-enrichment" +#################################################################################################### +module "enrichment" { + source = "../.." + + enrichment_bucket_name = google_storage_bucket.enrichment_bucket.name + folder_id = local.folder_to_observe + project_id = local.project_id + zone = local.zone + location = local.location + organization_role_id = module.custom_org_role.custom_org_role_id + service_account_id = local.service_account_id + + labels = local.labels +} + diff --git a/terraform/cloud-enrichment/gcp/examples/deployment/versions.tf b/terraform/cloud-enrichment/gcp/examples/deployment/versions.tf new file mode 100644 index 0000000..de76f8b --- /dev/null +++ b/terraform/cloud-enrichment/gcp/examples/deployment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + google = { + source = "hashicorp/google" + version = ">=5.21.0" + } + } +} \ No newline at end of file diff --git a/terraform/sensor/aws/README.md b/terraform/sensor/aws/README.md new file mode 100644 index 0000000..5a7868b --- /dev/null +++ b/terraform/sensor/aws/README.md @@ -0,0 +1,17 @@ +# Corelight Sensor Deployment - AWS + +This directory provides Terraform code for deploying Corelight's Cloud Sensor +on **AWS**. + +## Overview + +This deployment uses the [terraform-aws-sensor][] module, which simplifies the +setup of Corelight Sensors by automating the provisioning of AWS resources. + +[terraform-aws-sensor]: https://github.com/corelight/terraform-aws-sensor/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/sensor/aws/examples/deployment/.terraform.lock.hcl b/terraform/sensor/aws/examples/deployment/.terraform.lock.hcl new file mode 100644 index 0000000..6d53ff9 --- /dev/null +++ b/terraform/sensor/aws/examples/deployment/.terraform.lock.hcl @@ -0,0 +1,85 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/archive" { + version = "2.6.0" + hashes = [ + "h1:upAbF0KeKLAs3UImwwp5veC7jRcLnpKWVjkbd4ziWhM=", + "zh:29273484f7423b7c5b3f5df34ccfc53e52bb5e3d7f46a81b65908e7a8fd69072", + "zh:3cba58ec3aea5f301caf2acc31e184c55d994cc648126cac39c63ae509a14179", + "zh:55170cd17dbfdea842852c6ae2416d057fec631ba49f3bb6466a7268cd39130e", + "zh:7197db402ba35631930c3a4814520f0ebe980ae3acb7f8b5a6f70ec90dc4a388", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8bf7fe0915d7fb152a3a6b9162614d2ec82749a06dba13fab3f98d33c020ec4f", + "zh:8ce811844fd53adb0dabc9a541f8cb43aacfa7d8e39324e4bd3592b3428f5bfb", + "zh:bca795bca815b8ac90e3054c0a9ab1ccfb16eedbb3418f8ad473fc5ad6bf0ef7", + "zh:d9355a18df5a36cf19580748b23249de2eb445c231c36a353709f8f40a6c8432", + "zh:dc32cc32cfd8abf8752d34f2a783de0d3f7200c573b885ecb64ece5acea173b4", + "zh:ef498e20391bf7a280d0fd6fd6675621c85fbe4e92f0f517ae4394747db89bde", + "zh:f2bc5226c765b0c8055a7b6207d0fe1eb9484e3ec8880649d158827ac6ed3b22", + ] +} + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.72.1" + constraints = ">= 5.0.0" + hashes = [ + "h1:jhd5O5o0CfZCNEwwN0EiDAzb7ApuFrtxJqa6HXW4EKE=", + "zh:0dea6843836e926d33469b48b948744079023816d16a2ff7666bcfb6aa3522d4", + "zh:195fa9513f75800a0d62797ebec75ee73e9b8c28d713fe9b63d3b1d1eec129b3", + "zh:1ed92f3961715bf0e024bcde3c12dfbdc50b00c1f8a43cc00802cfc45a256208", + "zh:2ac687e3a52606466cae4a6813e81d923042488df88d2424e28d3f8530f091bb", + "zh:32e7ca75f9314557daada3c44628fe1f3bf964a4f833bfb4b2295d833fe64b6f", + "zh:374ee0e6b4327cc6ef666908ce5d6450a3a56e90cd2b785e83c2bcfc100021d2", + "zh:5500fd6fdac44f96411fcf9c6d01691159ec35455ed127eb4c3a498e1cc92a64", + "zh:723a2dc4b064c12e7ee62ad4fbfd72fa5e025206ea47b735994ef53f3c373152", + "zh:89d97b87605f1d734f27e642567cbecf785b521af8ea81dac55c77ccde876221", + "zh:951ee1e5731e8d65d521d71b95927e55055b3c4656eef6d46fa580a63328befc", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9b2b362470b64ec227b2da64762ab8bc4111c6b80365fd9d82fc5e1e33f44038", + "zh:aa6e57d0cb974ff0da5dee5d43ad2745cbbc4a2b507d4c799839b9fa96daf688", + "zh:ba0d14c4a6b7aa844a830d47c0bf995b632e37f0795394b5b60c638b62b7fc03", + "zh:c9764065a9c5d324db0b02bd201b9e3a2118e49c4960884acdeea377173302e9", + ] +} + +provider "registry.terraform.io/hashicorp/awscc" { + version = "1.17.0" + hashes = [ + "h1:ql9t1g0opbvOLG8RUGCaE0rxYXnunK9CfAbLMI1LAFE=", + "zh:151e548f28e5440fa1dfa3239c97c82037b75b6792e0a1776896f1363d0f8cc8", + "zh:1ac77d6e14954d2335b7147c8e54f5deec6f47f48f72515703c76eb4e273fa5c", + "zh:2bb185c0e89e2520eb4bebfb7312ef0b560f82fabe4234f83d5d09906bd5ae59", + "zh:310a715e1a68c967337bdf1c99f95c307283c6e9c18a7d577b95e2fb5a9bb8d7", + "zh:646892e5db13ac85a8e783301ca9b5c25e635728ae9b31e682e5b095035df4c2", + "zh:6d97cf026815cbf18238d59af86d2f7872f3f2ce1444204b094e025c246451fc", + "zh:708ccc9a2b85e626784f71c5dd02d8cc923a7fe7845dae5cee663260be0a5012", + "zh:9661c5bc0f1a7d3be6704c03329f528b9241df557a923e89725b1f94bab7c792", + "zh:9a92b91145f625afab06d4af8136051ccd2b26013cbc886661c6c473bb8bc4f5", + "zh:a11f3752b5867d83c75ccd0b90ad21f2c0e75ad7997bcd11f7c502af82f12251", + "zh:a4e132ec766fc97935b7193a7310d892a6d3a6418fec8c50f22cbc6dc2820cfb", + "zh:ad18d1253fc215acb10428627fbcad425a37e2a7ce002f428233e835015c3cd5", + "zh:baa54fa8e00c23b8df61bda25e6cd040f59072352ab649371f011f436508fc38", + "zh:bdb506646a58993290b44f1893c7404e97f3a65d898e0e564fa90a1a6dc89d96", + "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", + ] +} + +provider "registry.terraform.io/hashicorp/cloudinit" { + version = "2.3.5" + hashes = [ + "h1:Sf1Lt21oTADbzsnlU38ylpkl8YXP0Beznjcy5F/Yx64=", + "zh:17c20574de8eb925b0091c9b6a4d859e9d6e399cd890b44cfbc028f4f312ac7a", + "zh:348664d9a900f7baf7b091cf94d657e4c968b240d31d9e162086724e6afc19d5", + "zh:5a876a468ffabff0299f8348e719cb704daf81a4867f8c6892f3c3c4add2c755", + "zh:6ef97ee4c8c6a69a3d36746ba5c857cf4f4d78f32aa3d0e1ce68f2ece6a5dba5", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8283e5a785e3c518a440f6ac6e7cc4fc07fe266bf34974246f4e2ef05762feda", + "zh:a44eb5077950168b571b7eb65491246c00f45409110f0f172cc3a7605f19dba9", + "zh:aa0806cbff72b49c1b389c0b8e6904586e5259c08dabb7cb5040418568146530", + "zh:bec4613c3beaad9a7be7ca99cdb2852073f782355b272892e6ee97a22856aec1", + "zh:d7fe368577b6c8d1ae44c751ed42246754c10305c7f001cc0109833e95aa107d", + "zh:df2409fc6a364b1f0a0f8a9cd8a86e61e80307996979ce3790243c4ce88f2915", + "zh:ed3c263396ff1f4d29639cc43339b655235acf4d06296a7c120a80e4e0fd6409", + ] +} diff --git a/terraform/sensor/aws/examples/deployment/main.tf b/terraform/sensor/aws/examples/deployment/main.tf new file mode 100644 index 0000000..3671c63 --- /dev/null +++ b/terraform/sensor/aws/examples/deployment/main.tf @@ -0,0 +1,59 @@ +locals { + vpc_id = "" + monitoring_subnet = "" + management_subnet = "" + sensor_ssh_key_pair_name = "" + sensor_ami_id = "" + license = "" + tags = { + terraform : true, + purpose : "Corelight" + } + fleet_token = "b1cd099ff22ed8a41abc63929d1db126" + fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket" +} + +data "aws_subnet" "management" { + id = local.management_subnet +} + +module "asg_lambda_role" { + source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda" + + lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn + security_group_arn = module.sensor.management_security_group_arn + sensor_autoscaling_group_name = module.sensor.autoscaling_group_name + subnet_arn = data.aws_subnet.management.arn + + tags = local.tags +} + +module "sensor" { + source = "github.com/corelight/terraform-aws-sensor" + + auto_scaling_availability_zones = ["us-east-1a"] + aws_key_pair_name = local.sensor_ssh_key_pair_name + corelight_sensor_ami_id = local.sensor_ami_id + license_key = local.license + management_subnet_id = local.management_subnet + monitoring_subnet_id = local.monitoring_subnet + community_string = "" + vpc_id = local.vpc_id + asg_lambda_iam_role_arn = module.asg_lambda_role.role_arn + fleet_token = local.fleet_token + fleet_url = local.fleet_url + + tags = local.tags +} + +module "bastion" { + source = "github.com/corelight/terraform-aws-sensor//modules/bastion" + + bastion_key_pair_name = "" + subnet_id = data.aws_subnet.management.id + management_security_group_id = module.sensor.management_security_group_id + vpc_id = local.vpc_id + public_ssh_allow_cidr_blocks = ["0.0.0.0/0"] + + tags = local.tags +} diff --git a/terraform/sensor/aws/examples/deployment/versions.tf b/terraform/sensor/aws/examples/deployment/versions.tf new file mode 100644 index 0000000..554f427 --- /dev/null +++ b/terraform/sensor/aws/examples/deployment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5" + } + } +} \ No newline at end of file diff --git a/terraform/sensor/azure/README.md b/terraform/sensor/azure/README.md new file mode 100644 index 0000000..115b153 --- /dev/null +++ b/terraform/sensor/azure/README.md @@ -0,0 +1,17 @@ +# Corelight Sensor Deployment - Azure + +This directory provides Terraform code for deploying Corelight's Cloud Sensor +on **Azure**. + +## Overview + +This deployment uses the [terraform-azure-sensor][] module, which simplifies the +setup of Corelight Sensors by automating the provisioning of AWS resources. + +[terraform-azure-sensor]: https://github.com/corelight/terraform-azure-sensor/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/sensor/azure/examples/deployment/.terraform.lock.hcl b/terraform/sensor/azure/examples/deployment/.terraform.lock.hcl new file mode 100644 index 0000000..e2dba62 --- /dev/null +++ b/terraform/sensor/azure/examples/deployment/.terraform.lock.hcl @@ -0,0 +1,42 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "4.6.0" + constraints = ">= 3.97.1" + hashes = [ + "h1:dnb4t07g8JX1xNSW5Rsx9VTriKKst0bsquJNmvtqEN0=", + "zh:13107f35a7060efa62570e3482285003092ead0afa0fa9fa1b0dda4f70080cb9", + "zh:22703b9f318adbda7e75d50e76b345651cbf371bce227566a8b8532c9c4f0880", + "zh:601d1eb1c056e4de649561764056e3dc21b837d104d15fee31f9aaaacb292046", + "zh:6572232f9b0d20b149e8b5cf161fada6d8122ee1fea732c2f1e9402fe4d3375f", + "zh:6c19ab78c6cf7eb04b8db978daa611db04598fd490c90b85889d08726da1d095", + "zh:7f6eae5fa14def221422fdd34ea122ea0263d0c3c67eb0fd7870d664d7d7a360", + "zh:8530912ffcc8a92dd5c186ecd08a9c2f1282838a3ad5a71786c2866402c71da7", + "zh:a6b110c6cff0ed8c1a8969bd86583db1d5b4f3100f89ce0a0e0350b1ad8cd47b", + "zh:bd67b5d92e06bc44b166f4cabab189de5cc06506333283ac88b4ce21707b8c6b", + "zh:c472fdcafbca86a0a5b515378409d0bbddff6a6abb0bd0ecf438c610944b1e98", + "zh:ca4bb3797ddf20062995134211b50e313242c8a81aa5da63cc51a47e42f494c4", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/cloudinit" { + version = "2.3.5" + constraints = ">= 2.3.4" + hashes = [ + "h1:Sf1Lt21oTADbzsnlU38ylpkl8YXP0Beznjcy5F/Yx64=", + "zh:17c20574de8eb925b0091c9b6a4d859e9d6e399cd890b44cfbc028f4f312ac7a", + "zh:348664d9a900f7baf7b091cf94d657e4c968b240d31d9e162086724e6afc19d5", + "zh:5a876a468ffabff0299f8348e719cb704daf81a4867f8c6892f3c3c4add2c755", + "zh:6ef97ee4c8c6a69a3d36746ba5c857cf4f4d78f32aa3d0e1ce68f2ece6a5dba5", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8283e5a785e3c518a440f6ac6e7cc4fc07fe266bf34974246f4e2ef05762feda", + "zh:a44eb5077950168b571b7eb65491246c00f45409110f0f172cc3a7605f19dba9", + "zh:aa0806cbff72b49c1b389c0b8e6904586e5259c08dabb7cb5040418568146530", + "zh:bec4613c3beaad9a7be7ca99cdb2852073f782355b272892e6ee97a22856aec1", + "zh:d7fe368577b6c8d1ae44c751ed42246754c10305c7f001cc0109833e95aa107d", + "zh:df2409fc6a364b1f0a0f8a9cd8a86e61e80307996979ce3790243c4ce88f2915", + "zh:ed3c263396ff1f4d29639cc43339b655235acf4d06296a7c120a80e4e0fd6409", + ] +} diff --git a/terraform/sensor/azure/examples/deployment/main.tf b/terraform/sensor/azure/examples/deployment/main.tf new file mode 100644 index 0000000..529940f --- /dev/null +++ b/terraform/sensor/azure/examples/deployment/main.tf @@ -0,0 +1,63 @@ +locals { + subscription_id = "" + resource_group_name = "corelight" + location = "eastus" + license = "" + tags = { + terraform : true, + purpose : "Corelight" + } + fleet_token = "b1cd099ff22ed8a41abc63929d1db126" + fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket" +} + +#################################################################################################### +# Create a resource group for the corelight resources +#################################################################################################### +resource "azurerm_resource_group" "sensor_rg" { + location = local.location + name = local.resource_group_name + + tags = local.tags +} + +#################################################################################################### +# Get data on the existing vnet and create a subnet in that vnet for the sensor +#################################################################################################### +data "azurerm_virtual_network" "existing_vnet" { + name = "" + resource_group_name = "" +} + +#################################################################################################### +# Deploy the Sensor +#################################################################################################### +module "sensor" { + source = "../.." + + license_key = local.license + location = local.location + resource_group_name = azurerm_resource_group.sensor_rg.name + virtual_network_name = data.azurerm_virtual_network.existing_vnet.name + virtual_network_resource_group = "" + virtual_network_address_space = "" + corelight_sensor_image_id = "" + community_string = "" + fleet_token = local.fleet_token + fleet_url = local.fleet_url + sensor_ssh_public_key = "" + + # (Optional) Cloud Enrichment Variables + enrichment_storage_account_name = "" + enrichment_storage_container_name = "" + tags = local.tags +} + +#################################################################################################### +# (Optional) Assign the VMSS identity access to the enrichment bucket if enabled +#################################################################################################### +resource "azurerm_role_assignment" "enrichment_data_access" { + principal_id = module.sensor.sensor_identity_principal_id + scope = "" + role_definition_name = "Storage Blob Data Reader" +} diff --git a/terraform/sensor/azure/examples/deployment/versions.tf b/terraform/sensor/azure/examples/deployment/versions.tf new file mode 100644 index 0000000..7a8b113 --- /dev/null +++ b/terraform/sensor/azure/examples/deployment/versions.tf @@ -0,0 +1,16 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.97.1" + } + } +} + +provider "azurerm" { + features {} + subscription_id = local.subscription_id +} + diff --git a/terraform/sensor/gcp/README.md b/terraform/sensor/gcp/README.md new file mode 100644 index 0000000..7a0f33c --- /dev/null +++ b/terraform/sensor/gcp/README.md @@ -0,0 +1,17 @@ +# Corelight Sensor Deployment - GCP + +This directory provides Terraform code for deploying Corelight's Cloud Sensor +on **GCP**. + +## Overview + +This deployment uses the [terraform-gcp-sensor][] module, which simplifies the +setup of Corelight Sensors by automating the provisioning of AWS resources. + +[terraform-gcp-sensor]: https://github.com/corelight/terraform-gcp-sensor/ + +## Examples Directory + +The `examples/` directory demonstrates how to use the Terraform module with +various configurations. These examples showcase best practices and common +deployment scenarios. diff --git a/terraform/sensor/gcp/examples/deployment/.terraform.lock.hcl b/terraform/sensor/gcp/examples/deployment/.terraform.lock.hcl new file mode 100644 index 0000000..9315259 --- /dev/null +++ b/terraform/sensor/gcp/examples/deployment/.terraform.lock.hcl @@ -0,0 +1,41 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/cloudinit" { + version = "2.3.4" + hashes = [ + "h1:S3j8poSaLbaftlKq2STBkQEkZH253ZLaHhBHBifdpBQ=", + "zh:09f1f1e1d232da96fbf9513b0fb5263bc2fe9bee85697aa15d40bb93835efbeb", + "zh:381e74b90d7a038c3a8dcdcc2ce8c72d6b86da9f208a27f4b98cabe1a1032773", + "zh:398eb321949e28c4c5f7c52e9b1f922a10d0b2b073b7db04cb69318d24ffc5a9", + "zh:4a425679614a8f0fe440845828794e609b35af17db59134c4f9e56d61e979813", + "zh:4d955d8608ece4984c9f1dacda2a59fdb4ea6b0243872f049b388181aab8c80a", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a48fbee1d58d55a1f4c92c2f38c83a37c8b2f2701ed1a3c926cefb0801fa446a", + "zh:b748fe6631b16a1dafd35a09377c3bffa89552af584cf95f47568b6cd31fc241", + "zh:d4b931f7a54603fa4692a2ec6e498b95464babd2be072bed5c7c2e140a280d99", + "zh:f1c9337fcfe3a7be39d179eb7986c22a979cfb2c587c05f1b3b83064f41785c5", + "zh:f58fc57edd1ee3250a28943cd84de3e4b744cdb52df0356a53403fc240240636", + "zh:f5f50de0923ff530b03e1bca0ac697534d61bb3e5fc7f60e13becb62229097a9", + ] +} + +provider "registry.terraform.io/hashicorp/google" { + version = "5.28.0" + constraints = ">= 5.21.0" + hashes = [ + "h1:moM2ZvsEVjlowEJpUKC48irzrEerzWoJNBgeAd73s/k=", + "zh:00fb6916789d56c8801f95624fd30aca05f47918e6fab5c05fab7214cdecfc65", + "zh:204cc06787b8c55d2db744d020edf98bfdf294ed0a5d0fdc272afc0a9568a102", + "zh:3ccc7337801b6ebc8362a3cf4ae8eafacd235ee2389c84a58a4a7a6878159687", + "zh:6a91cf54404112651a2cffa2d59a140f1b1dbff7ff12e875f154deaebd969500", + "zh:6ade8996b11edb74afdf2b1b6c39c817e7f62bf2e899b1831bbc740457780456", + "zh:8691ad4285bf41a054a715b0cb9eb32c919512dded081437314b506fbe1ad0d2", + "zh:9c2ff4ca96299f65a6d23bb08d2a5f7005bef180fe5c9a3b5b3577f381d8bc8a", + "zh:cda256ff269b7ae289059e93f4d0ed071689c3fe58dcf6b3b68011523fc37c2d", + "zh:e38dc30b722922240c54ad2164a80505698933220afb2cde86b654cfc8e28900", + "zh:e3f8c05fc51a85508d78e3c5269d1b1c8425fe7c35f2659532d19be8da18c0ce", + "zh:e4894e409fcfbe0148e325ec9d342b4f3cf86b313e165628d20f90311e117a1d", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/terraform/sensor/gcp/examples/deployment/main.tf b/terraform/sensor/gcp/examples/deployment/main.tf new file mode 100644 index 0000000..765c684 --- /dev/null +++ b/terraform/sensor/gcp/examples/deployment/main.tf @@ -0,0 +1,150 @@ +locals { + region = "us-west1" + zone = "us-west1-a" + project_id = "" + auth = file("~/.config/gcloud/application_default_credentials.json") + instance_ssh_key_pub = "~/.ssh/id_ed25519_cl.pub" + instance_bastion_image = "ubuntu-os-cloud/ubuntu-2004-lts" + instance_sensor_image = "alma-8-20240516193720" + subnetwork_mgmt_cidr = "10.129.0.0/24" + subnetwork_mon_cidr = "10.3.0.0/24" + subnetwork_mon_gateway = "10.3.0.1" + license_key = file("~/corelight-license.txt") + community_string = "managedPassword!" + fleet_token = "b1cd099ff22ed8a41abc63929d1db126" + fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket" +} + +#################################################################################################### +# Configure the provider +#################################################################################################### + +provider "google" { + project = local.project_id + credentials = local.auth + region = local.region + zone = local.zone +} + +#################################################################################################### +# Create a VPC +#################################################################################################### + +# firewall + +# allow ssh traffic to mgmt (default is inbound) +resource "google_compute_firewall" "allow_ssh_to_mgmt" { + name = "corelight-allow-ssh-inbound-to-mgmt" + direction = "INGRESS" + network = google_compute_network.mgmt.name + + allow { + protocol = "tcp" + ports = ["22"] + } + + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-ssh"] +} + +# allow internal SSH traffic in mgmt network +resource "google_compute_firewall" "allow_internal" { + name = "corelight-allow-internal" + direction = "INGRESS" + network = google_compute_network.mgmt.name + + allow { + protocol = "tcp" + ports = ["22"] + } + + source_ranges = [local.subnetwork_mgmt_cidr] + target_tags = ["allow-ssh"] +} + +# nat + +resource "google_compute_router" "mgmt_router" { + name = "corelight-mgmt-router" + region = local.region + network = google_compute_network.mgmt.name +} + +resource "google_compute_router_nat" "mon_nat" { + name = "corelight-mgmt-nat" + router = google_compute_router.mgmt_router.name + region = local.region + nat_ip_allocate_option = "AUTO_ONLY" + source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" + + log_config { + enable = true + filter = "ERRORS_ONLY" + } +} + +# network + +resource "google_compute_network" "mgmt" { + name = "corelight-mgmt" + routing_mode = "GLOBAL" + auto_create_subnetworks = false +} + +resource "google_compute_network" "prod" { + name = "corelight-prod" + routing_mode = "GLOBAL" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "mgmt_subnet" { + name = "corelight-subnet" + ip_cidr_range = local.subnetwork_mgmt_cidr + network = google_compute_network.mgmt.name + region = local.region +} + +resource "google_compute_subnetwork" "mon_subnet" { + name = "corelight-mon-subnet" + ip_cidr_range = local.subnetwork_mon_cidr + network = google_compute_network.prod.name + region = local.region +} + +#################################################################################################### +# Create a Bastion +#################################################################################################### + +module "custom_bastion" { + source = "../../modules/bastion" + + zone = local.zone + network_mgmt_name = google_compute_network.mgmt.name + subnetwork_mgmt_name = google_compute_subnetwork.mgmt_subnet.name + instance_ssh_key_pub = local.instance_ssh_key_pub + image = local.instance_bastion_image +} + +#################################################################################################### +# Create Sensor Managed Instance Group +#################################################################################################### + +module "sensor" { + source = "../.." + + region = local.region + zone = local.zone + network_mgmt_name = google_compute_network.mgmt.name + subnetwork_mgmt_name = google_compute_subnetwork.mgmt_subnet.name + subnetwork_mgmt_cidr = local.subnetwork_mgmt_cidr + network_prod_name = google_compute_network.prod.name + subnetwork_mon_name = google_compute_subnetwork.mon_subnet.name + subnetwork_mon_cidr = local.subnetwork_mon_cidr + subnetwork_mon_gateway = local.subnetwork_mon_gateway + instance_ssh_key_pub = local.instance_ssh_key_pub + image = local.instance_sensor_image + license_key = local.license_key + community_string = local.community_string + fleet_token = local.fleet_token + fleet_url = local.fleet_url +} diff --git a/terraform/sensor/gcp/examples/deployment/terraform.tfstate b/terraform/sensor/gcp/examples/deployment/terraform.tfstate new file mode 100644 index 0000000..5506acb --- /dev/null +++ b/terraform/sensor/gcp/examples/deployment/terraform.tfstate @@ -0,0 +1,1097 @@ +{ + "version": 4, + "terraform_version": "1.4.2", + "serial": 569, + "lineage": "27f6756d-103a-f3cd-ba7c-124a917a3e46", + "outputs": {}, + "resources": [ + { + "mode": "managed", + "type": "google_compute_firewall", + "name": "allow_internal", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "allow": [ + { + "ports": [ + "22" + ], + "protocol": "tcp" + } + ], + "creation_timestamp": "2024-06-05T12:20:53.275-07:00", + "deny": [], + "description": "", + "destination_ranges": [], + "direction": "INGRESS", + "disabled": false, + "enable_logging": null, + "id": "projects/ng-cloud-dev/global/firewalls/corelight-allow-internal", + "log_config": [], + "name": "corelight-allow-internal", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "priority": 1000, + "project": "ng-cloud-dev", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/firewalls/corelight-allow-internal", + "source_ranges": [ + "10.129.0.0/24" + ], + "source_service_accounts": [], + "source_tags": [], + "target_service_accounts": [], + "target_tags": [ + "allow-ssh" + ], + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_firewall", + "name": "allow_ssh_to_mgmt", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "allow": [ + { + "ports": [ + "22" + ], + "protocol": "tcp" + } + ], + "creation_timestamp": "2024-06-05T12:20:53.320-07:00", + "deny": [], + "description": "", + "destination_ranges": [], + "direction": "INGRESS", + "disabled": false, + "enable_logging": null, + "id": "projects/ng-cloud-dev/global/firewalls/corelight-allow-ssh-inbound-to-mgmt", + "log_config": [], + "name": "corelight-allow-ssh-inbound-to-mgmt", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "priority": 1000, + "project": "ng-cloud-dev", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/firewalls/corelight-allow-ssh-inbound-to-mgmt", + "source_ranges": [ + "0.0.0.0/0" + ], + "source_service_accounts": [], + "source_tags": [], + "target_service_accounts": [], + "target_tags": [ + "allow-ssh" + ], + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_network", + "name": "mgmt", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "auto_create_subnetworks": false, + "delete_default_routes_on_create": false, + "description": "", + "enable_ula_internal_ipv6": false, + "gateway_ipv4": "", + "id": "projects/ng-cloud-dev/global/networks/corelight-mgmt", + "internal_ipv6_range": "", + "mtu": 0, + "name": "corelight-mgmt", + "network_firewall_policy_enforcement_order": "AFTER_CLASSIC_FIREWALL", + "numeric_id": "7175885267944670310", + "project": "ng-cloud-dev", + "routing_mode": "GLOBAL", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19" + } + ] + }, + { + "mode": "managed", + "type": "google_compute_network", + "name": "prod", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "auto_create_subnetworks": false, + "delete_default_routes_on_create": false, + "description": "", + "enable_ula_internal_ipv6": false, + "gateway_ipv4": "", + "id": "projects/ng-cloud-dev/global/networks/corelight-prod", + "internal_ipv6_range": "", + "mtu": 0, + "name": "corelight-prod", + "network_firewall_policy_enforcement_order": "AFTER_CLASSIC_FIREWALL", + "numeric_id": "2740802699796481126", + "project": "ng-cloud-dev", + "routing_mode": "GLOBAL", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19" + } + ] + }, + { + "mode": "managed", + "type": "google_compute_router", + "name": "mgmt_router", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bgp": [], + "creation_timestamp": "2024-06-05T12:20:53.204-07:00", + "description": "", + "encrypted_interconnect_router": false, + "id": "projects/ng-cloud-dev/regions/us-west1/routers/corelight-mgmt-router", + "name": "corelight-mgmt-router", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "project": "ng-cloud-dev", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/routers/corelight-mgmt-router", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_router_nat", + "name": "mon_nat", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "drain_nat_ips": [], + "enable_dynamic_port_allocation": false, + "enable_endpoint_independent_mapping": false, + "endpoint_types": [ + "ENDPOINT_TYPE_VM" + ], + "icmp_idle_timeout_sec": 30, + "id": "ng-cloud-dev/us-west1/corelight-mgmt-router/corelight-mgmt-nat", + "log_config": [ + { + "enable": true, + "filter": "ERRORS_ONLY" + } + ], + "max_ports_per_vm": 0, + "min_ports_per_vm": 0, + "name": "corelight-mgmt-nat", + "nat_ip_allocate_option": "AUTO_ONLY", + "nat_ips": [], + "project": "ng-cloud-dev", + "region": "us-west1", + "router": "corelight-mgmt-router", + "rules": [], + "source_subnetwork_ip_ranges_to_nat": "ALL_SUBNETWORKS_ALL_IP_RANGES", + "subnetwork": [], + "tcp_established_idle_timeout_sec": 1200, + "tcp_time_wait_timeout_sec": 120, + "tcp_transitory_idle_timeout_sec": 30, + "timeouts": null, + "udp_idle_timeout_sec": 30 + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_router.mgmt_router" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_subnetwork", + "name": "mgmt_subnet", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "creation_timestamp": "2024-06-05T12:20:53.491-07:00", + "description": "", + "external_ipv6_prefix": "", + "fingerprint": null, + "gateway_address": "10.129.0.1", + "id": "projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-subnet", + "internal_ipv6_prefix": "", + "ip_cidr_range": "10.129.0.0/24", + "ipv6_access_type": "", + "ipv6_cidr_range": "", + "log_config": [], + "name": "corelight-subnet", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "private_ip_google_access": false, + "private_ipv6_google_access": "DISABLE_GOOGLE_ACCESS", + "project": "ng-cloud-dev", + "purpose": "PRIVATE", + "region": "us-west1", + "role": "", + "secondary_ip_range": [], + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-subnet", + "stack_type": "IPV4_ONLY", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_subnetwork", + "name": "mon_subnet", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "creation_timestamp": "2024-06-05T12:21:04.101-07:00", + "description": "", + "external_ipv6_prefix": "", + "fingerprint": null, + "gateway_address": "10.3.0.1", + "id": "projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-mon-subnet", + "internal_ipv6_prefix": "", + "ip_cidr_range": "10.3.0.0/24", + "ipv6_access_type": "", + "ipv6_cidr_range": "", + "log_config": [], + "name": "corelight-mon-subnet", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "private_ip_google_access": false, + "private_ipv6_google_access": "DISABLE_GOOGLE_ACCESS", + "project": "ng-cloud-dev", + "purpose": "PRIVATE", + "region": "us-west1", + "role": "", + "secondary_ip_range": [], + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-mon-subnet", + "stack_type": "IPV4_ONLY", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.prod" + ] + } + ] + }, + { + "module": "module.custom_bastion", + "mode": "managed", + "type": "google_compute_instance", + "name": "bastion_instance", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 6, + "attributes": { + "advanced_machine_features": [], + "allow_stopping_for_update": null, + "attached_disk": [], + "boot_disk": [ + { + "auto_delete": true, + "device_name": "persistent-disk-0", + "disk_encryption_key_raw": "", + "disk_encryption_key_sha256": "", + "initialize_params": [ + { + "enable_confidential_compute": false, + "image": "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-2004-focal-v20240519", + "labels": {}, + "provisioned_iops": 0, + "provisioned_throughput": 0, + "resource_manager_tags": {}, + "size": 120, + "type": "pd-standard" + } + ], + "kms_key_self_link": "", + "mode": "READ_WRITE", + "source": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/zones/us-west1-a/disks/corelight-bastion" + } + ], + "can_ip_forward": false, + "confidential_instance_config": [], + "cpu_platform": "Intel Broadwell", + "current_status": "RUNNING", + "deletion_protection": false, + "description": "", + "desired_status": null, + "effective_labels": {}, + "enable_display": false, + "guest_accelerator": [], + "hostname": "", + "id": "projects/ng-cloud-dev/zones/us-west1-a/instances/corelight-bastion", + "instance_id": "4415849218070873156", + "label_fingerprint": "42WmSpB8rSM=", + "labels": {}, + "machine_type": "e2-medium", + "metadata": { + "ssh-keys": "ubuntu:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEidYdgsecA7ARos+qs1lKi55QhGa5YRdY5BfUm5J3E johndewey@Johns-MacBook-Pro.local\n" + }, + "metadata_fingerprint": "myfWKXz0w0I=", + "metadata_startup_script": null, + "min_cpu_platform": "", + "name": "corelight-bastion", + "network_interface": [ + { + "access_config": [ + { + "nat_ip": "35.212.251.230", + "network_tier": "STANDARD", + "public_ptr_domain_name": "" + } + ], + "alias_ip_range": [], + "internal_ipv6_prefix_length": 0, + "ipv6_access_config": [], + "ipv6_access_type": "", + "ipv6_address": "", + "name": "nic0", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "network_ip": "10.129.0.2", + "nic_type": "", + "queue_count": 0, + "stack_type": "IPV4_ONLY", + "subnetwork": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-subnet", + "subnetwork_project": "ng-cloud-dev" + } + ], + "network_performance_config": [], + "params": [], + "project": "ng-cloud-dev", + "reservation_affinity": [], + "resource_policies": [], + "scheduling": [ + { + "automatic_restart": true, + "instance_termination_action": "", + "local_ssd_recovery_timeout": [], + "min_node_cpus": 0, + "node_affinities": [], + "on_host_maintenance": "MIGRATE", + "preemptible": false, + "provisioning_model": "STANDARD" + } + ], + "scratch_disk": [], + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/zones/us-west1-a/instances/corelight-bastion", + "service_account": [], + "shielded_instance_config": [ + { + "enable_integrity_monitoring": true, + "enable_secure_boot": false, + "enable_vtpm": true + } + ], + "tags": [ + "allow-https", + "allow-ssh", + "bastion", + "corelight" + ], + "tags_fingerprint": "czF23xMmSzg=", + "terraform_labels": {}, + "timeouts": null, + "zone": "us-west1-a" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiNiJ9", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_subnetwork.mgmt_subnet" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_firewall", + "name": "sensor_health_check_rule", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "allow": [ + { + "ports": [ + "41080", + "22" + ], + "protocol": "tcp" + } + ], + "creation_timestamp": "2024-06-05T12:20:53.315-07:00", + "deny": [], + "description": "", + "destination_ranges": [], + "direction": "INGRESS", + "disabled": false, + "enable_logging": null, + "id": "projects/ng-cloud-dev/global/firewalls/corelight-sensor-health-check-rule", + "log_config": [], + "name": "corelight-sensor-health-check-rule", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "priority": 1000, + "project": "ng-cloud-dev", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/firewalls/corelight-sensor-health-check-rule", + "source_ranges": [ + "130.211.0.0/22", + "35.191.0.0/16" + ], + "source_service_accounts": [], + "source_tags": [], + "target_service_accounts": [], + "target_tags": [ + "sensor" + ], + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_forwarding_rule", + "name": "traffic_forwarding_rule", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_ports": true, + "allow_global_access": false, + "allow_psc_global_access": false, + "backend_service": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/backendServices/corelight-traffic-ilb-backend-service", + "base_forwarding_rule": "", + "creation_timestamp": "2024-06-05T12:22:22.512-07:00", + "description": "", + "effective_labels": {}, + "id": "projects/ng-cloud-dev/regions/us-west1/forwardingRules/corelight-traffic-forwarding-rule", + "ip_address": "10.3.0.2", + "ip_protocol": "TCP", + "ip_version": "", + "is_mirroring_collector": true, + "label_fingerprint": "42WmSpB8rSM=", + "labels": {}, + "load_balancing_scheme": "INTERNAL", + "name": "corelight-traffic-forwarding-rule", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "network_tier": "PREMIUM", + "no_automate_dns_zone": null, + "port_range": "", + "ports": [], + "project": "ng-cloud-dev", + "psc_connection_id": "", + "psc_connection_status": "", + "recreate_closed_psc": false, + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/forwardingRules/corelight-traffic-forwarding-rule", + "service_directory_registrations": [], + "service_label": "", + "service_name": "", + "source_ip_ranges": [], + "subnetwork": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-mon-subnet", + "target": "", + "terraform_labels": {}, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_backend_service.traffic_ilb_backend_service", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.google_compute_region_instance_group_manager.sensor_mig", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_instance_template", + "name": "sensor_template", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "advanced_machine_features": [], + "can_ip_forward": false, + "confidential_instance_config": [], + "description": "", + "disk": [ + { + "auto_delete": true, + "boot": true, + "device_name": "persistent-disk-0", + "disk_encryption_key": [], + "disk_name": "", + "disk_size_gb": 120, + "disk_type": "pd-standard", + "interface": "SCSI", + "labels": {}, + "mode": "READ_WRITE", + "provisioned_iops": 0, + "resource_manager_tags": {}, + "resource_policies": [], + "source": "", + "source_image": "projects/ng-cloud-dev/global/images/alma-8-20240516193720", + "source_image_encryption_key": [], + "source_snapshot": "", + "source_snapshot_encryption_key": [], + "type": "PERSISTENT" + } + ], + "effective_labels": {}, + "guest_accelerator": [], + "id": "projects/ng-cloud-dev/global/instanceTemplates/corelight-mig-template", + "instance_description": "", + "labels": null, + "machine_type": "e2-standard-8", + "metadata": { + "ssh-keys": "ec2-user:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEidYdgsecA7ARos+qs1lKi55QhGa5YRdY5BfUm5J3E johndewey@Johns-MacBook-Pro.local\n", + "user-data": "Content-Type: multipart/mixed; boundary=\"MIMEBOUNDARY\"\nMIME-Version: 1.0\r\n\r\n--MIMEBOUNDARY\r\nContent-Disposition: attachment; filename=\"sensor-build.yaml\"\r\nContent-Transfer-Encoding: 7bit\r\nContent-Type: text/cloud-config\r\nMime-Version: 1.0\r\n\r\n#cloud-config\n\nwrite_files:\n - content: |\n sensor:\n api:\n password: managedPassword!\n license_key: eyJhbGciOiJFUzI1NiJ9.W2ZpbGVdCnByaW9yaXR5PTEwCnZlcnNpb249MQoKW3BsYXRmb3JtXQp2aXJ0dWFsPTAKdWlkPQpvZmZsaW5lPTAKCltjY3NdCmNjcy5jdXN0b21lcj1icm9hbGEKY2NzLmN1c3RvbWVyLnV1aWQ9MzFkNzkxNzItOGJhMC00YzhjLWFjMjgtZjQ1NTU0Y2ZhMTQxCmNjcy5wb2M9dHJ1ZQoKW29wdGlvbnNdCmxpY2Vuc2Uuc2Vuc29yLmNvbW1lbnQ9Q0NTIEdlbmVyYXRlZCBMaWNlbnNlCmxpY2Vuc2Uuc2Vuc29yLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zZW5zb3IuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLmNpZHMuY29tbWVudD1DQ1MgR2VuZXJhdGVkIExpY2Vuc2UKbGljZW5zZS5jaWRzLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy5lbmQ9MjAyNC0wOS0wMVQwMDowMDowMFoKbGljZW5zZS5jaWRzLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnN1cmljYXRhLmNvbW1lbnQ9CmxpY2Vuc2Uuc3VyaWNhdGEuc3RhcnQ9MjAyMy0wOC0yM1QwMDowMDowMFoKbGljZW5zZS5zdXJpY2F0YS53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZXhwaXJlPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmNvbW1lbnQ9CmxpY2Vuc2Uuc21hcnRwY2FwLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zbWFydHBjYXAuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnV1aWQ9Nzk2ZmIxZjEtMWYzNy00ODQ0LWJlYjktMWIwYWZjZmYzNGMxCgo.qptWbSj1diZpO88FNPhYlzRXbXBz0mCa1WwPGIaj3X09-Pr4sFN9Qig1sr3jBivPOak89reFBy9BtA9NXhhyiQ\n\n management_interface:\n name: eth0\n wait: true\n monitoring_interface:\n name: eth1\n wait: true\n health_check:\n port: 41080\n subnet: 10.3.0.0/24\n gateway: 10.3.0.1\n kubernetes:\n allow_ports:\n - protocol: tcp\n port: 41080\n net: 130.211.0.0/22\n - protocol: tcp\n port: 41080\n net: 35.191.0.0/16\n\n owner: root:root\n path: /etc/corelight/corelightctl.yaml\n permissions: '0644'\n\nruncmd:\n - corelightctl sensor bootstrap -v\n - corelightctl sensor deploy -v\n\r\n--MIMEBOUNDARY--\r\n" + }, + "metadata_fingerprint": "HgofovVT9Tg=", + "metadata_startup_script": null, + "min_cpu_platform": "", + "name": "corelight-mig-template", + "name_prefix": null, + "network_interface": [ + { + "access_config": [], + "alias_ip_range": [], + "internal_ipv6_prefix_length": 0, + "ipv6_access_config": [], + "ipv6_access_type": "", + "ipv6_address": "", + "name": "nic0", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "network_ip": "", + "nic_type": "", + "queue_count": 0, + "stack_type": "", + "subnetwork": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-subnet", + "subnetwork_project": "ng-cloud-dev" + }, + { + "access_config": [], + "alias_ip_range": [], + "internal_ipv6_prefix_length": 0, + "ipv6_access_config": [], + "ipv6_access_type": "", + "ipv6_address": "", + "name": "nic1", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "network_ip": "", + "nic_type": "", + "queue_count": 0, + "stack_type": "", + "subnetwork": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-mon-subnet", + "subnetwork_project": "ng-cloud-dev" + } + ], + "network_performance_config": [], + "project": "ng-cloud-dev", + "region": "us-west1", + "reservation_affinity": [], + "resource_manager_tags": null, + "resource_policies": null, + "scheduling": [ + { + "automatic_restart": true, + "instance_termination_action": "", + "local_ssd_recovery_timeout": [], + "min_node_cpus": 0, + "node_affinities": [], + "on_host_maintenance": "MIGRATE", + "preemptible": false, + "provisioning_model": "STANDARD" + } + ], + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/instanceTemplates/corelight-mig-template", + "self_link_unique": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/instanceTemplates/corelight-mig-template?uniqueId=238936807667729498", + "service_account": [], + "shielded_instance_config": [], + "tags": [ + "allow-health-check", + "allow-ssh", + "corelight", + "sensor" + ], + "tags_fingerprint": "", + "terraform_labels": {}, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoyNDAwMDAwMDAwMDAsImRlbGV0ZSI6MjQwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_packet_mirroring", + "name": "traffic_mirror", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "collector_ilb": [ + { + "url": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/forwardingRules/corelight-traffic-forwarding-rule" + } + ], + "description": "", + "filter": [ + { + "cidr_ranges": [], + "direction": "BOTH", + "ip_protocols": [] + } + ], + "id": "projects/ng-cloud-dev/regions/us-west1/packetMirrorings/corelight-traffic-mirroring", + "mirrored_resources": [ + { + "instances": [], + "subnetworks": [], + "tags": [ + "traffic-source" + ] + } + ], + "name": "corelight-traffic-mirroring", + "network": [ + { + "url": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod" + } + ], + "priority": 1000, + "project": "ng-cloud-dev", + "region": "us-west1", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_forwarding_rule.traffic_forwarding_rule", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_backend_service.traffic_ilb_backend_service", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.google_compute_region_instance_group_manager.sensor_mig", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_region_autoscaler", + "name": "sensor_autoscaler", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "autoscaling_policy": [ + { + "cooldown_period": 600, + "cpu_utilization": [ + { + "predictive_method": "NONE", + "target": 0.4 + } + ], + "load_balancing_utilization": [], + "max_replicas": 3, + "metric": [], + "min_replicas": 1, + "mode": "ON", + "scale_in_control": [], + "scaling_schedules": [] + } + ], + "creation_timestamp": "2024-06-05T12:22:10.691-07:00", + "description": "", + "id": "projects/ng-cloud-dev/regions/us-west1/autoscalers/corelight-autoscale", + "name": "corelight-autoscale", + "project": "ng-cloud-dev", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/autoscalers/corelight-autoscale", + "target": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/instanceGroupManagers/corelight-mig-manager", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.google_compute_region_instance_group_manager.sensor_mig", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_region_backend_service", + "name": "traffic_ilb_backend_service", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "affinity_cookie_ttl_sec": 0, + "backend": [ + { + "balancing_mode": "CONNECTION", + "capacity_scaler": 0, + "description": "", + "failover": false, + "group": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/instanceGroups/corelight-mig-manager", + "max_connections": 0, + "max_connections_per_endpoint": 0, + "max_connections_per_instance": 0, + "max_rate": 0, + "max_rate_per_endpoint": 0, + "max_rate_per_instance": 0, + "max_utilization": 0 + } + ], + "cdn_policy": [], + "circuit_breakers": [], + "connection_draining_timeout_sec": 0, + "consistent_hash": [], + "creation_timestamp": "2024-06-05T12:22:10.756-07:00", + "description": "", + "enable_cdn": false, + "failover_policy": [], + "fingerprint": "wiALZf7cV0s=", + "generated_id": 5958816945008346125, + "health_checks": [ + "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/healthChecks/corelight-traffic-monitor-health-check" + ], + "iap": [], + "id": "projects/ng-cloud-dev/regions/us-west1/backendServices/corelight-traffic-ilb-backend-service", + "load_balancing_scheme": "INTERNAL", + "locality_lb_policy": "", + "log_config": [], + "name": "corelight-traffic-ilb-backend-service", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "outlier_detection": [], + "port_name": "", + "project": "ng-cloud-dev", + "protocol": "TCP", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/backendServices/corelight-traffic-ilb-backend-service", + "session_affinity": "NONE", + "timeout_sec": 30, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.google_compute_region_instance_group_manager.sensor_mig", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_region_health_check", + "name": "traffic_mon_health_check", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "check_interval_sec": 30, + "creation_timestamp": "2024-06-05T12:20:41.894-07:00", + "description": "", + "grpc_health_check": [], + "healthy_threshold": 2, + "http2_health_check": [], + "http_health_check": [], + "https_health_check": [], + "id": "projects/ng-cloud-dev/regions/us-west1/healthChecks/corelight-traffic-monitor-health-check", + "log_config": [ + { + "enable": false + } + ], + "name": "corelight-traffic-monitor-health-check", + "project": "ng-cloud-dev", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/healthChecks/corelight-traffic-monitor-health-check", + "ssl_health_check": [], + "tcp_health_check": [ + { + "port": 22, + "port_name": "", + "port_specification": "", + "proxy_header": "NONE", + "request": "", + "response": "" + } + ], + "timeout_sec": 30, + "timeouts": null, + "type": "TCP", + "unhealthy_threshold": 2 + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19" + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_region_instance_group_manager", + "name": "sensor_mig", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_instances_config": [], + "auto_healing_policies": [ + { + "health_check": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/healthChecks/corelight-traffic-monitor-health-check", + "initial_delay_sec": 600 + } + ], + "base_instance_name": "corelight", + "creation_timestamp": "2024-06-05T12:21:39.518-07:00", + "description": "", + "distribution_policy_target_shape": "EVEN", + "distribution_policy_zones": [ + "us-west1-a", + "us-west1-b", + "us-west1-c" + ], + "fingerprint": "VnmXroov_kw=", + "id": "projects/ng-cloud-dev/regions/us-west1/instanceGroupManagers/corelight-mig-manager", + "instance_group": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/instanceGroups/corelight-mig-manager", + "instance_lifecycle_policy": [ + { + "default_action_on_failure": "REPAIR", + "force_update_on_repair": "NO" + } + ], + "list_managed_instances_results": "PAGELESS", + "name": "corelight-mig-manager", + "named_port": [], + "project": "ng-cloud-dev", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/instanceGroupManagers/corelight-mig-manager", + "stateful_disk": [], + "stateful_external_ip": [], + "stateful_internal_ip": [], + "status": [ + { + "all_instances_config": [ + { + "current_revision": "", + "effective": true + } + ], + "is_stable": true, + "stateful": [ + { + "has_stateful_config": false, + "per_instance_configs": [ + { + "all_effective": true + } + ] + } + ], + "version_target": [ + { + "is_reached": true + } + ] + } + ], + "target_pools": [], + "target_size": 1, + "timeouts": null, + "update_policy": [ + { + "instance_redistribution_type": "PROACTIVE", + "max_surge_fixed": 3, + "max_surge_percent": 0, + "max_unavailable_fixed": 3, + "max_unavailable_percent": 0, + "minimal_action": "REPLACE", + "most_disruptive_allowed_action": "", + "replacement_method": "SUBSTITUTE", + "type": "OPPORTUNISTIC" + } + ], + "version": [ + { + "instance_template": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/instanceTemplates/corelight-mig-template", + "name": "Corelight-Sensor", + "target_size": [] + } + ], + "wait_for_instances": false, + "wait_for_instances_status": "STABLE" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo5MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwLCJ1cGRhdGUiOjkwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor.module.sensor_config", + "mode": "data", + "type": "cloudinit_config", + "name": "config", + "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "base64_encode": false, + "boundary": "MIMEBOUNDARY", + "gzip": false, + "id": "533399370", + "part": [ + { + "content": "#cloud-config\n\nwrite_files:\n - content: |\n sensor:\n api:\n password: managedPassword!\n license_key: eyJhbGciOiJFUzI1NiJ9.W2ZpbGVdCnByaW9yaXR5PTEwCnZlcnNpb249MQoKW3BsYXRmb3JtXQp2aXJ0dWFsPTAKdWlkPQpvZmZsaW5lPTAKCltjY3NdCmNjcy5jdXN0b21lcj1icm9hbGEKY2NzLmN1c3RvbWVyLnV1aWQ9MzFkNzkxNzItOGJhMC00YzhjLWFjMjgtZjQ1NTU0Y2ZhMTQxCmNjcy5wb2M9dHJ1ZQoKW29wdGlvbnNdCmxpY2Vuc2Uuc2Vuc29yLmNvbW1lbnQ9Q0NTIEdlbmVyYXRlZCBMaWNlbnNlCmxpY2Vuc2Uuc2Vuc29yLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zZW5zb3IuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLmNpZHMuY29tbWVudD1DQ1MgR2VuZXJhdGVkIExpY2Vuc2UKbGljZW5zZS5jaWRzLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy5lbmQ9MjAyNC0wOS0wMVQwMDowMDowMFoKbGljZW5zZS5jaWRzLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnN1cmljYXRhLmNvbW1lbnQ9CmxpY2Vuc2Uuc3VyaWNhdGEuc3RhcnQ9MjAyMy0wOC0yM1QwMDowMDowMFoKbGljZW5zZS5zdXJpY2F0YS53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZXhwaXJlPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmNvbW1lbnQ9CmxpY2Vuc2Uuc21hcnRwY2FwLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zbWFydHBjYXAuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnV1aWQ9Nzk2ZmIxZjEtMWYzNy00ODQ0LWJlYjktMWIwYWZjZmYzNGMxCgo.qptWbSj1diZpO88FNPhYlzRXbXBz0mCa1WwPGIaj3X09-Pr4sFN9Qig1sr3jBivPOak89reFBy9BtA9NXhhyiQ\n\n management_interface:\n name: eth0\n wait: true\n monitoring_interface:\n name: eth1\n wait: true\n health_check:\n port: 41080\n subnet: 10.3.0.0/24\n gateway: 10.3.0.1\n kubernetes:\n allow_ports:\n - protocol: tcp\n port: 41080\n net: 130.211.0.0/22\n - protocol: tcp\n port: 41080\n net: 35.191.0.0/16\n\n owner: root:root\n path: /etc/corelight/corelightctl.yaml\n permissions: '0644'\n\nruncmd:\n - corelightctl sensor bootstrap -v\n - corelightctl sensor deploy -v\n", + "content_type": "text/cloud-config", + "filename": "sensor-build.yaml", + "merge_type": null + } + ], + "rendered": "Content-Type: multipart/mixed; boundary=\"MIMEBOUNDARY\"\nMIME-Version: 1.0\r\n\r\n--MIMEBOUNDARY\r\nContent-Disposition: attachment; filename=\"sensor-build.yaml\"\r\nContent-Transfer-Encoding: 7bit\r\nContent-Type: text/cloud-config\r\nMime-Version: 1.0\r\n\r\n#cloud-config\n\nwrite_files:\n - content: |\n sensor:\n api:\n password: managedPassword!\n license_key: eyJhbGciOiJFUzI1NiJ9.W2ZpbGVdCnByaW9yaXR5PTEwCnZlcnNpb249MQoKW3BsYXRmb3JtXQp2aXJ0dWFsPTAKdWlkPQpvZmZsaW5lPTAKCltjY3NdCmNjcy5jdXN0b21lcj1icm9hbGEKY2NzLmN1c3RvbWVyLnV1aWQ9MzFkNzkxNzItOGJhMC00YzhjLWFjMjgtZjQ1NTU0Y2ZhMTQxCmNjcy5wb2M9dHJ1ZQoKW29wdGlvbnNdCmxpY2Vuc2Uuc2Vuc29yLmNvbW1lbnQ9Q0NTIEdlbmVyYXRlZCBMaWNlbnNlCmxpY2Vuc2Uuc2Vuc29yLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zZW5zb3IuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLmNpZHMuY29tbWVudD1DQ1MgR2VuZXJhdGVkIExpY2Vuc2UKbGljZW5zZS5jaWRzLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy5lbmQ9MjAyNC0wOS0wMVQwMDowMDowMFoKbGljZW5zZS5jaWRzLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnN1cmljYXRhLmNvbW1lbnQ9CmxpY2Vuc2Uuc3VyaWNhdGEuc3RhcnQ9MjAyMy0wOC0yM1QwMDowMDowMFoKbGljZW5zZS5zdXJpY2F0YS53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZXhwaXJlPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmNvbW1lbnQ9CmxpY2Vuc2Uuc21hcnRwY2FwLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zbWFydHBjYXAuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnV1aWQ9Nzk2ZmIxZjEtMWYzNy00ODQ0LWJlYjktMWIwYWZjZmYzNGMxCgo.qptWbSj1diZpO88FNPhYlzRXbXBz0mCa1WwPGIaj3X09-Pr4sFN9Qig1sr3jBivPOak89reFBy9BtA9NXhhyiQ\n\n management_interface:\n name: eth0\n wait: true\n monitoring_interface:\n name: eth1\n wait: true\n health_check:\n port: 41080\n subnet: 10.3.0.0/24\n gateway: 10.3.0.1\n kubernetes:\n allow_ports:\n - protocol: tcp\n port: 41080\n net: 130.211.0.0/22\n - protocol: tcp\n port: 41080\n net: 35.191.0.0/16\n\n owner: root:root\n path: /etc/corelight/corelightctl.yaml\n permissions: '0644'\n\nruncmd:\n - corelightctl sensor bootstrap -v\n - corelightctl sensor deploy -v\n\r\n--MIMEBOUNDARY--\r\n" + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "part" + }, + { + "type": "index", + "value": { + "value": 0, + "type": "number" + } + }, + { + "type": "get_attr", + "value": "content" + } + ] + ] + } + ] + } + ], + "check_results": null +} diff --git a/terraform/sensor/gcp/examples/deployment/terraform.tfstate.backup b/terraform/sensor/gcp/examples/deployment/terraform.tfstate.backup new file mode 100644 index 0000000..8e20c2a --- /dev/null +++ b/terraform/sensor/gcp/examples/deployment/terraform.tfstate.backup @@ -0,0 +1,1097 @@ +{ + "version": 4, + "terraform_version": "1.4.2", + "serial": 566, + "lineage": "27f6756d-103a-f3cd-ba7c-124a917a3e46", + "outputs": {}, + "resources": [ + { + "mode": "managed", + "type": "google_compute_firewall", + "name": "allow_internal", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "allow": [ + { + "ports": [ + "22" + ], + "protocol": "tcp" + } + ], + "creation_timestamp": "2024-06-05T12:20:53.275-07:00", + "deny": [], + "description": "", + "destination_ranges": [], + "direction": "INGRESS", + "disabled": false, + "enable_logging": null, + "id": "projects/ng-cloud-dev/global/firewalls/corelight-allow-internal", + "log_config": [], + "name": "corelight-allow-internal", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "priority": 1000, + "project": "ng-cloud-dev", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/firewalls/corelight-allow-internal", + "source_ranges": [ + "10.129.0.0/24" + ], + "source_service_accounts": [], + "source_tags": [], + "target_service_accounts": [], + "target_tags": [ + "allow-ssh" + ], + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_firewall", + "name": "allow_ssh_to_mgmt", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "allow": [ + { + "ports": [ + "22" + ], + "protocol": "tcp" + } + ], + "creation_timestamp": "2024-06-05T12:20:53.320-07:00", + "deny": [], + "description": "", + "destination_ranges": [], + "direction": "INGRESS", + "disabled": false, + "enable_logging": null, + "id": "projects/ng-cloud-dev/global/firewalls/corelight-allow-ssh-inbound-to-mgmt", + "log_config": [], + "name": "corelight-allow-ssh-inbound-to-mgmt", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "priority": 1000, + "project": "ng-cloud-dev", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/firewalls/corelight-allow-ssh-inbound-to-mgmt", + "source_ranges": [ + "0.0.0.0/0" + ], + "source_service_accounts": [], + "source_tags": [], + "target_service_accounts": [], + "target_tags": [ + "allow-ssh" + ], + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_network", + "name": "mgmt", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "auto_create_subnetworks": false, + "delete_default_routes_on_create": false, + "description": "", + "enable_ula_internal_ipv6": false, + "gateway_ipv4": "", + "id": "projects/ng-cloud-dev/global/networks/corelight-mgmt", + "internal_ipv6_range": "", + "mtu": 0, + "name": "corelight-mgmt", + "network_firewall_policy_enforcement_order": "AFTER_CLASSIC_FIREWALL", + "numeric_id": "7175885267944670310", + "project": "ng-cloud-dev", + "routing_mode": "GLOBAL", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19" + } + ] + }, + { + "mode": "managed", + "type": "google_compute_network", + "name": "prod", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "auto_create_subnetworks": false, + "delete_default_routes_on_create": false, + "description": "", + "enable_ula_internal_ipv6": false, + "gateway_ipv4": "", + "id": "projects/ng-cloud-dev/global/networks/corelight-prod", + "internal_ipv6_range": "", + "mtu": 0, + "name": "corelight-prod", + "network_firewall_policy_enforcement_order": "AFTER_CLASSIC_FIREWALL", + "numeric_id": "2740802699796481126", + "project": "ng-cloud-dev", + "routing_mode": "GLOBAL", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19" + } + ] + }, + { + "mode": "managed", + "type": "google_compute_router", + "name": "mgmt_router", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bgp": [], + "creation_timestamp": "2024-06-05T12:20:53.204-07:00", + "description": "", + "encrypted_interconnect_router": false, + "id": "projects/ng-cloud-dev/regions/us-west1/routers/corelight-mgmt-router", + "name": "corelight-mgmt-router", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "project": "ng-cloud-dev", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/routers/corelight-mgmt-router", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_router_nat", + "name": "mon_nat", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "drain_nat_ips": [], + "enable_dynamic_port_allocation": false, + "enable_endpoint_independent_mapping": false, + "endpoint_types": [ + "ENDPOINT_TYPE_VM" + ], + "icmp_idle_timeout_sec": 30, + "id": "ng-cloud-dev/us-west1/corelight-mgmt-router/corelight-mgmt-nat", + "log_config": [ + { + "enable": true, + "filter": "ERRORS_ONLY" + } + ], + "max_ports_per_vm": 0, + "min_ports_per_vm": 0, + "name": "corelight-mgmt-nat", + "nat_ip_allocate_option": "AUTO_ONLY", + "nat_ips": [], + "project": "ng-cloud-dev", + "region": "us-west1", + "router": "corelight-mgmt-router", + "rules": [], + "source_subnetwork_ip_ranges_to_nat": "ALL_SUBNETWORKS_ALL_IP_RANGES", + "subnetwork": [], + "tcp_established_idle_timeout_sec": 1200, + "tcp_time_wait_timeout_sec": 120, + "tcp_transitory_idle_timeout_sec": 30, + "timeouts": null, + "udp_idle_timeout_sec": 30 + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_router.mgmt_router" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_subnetwork", + "name": "mgmt_subnet", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "creation_timestamp": "2024-06-05T12:20:53.491-07:00", + "description": "", + "external_ipv6_prefix": "", + "fingerprint": null, + "gateway_address": "10.129.0.1", + "id": "projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-subnet", + "internal_ipv6_prefix": "", + "ip_cidr_range": "10.129.0.0/24", + "ipv6_access_type": "", + "ipv6_cidr_range": "", + "log_config": [], + "name": "corelight-subnet", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "private_ip_google_access": false, + "private_ipv6_google_access": "DISABLE_GOOGLE_ACCESS", + "project": "ng-cloud-dev", + "purpose": "PRIVATE", + "region": "us-west1", + "role": "", + "secondary_ip_range": [], + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-subnet", + "stack_type": "IPV4_ONLY", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "mode": "managed", + "type": "google_compute_subnetwork", + "name": "mon_subnet", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "creation_timestamp": "2024-06-05T12:21:04.101-07:00", + "description": "", + "external_ipv6_prefix": "", + "fingerprint": null, + "gateway_address": "10.3.0.1", + "id": "projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-mon-subnet", + "internal_ipv6_prefix": "", + "ip_cidr_range": "10.3.0.0/24", + "ipv6_access_type": "", + "ipv6_cidr_range": "", + "log_config": [], + "name": "corelight-mon-subnet", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "private_ip_google_access": false, + "private_ipv6_google_access": "DISABLE_GOOGLE_ACCESS", + "project": "ng-cloud-dev", + "purpose": "PRIVATE", + "region": "us-west1", + "role": "", + "secondary_ip_range": [], + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-mon-subnet", + "stack_type": "IPV4_ONLY", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.prod" + ] + } + ] + }, + { + "module": "module.custom_bastion", + "mode": "managed", + "type": "google_compute_instance", + "name": "bastion_instance", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 6, + "attributes": { + "advanced_machine_features": [], + "allow_stopping_for_update": null, + "attached_disk": [], + "boot_disk": [ + { + "auto_delete": true, + "device_name": "persistent-disk-0", + "disk_encryption_key_raw": "", + "disk_encryption_key_sha256": "", + "initialize_params": [ + { + "enable_confidential_compute": false, + "image": "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-2004-focal-v20240519", + "labels": {}, + "provisioned_iops": 0, + "provisioned_throughput": 0, + "resource_manager_tags": {}, + "size": 120, + "type": "pd-standard" + } + ], + "kms_key_self_link": "", + "mode": "READ_WRITE", + "source": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/zones/us-west1-a/disks/corelight-bastion" + } + ], + "can_ip_forward": false, + "confidential_instance_config": [], + "cpu_platform": "Intel Broadwell", + "current_status": "RUNNING", + "deletion_protection": false, + "description": "", + "desired_status": null, + "effective_labels": {}, + "enable_display": false, + "guest_accelerator": [], + "hostname": "", + "id": "projects/ng-cloud-dev/zones/us-west1-a/instances/corelight-bastion", + "instance_id": "4415849218070873156", + "label_fingerprint": "42WmSpB8rSM=", + "labels": {}, + "machine_type": "e2-medium", + "metadata": { + "ssh-keys": "ubuntu:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEidYdgsecA7ARos+qs1lKi55QhGa5YRdY5BfUm5J3E johndewey@Johns-MacBook-Pro.local\n" + }, + "metadata_fingerprint": "myfWKXz0w0I=", + "metadata_startup_script": null, + "min_cpu_platform": "", + "name": "corelight-bastion", + "network_interface": [ + { + "access_config": [ + { + "nat_ip": "35.212.251.230", + "network_tier": "STANDARD", + "public_ptr_domain_name": "" + } + ], + "alias_ip_range": [], + "internal_ipv6_prefix_length": 0, + "ipv6_access_config": [], + "ipv6_access_type": "", + "ipv6_address": "", + "name": "nic0", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "network_ip": "10.129.0.2", + "nic_type": "", + "queue_count": 0, + "stack_type": "IPV4_ONLY", + "subnetwork": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-subnet", + "subnetwork_project": "ng-cloud-dev" + } + ], + "network_performance_config": [], + "params": [], + "project": "ng-cloud-dev", + "reservation_affinity": [], + "resource_policies": [], + "scheduling": [ + { + "automatic_restart": true, + "instance_termination_action": "", + "local_ssd_recovery_timeout": [], + "min_node_cpus": 0, + "node_affinities": [], + "on_host_maintenance": "MIGRATE", + "preemptible": false, + "provisioning_model": "STANDARD" + } + ], + "scratch_disk": [], + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/zones/us-west1-a/instances/corelight-bastion", + "service_account": [], + "shielded_instance_config": [ + { + "enable_integrity_monitoring": true, + "enable_secure_boot": false, + "enable_vtpm": true + } + ], + "tags": [ + "allow-https", + "allow-ssh", + "bastion", + "corelight" + ], + "tags_fingerprint": "czF23xMmSzg=", + "terraform_labels": {}, + "timeouts": null, + "zone": "us-west1-a" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiNiJ9", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_subnetwork.mgmt_subnet" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_firewall", + "name": "sensor_health_check_rule", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "allow": [ + { + "ports": [ + "41080" + ], + "protocol": "tcp" + } + ], + "creation_timestamp": "2024-06-05T12:20:53.315-07:00", + "deny": [], + "description": "", + "destination_ranges": [], + "direction": "INGRESS", + "disabled": false, + "enable_logging": null, + "id": "projects/ng-cloud-dev/global/firewalls/corelight-sensor-health-check-rule", + "log_config": [], + "name": "corelight-sensor-health-check-rule", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "priority": 1000, + "project": "ng-cloud-dev", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/firewalls/corelight-sensor-health-check-rule", + "source_ranges": [ + "130.211.0.0/22", + "35.191.0.0/16" + ], + "source_service_accounts": [], + "source_tags": [], + "target_service_accounts": [], + "target_tags": [ + "sensor" + ], + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "google_compute_network.mgmt" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_forwarding_rule", + "name": "traffic_forwarding_rule", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_ports": true, + "allow_global_access": false, + "allow_psc_global_access": false, + "backend_service": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/backendServices/corelight-traffic-ilb-backend-service", + "base_forwarding_rule": "", + "creation_timestamp": "2024-06-05T12:22:22.512-07:00", + "description": "", + "effective_labels": {}, + "id": "projects/ng-cloud-dev/regions/us-west1/forwardingRules/corelight-traffic-forwarding-rule", + "ip_address": "10.3.0.2", + "ip_protocol": "TCP", + "ip_version": "", + "is_mirroring_collector": true, + "label_fingerprint": "42WmSpB8rSM=", + "labels": {}, + "load_balancing_scheme": "INTERNAL", + "name": "corelight-traffic-forwarding-rule", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "network_tier": "PREMIUM", + "no_automate_dns_zone": null, + "port_range": "", + "ports": [], + "project": "ng-cloud-dev", + "psc_connection_id": "", + "psc_connection_status": "", + "recreate_closed_psc": false, + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/forwardingRules/corelight-traffic-forwarding-rule", + "service_directory_registrations": [], + "service_label": "", + "service_name": "", + "source_ip_ranges": [], + "subnetwork": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-mon-subnet", + "target": "", + "terraform_labels": {}, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_backend_service.traffic_ilb_backend_service", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.google_compute_region_instance_group_manager.sensor_mig", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_instance_template", + "name": "sensor_template", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "advanced_machine_features": [], + "can_ip_forward": false, + "confidential_instance_config": [], + "description": "", + "disk": [ + { + "auto_delete": true, + "boot": true, + "device_name": "persistent-disk-0", + "disk_encryption_key": [], + "disk_name": "", + "disk_size_gb": 120, + "disk_type": "pd-standard", + "interface": "SCSI", + "labels": {}, + "mode": "READ_WRITE", + "provisioned_iops": 0, + "resource_manager_tags": {}, + "resource_policies": [], + "source": "", + "source_image": "projects/ng-cloud-dev/global/images/alma-8-20240516193720", + "source_image_encryption_key": [], + "source_snapshot": "", + "source_snapshot_encryption_key": [], + "type": "PERSISTENT" + } + ], + "effective_labels": {}, + "guest_accelerator": [], + "id": "projects/ng-cloud-dev/global/instanceTemplates/corelight-mig-template", + "instance_description": "", + "labels": null, + "machine_type": "e2-standard-8", + "metadata": { + "ssh-keys": "ec2-user:ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEidYdgsecA7ARos+qs1lKi55QhGa5YRdY5BfUm5J3E johndewey@Johns-MacBook-Pro.local\n", + "user-data": "Content-Type: multipart/mixed; boundary=\"MIMEBOUNDARY\"\nMIME-Version: 1.0\r\n\r\n--MIMEBOUNDARY\r\nContent-Disposition: attachment; filename=\"sensor-build.yaml\"\r\nContent-Transfer-Encoding: 7bit\r\nContent-Type: text/cloud-config\r\nMime-Version: 1.0\r\n\r\n#cloud-config\n\nwrite_files:\n - content: |\n sensor:\n api:\n password: managedPassword!\n license_key: eyJhbGciOiJFUzI1NiJ9.W2ZpbGVdCnByaW9yaXR5PTEwCnZlcnNpb249MQoKW3BsYXRmb3JtXQp2aXJ0dWFsPTAKdWlkPQpvZmZsaW5lPTAKCltjY3NdCmNjcy5jdXN0b21lcj1icm9hbGEKY2NzLmN1c3RvbWVyLnV1aWQ9MzFkNzkxNzItOGJhMC00YzhjLWFjMjgtZjQ1NTU0Y2ZhMTQxCmNjcy5wb2M9dHJ1ZQoKW29wdGlvbnNdCmxpY2Vuc2Uuc2Vuc29yLmNvbW1lbnQ9Q0NTIEdlbmVyYXRlZCBMaWNlbnNlCmxpY2Vuc2Uuc2Vuc29yLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zZW5zb3IuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLmNpZHMuY29tbWVudD1DQ1MgR2VuZXJhdGVkIExpY2Vuc2UKbGljZW5zZS5jaWRzLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy5lbmQ9MjAyNC0wOS0wMVQwMDowMDowMFoKbGljZW5zZS5jaWRzLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnN1cmljYXRhLmNvbW1lbnQ9CmxpY2Vuc2Uuc3VyaWNhdGEuc3RhcnQ9MjAyMy0wOC0yM1QwMDowMDowMFoKbGljZW5zZS5zdXJpY2F0YS53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZXhwaXJlPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmNvbW1lbnQ9CmxpY2Vuc2Uuc21hcnRwY2FwLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zbWFydHBjYXAuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnV1aWQ9Nzk2ZmIxZjEtMWYzNy00ODQ0LWJlYjktMWIwYWZjZmYzNGMxCgo.qptWbSj1diZpO88FNPhYlzRXbXBz0mCa1WwPGIaj3X09-Pr4sFN9Qig1sr3jBivPOak89reFBy9BtA9NXhhyiQ\n\n management_interface:\n name: eth0\n wait: true\n monitoring_interface:\n name: eth1\n wait: true\n health_check:\n port: 41080\n subnet: 10.3.0.0/24\n gateway: 10.3.0.1\n kubernetes:\n allow_ports:\n - protocol: tcp\n port: 41080\n net: 130.211.0.0/22\n - protocol: tcp\n port: 41080\n net: 35.191.0.0/16\n\n owner: root:root\n path: /etc/corelight/corelightctl.yaml\n permissions: '0644'\n\nruncmd:\n - corelightctl sensor bootstrap -v\n - corelightctl sensor deploy -v\n\r\n--MIMEBOUNDARY--\r\n" + }, + "metadata_fingerprint": "HgofovVT9Tg=", + "metadata_startup_script": null, + "min_cpu_platform": "", + "name": "corelight-mig-template", + "name_prefix": null, + "network_interface": [ + { + "access_config": [], + "alias_ip_range": [], + "internal_ipv6_prefix_length": 0, + "ipv6_access_config": [], + "ipv6_access_type": "", + "ipv6_address": "", + "name": "nic0", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-mgmt", + "network_ip": "", + "nic_type": "", + "queue_count": 0, + "stack_type": "", + "subnetwork": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-subnet", + "subnetwork_project": "ng-cloud-dev" + }, + { + "access_config": [], + "alias_ip_range": [], + "internal_ipv6_prefix_length": 0, + "ipv6_access_config": [], + "ipv6_access_type": "", + "ipv6_address": "", + "name": "nic1", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "network_ip": "", + "nic_type": "", + "queue_count": 0, + "stack_type": "", + "subnetwork": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/subnetworks/corelight-mon-subnet", + "subnetwork_project": "ng-cloud-dev" + } + ], + "network_performance_config": [], + "project": "ng-cloud-dev", + "region": "us-west1", + "reservation_affinity": [], + "resource_manager_tags": null, + "resource_policies": null, + "scheduling": [ + { + "automatic_restart": true, + "instance_termination_action": "", + "local_ssd_recovery_timeout": [], + "min_node_cpus": 0, + "node_affinities": [], + "on_host_maintenance": "MIGRATE", + "preemptible": false, + "provisioning_model": "STANDARD" + } + ], + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/instanceTemplates/corelight-mig-template", + "self_link_unique": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/instanceTemplates/corelight-mig-template?uniqueId=238936807667729498", + "service_account": [], + "shielded_instance_config": [], + "tags": [ + "allow-health-check", + "allow-ssh", + "corelight", + "sensor" + ], + "tags_fingerprint": "", + "terraform_labels": {}, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoyNDAwMDAwMDAwMDAsImRlbGV0ZSI6MjQwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_packet_mirroring", + "name": "traffic_mirror", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "collector_ilb": [ + { + "url": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/forwardingRules/corelight-traffic-forwarding-rule" + } + ], + "description": "", + "filter": [ + { + "cidr_ranges": [], + "direction": "BOTH", + "ip_protocols": [] + } + ], + "id": "projects/ng-cloud-dev/regions/us-west1/packetMirrorings/corelight-traffic-mirroring", + "mirrored_resources": [ + { + "instances": [], + "subnetworks": [], + "tags": [ + "traffic-source" + ] + } + ], + "name": "corelight-traffic-mirroring", + "network": [ + { + "url": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod" + } + ], + "priority": 1000, + "project": "ng-cloud-dev", + "region": "us-west1", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_forwarding_rule.traffic_forwarding_rule", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_backend_service.traffic_ilb_backend_service", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.google_compute_region_instance_group_manager.sensor_mig", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_region_autoscaler", + "name": "sensor_autoscaler", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "autoscaling_policy": [ + { + "cooldown_period": 600, + "cpu_utilization": [ + { + "predictive_method": "NONE", + "target": 0.4 + } + ], + "load_balancing_utilization": [], + "max_replicas": 3, + "metric": [], + "min_replicas": 1, + "mode": "ON", + "scale_in_control": [], + "scaling_schedules": [] + } + ], + "creation_timestamp": "2024-06-05T12:22:10.691-07:00", + "description": "", + "id": "projects/ng-cloud-dev/regions/us-west1/autoscalers/corelight-autoscale", + "name": "corelight-autoscale", + "project": "ng-cloud-dev", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/autoscalers/corelight-autoscale", + "target": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/instanceGroupManagers/corelight-mig-manager", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.google_compute_region_instance_group_manager.sensor_mig", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_region_backend_service", + "name": "traffic_ilb_backend_service", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "affinity_cookie_ttl_sec": 0, + "backend": [ + { + "balancing_mode": "CONNECTION", + "capacity_scaler": 0, + "description": "", + "failover": false, + "group": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/instanceGroups/corelight-mig-manager", + "max_connections": 0, + "max_connections_per_endpoint": 0, + "max_connections_per_instance": 0, + "max_rate": 0, + "max_rate_per_endpoint": 0, + "max_rate_per_instance": 0, + "max_utilization": 0 + } + ], + "cdn_policy": [], + "circuit_breakers": [], + "connection_draining_timeout_sec": 0, + "consistent_hash": [], + "creation_timestamp": "2024-06-05T12:22:10.756-07:00", + "description": "", + "enable_cdn": false, + "failover_policy": [], + "fingerprint": "wiALZf7cV0s=", + "generated_id": 5958816945008346125, + "health_checks": [ + "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/healthChecks/corelight-traffic-monitor-health-check" + ], + "iap": [], + "id": "projects/ng-cloud-dev/regions/us-west1/backendServices/corelight-traffic-ilb-backend-service", + "load_balancing_scheme": "INTERNAL", + "locality_lb_policy": "", + "log_config": [], + "name": "corelight-traffic-ilb-backend-service", + "network": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/networks/corelight-prod", + "outlier_detection": [], + "port_name": "", + "project": "ng-cloud-dev", + "protocol": "TCP", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/backendServices/corelight-traffic-ilb-backend-service", + "session_affinity": "NONE", + "timeout_sec": 30, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.google_compute_region_instance_group_manager.sensor_mig", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_region_health_check", + "name": "traffic_mon_health_check", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "check_interval_sec": 30, + "creation_timestamp": "2024-06-05T12:20:41.894-07:00", + "description": "", + "grpc_health_check": [], + "healthy_threshold": 2, + "http2_health_check": [], + "http_health_check": [ + { + "host": "", + "port": 41080, + "port_name": "", + "port_specification": "", + "proxy_header": "NONE", + "request_path": "/api/system/healthcheck", + "response": "{\"message\":\"OK\"}" + } + ], + "https_health_check": [], + "id": "projects/ng-cloud-dev/regions/us-west1/healthChecks/corelight-traffic-monitor-health-check", + "log_config": [ + { + "enable": false + } + ], + "name": "corelight-traffic-monitor-health-check", + "project": "ng-cloud-dev", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/healthChecks/corelight-traffic-monitor-health-check", + "ssl_health_check": [], + "tcp_health_check": [], + "timeout_sec": 30, + "timeouts": null, + "type": "HTTP", + "unhealthy_threshold": 2 + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19" + } + ] + }, + { + "module": "module.sensor", + "mode": "managed", + "type": "google_compute_region_instance_group_manager", + "name": "sensor_mig", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_instances_config": [], + "auto_healing_policies": [ + { + "health_check": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/healthChecks/corelight-traffic-monitor-health-check", + "initial_delay_sec": 600 + } + ], + "base_instance_name": "corelight", + "creation_timestamp": "2024-06-05T12:21:39.518-07:00", + "description": "", + "distribution_policy_target_shape": "EVEN", + "distribution_policy_zones": [ + "us-west1-a", + "us-west1-b", + "us-west1-c" + ], + "fingerprint": "VnmXroov_kw=", + "id": "projects/ng-cloud-dev/regions/us-west1/instanceGroupManagers/corelight-mig-manager", + "instance_group": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/instanceGroups/corelight-mig-manager", + "instance_lifecycle_policy": [ + { + "default_action_on_failure": "REPAIR", + "force_update_on_repair": "NO" + } + ], + "list_managed_instances_results": "PAGELESS", + "name": "corelight-mig-manager", + "named_port": [], + "project": "ng-cloud-dev", + "region": "us-west1", + "self_link": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/regions/us-west1/instanceGroupManagers/corelight-mig-manager", + "stateful_disk": [], + "stateful_external_ip": [], + "stateful_internal_ip": [], + "status": [ + { + "all_instances_config": [ + { + "current_revision": "", + "effective": true + } + ], + "is_stable": false, + "stateful": [ + { + "has_stateful_config": false, + "per_instance_configs": [ + { + "all_effective": true + } + ] + } + ], + "version_target": [ + { + "is_reached": true + } + ] + } + ], + "target_pools": [], + "target_size": 1, + "timeouts": null, + "update_policy": [ + { + "instance_redistribution_type": "PROACTIVE", + "max_surge_fixed": 3, + "max_surge_percent": 0, + "max_unavailable_fixed": 3, + "max_unavailable_percent": 0, + "minimal_action": "REPLACE", + "most_disruptive_allowed_action": "", + "replacement_method": "SUBSTITUTE", + "type": "OPPORTUNISTIC" + } + ], + "version": [ + { + "instance_template": "https://www.googleapis.com/compute/v1/projects/ng-cloud-dev/global/instanceTemplates/corelight-mig-template", + "name": "Corelight-Sensor", + "target_size": [] + } + ], + "wait_for_instances": false, + "wait_for_instances_status": "STABLE" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo5MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwLCJ1cGRhdGUiOjkwMDAwMDAwMDAwMH19", + "dependencies": [ + "google_compute_network.mgmt", + "google_compute_network.prod", + "google_compute_subnetwork.mgmt_subnet", + "google_compute_subnetwork.mon_subnet", + "module.sensor.google_compute_instance_template.sensor_template", + "module.sensor.google_compute_region_health_check.traffic_mon_health_check", + "module.sensor.module.sensor_config.data.cloudinit_config.config" + ] + } + ] + }, + { + "module": "module.sensor.module.sensor_config", + "mode": "data", + "type": "cloudinit_config", + "name": "config", + "provider": "provider[\"registry.terraform.io/hashicorp/cloudinit\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "base64_encode": false, + "boundary": "MIMEBOUNDARY", + "gzip": false, + "id": "533399370", + "part": [ + { + "content": "#cloud-config\n\nwrite_files:\n - content: |\n sensor:\n api:\n password: managedPassword!\n license_key: eyJhbGciOiJFUzI1NiJ9.W2ZpbGVdCnByaW9yaXR5PTEwCnZlcnNpb249MQoKW3BsYXRmb3JtXQp2aXJ0dWFsPTAKdWlkPQpvZmZsaW5lPTAKCltjY3NdCmNjcy5jdXN0b21lcj1icm9hbGEKY2NzLmN1c3RvbWVyLnV1aWQ9MzFkNzkxNzItOGJhMC00YzhjLWFjMjgtZjQ1NTU0Y2ZhMTQxCmNjcy5wb2M9dHJ1ZQoKW29wdGlvbnNdCmxpY2Vuc2Uuc2Vuc29yLmNvbW1lbnQ9Q0NTIEdlbmVyYXRlZCBMaWNlbnNlCmxpY2Vuc2Uuc2Vuc29yLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zZW5zb3IuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLmNpZHMuY29tbWVudD1DQ1MgR2VuZXJhdGVkIExpY2Vuc2UKbGljZW5zZS5jaWRzLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy5lbmQ9MjAyNC0wOS0wMVQwMDowMDowMFoKbGljZW5zZS5jaWRzLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnN1cmljYXRhLmNvbW1lbnQ9CmxpY2Vuc2Uuc3VyaWNhdGEuc3RhcnQ9MjAyMy0wOC0yM1QwMDowMDowMFoKbGljZW5zZS5zdXJpY2F0YS53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZXhwaXJlPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmNvbW1lbnQ9CmxpY2Vuc2Uuc21hcnRwY2FwLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zbWFydHBjYXAuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnV1aWQ9Nzk2ZmIxZjEtMWYzNy00ODQ0LWJlYjktMWIwYWZjZmYzNGMxCgo.qptWbSj1diZpO88FNPhYlzRXbXBz0mCa1WwPGIaj3X09-Pr4sFN9Qig1sr3jBivPOak89reFBy9BtA9NXhhyiQ\n\n management_interface:\n name: eth0\n wait: true\n monitoring_interface:\n name: eth1\n wait: true\n health_check:\n port: 41080\n subnet: 10.3.0.0/24\n gateway: 10.3.0.1\n kubernetes:\n allow_ports:\n - protocol: tcp\n port: 41080\n net: 130.211.0.0/22\n - protocol: tcp\n port: 41080\n net: 35.191.0.0/16\n\n owner: root:root\n path: /etc/corelight/corelightctl.yaml\n permissions: '0644'\n\nruncmd:\n - corelightctl sensor bootstrap -v\n - corelightctl sensor deploy -v\n", + "content_type": "text/cloud-config", + "filename": "sensor-build.yaml", + "merge_type": null + } + ], + "rendered": "Content-Type: multipart/mixed; boundary=\"MIMEBOUNDARY\"\nMIME-Version: 1.0\r\n\r\n--MIMEBOUNDARY\r\nContent-Disposition: attachment; filename=\"sensor-build.yaml\"\r\nContent-Transfer-Encoding: 7bit\r\nContent-Type: text/cloud-config\r\nMime-Version: 1.0\r\n\r\n#cloud-config\n\nwrite_files:\n - content: |\n sensor:\n api:\n password: managedPassword!\n license_key: eyJhbGciOiJFUzI1NiJ9.W2ZpbGVdCnByaW9yaXR5PTEwCnZlcnNpb249MQoKW3BsYXRmb3JtXQp2aXJ0dWFsPTAKdWlkPQpvZmZsaW5lPTAKCltjY3NdCmNjcy5jdXN0b21lcj1icm9hbGEKY2NzLmN1c3RvbWVyLnV1aWQ9MzFkNzkxNzItOGJhMC00YzhjLWFjMjgtZjQ1NTU0Y2ZhMTQxCmNjcy5wb2M9dHJ1ZQoKW29wdGlvbnNdCmxpY2Vuc2Uuc2Vuc29yLmNvbW1lbnQ9Q0NTIEdlbmVyYXRlZCBMaWNlbnNlCmxpY2Vuc2Uuc2Vuc29yLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zZW5zb3IuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc2Vuc29yLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLmNpZHMuY29tbWVudD1DQ1MgR2VuZXJhdGVkIExpY2Vuc2UKbGljZW5zZS5jaWRzLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2UuY2lkcy5lbmQ9MjAyNC0wOS0wMVQwMDowMDowMFoKbGljZW5zZS5jaWRzLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnN1cmljYXRhLmNvbW1lbnQ9CmxpY2Vuc2Uuc3VyaWNhdGEuc3RhcnQ9MjAyMy0wOC0yM1QwMDowMDowMFoKbGljZW5zZS5zdXJpY2F0YS53YXJuPTIwMjQtMDgtMThUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc3VyaWNhdGEuZXhwaXJlPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmNvbW1lbnQ9CmxpY2Vuc2Uuc21hcnRwY2FwLnN0YXJ0PTIwMjMtMDgtMjNUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLndhcm49MjAyNC0wOC0xOFQwMDowMDowMFoKbGljZW5zZS5zbWFydHBjYXAuZW5kPTIwMjQtMDktMDFUMDA6MDA6MDBaCmxpY2Vuc2Uuc21hcnRwY2FwLmV4cGlyZT0yMDI0LTA5LTAxVDAwOjAwOjAwWgpsaWNlbnNlLnV1aWQ9Nzk2ZmIxZjEtMWYzNy00ODQ0LWJlYjktMWIwYWZjZmYzNGMxCgo.qptWbSj1diZpO88FNPhYlzRXbXBz0mCa1WwPGIaj3X09-Pr4sFN9Qig1sr3jBivPOak89reFBy9BtA9NXhhyiQ\n\n management_interface:\n name: eth0\n wait: true\n monitoring_interface:\n name: eth1\n wait: true\n health_check:\n port: 41080\n subnet: 10.3.0.0/24\n gateway: 10.3.0.1\n kubernetes:\n allow_ports:\n - protocol: tcp\n port: 41080\n net: 130.211.0.0/22\n - protocol: tcp\n port: 41080\n net: 35.191.0.0/16\n\n owner: root:root\n path: /etc/corelight/corelightctl.yaml\n permissions: '0644'\n\nruncmd:\n - corelightctl sensor bootstrap -v\n - corelightctl sensor deploy -v\n\r\n--MIMEBOUNDARY--\r\n" + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "part" + }, + { + "type": "index", + "value": { + "value": 0, + "type": "number" + } + }, + { + "type": "get_attr", + "value": "content" + } + ] + ] + } + ] + } + ], + "check_results": null +} diff --git a/terraform/sensor/gcp/examples/deployment/versions.tf b/terraform/sensor/gcp/examples/deployment/versions.tf new file mode 100644 index 0000000..7bb0ff6 --- /dev/null +++ b/terraform/sensor/gcp/examples/deployment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + google = { + source = "hashicorp/google" + version = ">=5.21.0" + } + } +}