Restructured repo and brought tf examples

README.md

@@ -1,52 +1,27 @@
-# Corelight Cloud
+# Corelight Deployment Guide
 
-IaC used to deploy Corelight Sensors into various Cloud Providers.
+This repository provides sample configurations for deploying Corelight products
+across AWS, Azure, and Google Cloud Platform (GCP). The examples offer both
+**Terraform-based** and **cloud-native IaC solutions**, allowing users to
+choose based on their preferences and platform requirements.
 
-## Cloud Enrichment Service
+## Directory Structure
 
-Code to deploy Corelight's Cloud Enrichment services.
+### `terraform/`
 
-### AWS
+Contains **Terraform** modules for deploying Corelight products with consistent
+configurations across multiple clouds.
 
-* [Terraform][terraform-aws-enrichment]
+- **`aws/`**: Terraform modules for AWS deployments.
+- **`azure/`**: Terraform modules for Azure deployments.
+- **`gcp/`**: Terraform modules for GCP deployments.
 
-[terraform-aws-enrichment]: https://github.com/corelight/terraform-aws-enrichment/
+### `cloud-native-iac/`
 
-### Azure
+Includes cloud provider-native infrastructure-as-code (IaC) templates for deeper
+integration with specific cloud services.
 
-* [Terraform][terraform-azure-enrichment]
-
-[terraform-azure-enrichment]: https://github.com/corelight/terraform-azure-enrichment/
-
-### GCP
-
-* [Terraform][terraform-gcp-enrichment]
-
-[terraform-gcp-enrichment]: https://github.com/corelight/terraform-gcp-sensor/
-
-## Cloud Sensor
-
-Code to deploy Corelight's Cloud Sensor.
-
-### AWS
-
-* [CFN][cfn-aws-sensor]
-* [Terraform][terraform-aws-sensor]
-
-[cfn-aws-sensor]: https://github.com/corelight/corelight-cloud/tree/main/cloud-native-iac/AWS
-[terraform-aws-sensor]: https://github.com/corelight/terraform-aws-sensor/
-
-### Azure
-
-* [Terraform][terraform-azure-sensor]
-
-[terraform-azure-sensor]: https://github.com/corelight/terraform-azure-sensor/
-
-### GCP
-
-* [Terraform][terraform-gcp-sensor]
-
-[terraform-gcp-sensor]: https://github.com/corelight/terraform-gcp-enrichment/
+- **`aws/`**: AWS CloudFormation templates for deploying Corelight.
 
 ## License
 

terraform/README.md

@@ -0,0 +1,43 @@
+# Terraform
+
+This directory contains **Terraform** modules used to deploy Corelight products
+across multiple cloud providers.
+
+## Corelight Sensor
+
+Terraform modules for deploying Corelight Sensors in the following cloud
+environments:
+
+- **AWS**
+
+  - [Terraform Module](./sensor/aws/README.md)
+
+- **Azure**
+
+  - [Terraform Module](./sensor/azure/README.md)
+
+- **GCP**
+
+  - [Terraform Module](./sensor/gcp/README.md)
+
+## Cloud Enrichment Service
+
+Modules for deploying Corelight's Cloud Enrichment services, enabling data
+enrichment across cloud ecosystems:
+
+- **AWS**
+
+  - [Terraform Module](./cloud-enrichment/aws/README.md)
+
+- **Azure**
+
+  - [Terraform Module](./cloud-enrichment/azure/README.md)
+
+- **GCP**
+
+  - [Terraform Module](./cloud-enrichment/gcp/README.md)
+
+## How to Use
+
+Navigate into the appropriate cloud provider's directory and follow the
+instructions provided in the `README.md` for each module.

terraform/sensor/aws/README.md

@@ -0,0 +1,17 @@
+# Corelight Sensor Deployment - AWS
+
+This directory provides Terraform code for deploying Corelight's Cloud Sensor
+on **AWS**.
+
+## Overview
+
+This deployment uses the [terraform-aws-sensor][] module, which simplifies the
+setup of Corelight Sensors by automating the provisioning of AWS resources.
+
+[terraform-aws-sensor]: https://github.com/corelight/terraform-aws-sensor/
+
+## Examples Directory
+
+The `examples/` directory demonstrates how to use the Terraform module with
+various configurations. These examples showcase best practices and common
+deployment scenarios.

terraform/sensor/aws/examples/deployment/main.tf

@@ -0,0 +1,59 @@
+locals {
+  vpc_id                   = "<vpc where resources are deployed>"
+  monitoring_subnet        = "<monitoring subnet id>"
+  management_subnet        = "<management subnet id>"
+  sensor_ssh_key_pair_name = "<name of the ssh key in AWS used to access the sensor EC2 instances>"
+  sensor_ami_id            = "<sensor ami id from Corelight>"
+  license                  = "<your corelight sensor license key>"
+  tags = {
+    terraform : true,
+    purpose : "Corelight"
+  }
+  fleet_token = "b1cd099ff22ed8a41abc63929d1db126"
+  fleet_url   = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket"
+}
+
+data "aws_subnet" "management" {
+  id = local.management_subnet
+}
+
+module "asg_lambda_role" {
+  source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda"
+
+  lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn
+  security_group_arn              = module.sensor.management_security_group_arn
+  sensor_autoscaling_group_name   = module.sensor.autoscaling_group_name
+  subnet_arn                      = data.aws_subnet.management.arn
+
+  tags = local.tags
+}
+
+module "sensor" {
+  source = "github.com/corelight/terraform-aws-sensor"
+
+  auto_scaling_availability_zones = ["us-east-1a"]
+  aws_key_pair_name               = local.sensor_ssh_key_pair_name
+  corelight_sensor_ami_id         = local.sensor_ami_id
+  license_key                     = local.license
+  management_subnet_id            = local.management_subnet
+  monitoring_subnet_id            = local.monitoring_subnet
+  community_string                = "<password for the sensor api>"
+  vpc_id                          = local.vpc_id
+  asg_lambda_iam_role_arn         = module.asg_lambda_role.role_arn
+  fleet_token                     = local.fleet_token
+  fleet_url                       = local.fleet_url
+
+  tags = local.tags
+}
+
+module "bastion" {
+  source = "github.com/corelight/terraform-aws-sensor//modules/bastion"
+
+  bastion_key_pair_name        = "<AWS ssh key pair name for the bastion host>"
+  subnet_id                    = data.aws_subnet.management.id
+  management_security_group_id = module.sensor.management_security_group_id
+  vpc_id                       = local.vpc_id
+  public_ssh_allow_cidr_blocks = ["0.0.0.0/0"]
+
+  tags = local.tags
+}

terraform/sensor/aws/examples/deployment/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">=1.3.2"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5"
+    }
+  }
+}

terraform/sensor/azure/examples/deployment/main.tf

@@ -0,0 +1,63 @@
+locals {
+  subscription_id     = "<your subscription uuid>"
+  resource_group_name = "corelight"
+  location            = "eastus"
+  license             = "<your corelight sensor license key>"
+  tags = {
+    terraform : true,
+    purpose : "Corelight"
+  }
+  fleet_token = "b1cd099ff22ed8a41abc63929d1db126"
+  fleet_url   = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket"
+}
+
+####################################################################################################
+# Create a resource group for the corelight resources
+####################################################################################################
+resource "azurerm_resource_group" "sensor_rg" {
+  location = local.location
+  name     = local.resource_group_name
+
+  tags = local.tags
+}
+
+####################################################################################################
+# Get data on the existing vnet and create a subnet in that vnet for the sensor
+####################################################################################################
+data "azurerm_virtual_network" "existing_vnet" {
+  name                = "<vnet name>"
+  resource_group_name = "<vnet resource group>"
+}
+
+####################################################################################################
+# Deploy the Sensor
+####################################################################################################
+module "sensor" {
+  source = "../.."
+
+  license_key                    = local.license
+  location                       = local.location
+  resource_group_name            = azurerm_resource_group.sensor_rg.name
+  virtual_network_name           = data.azurerm_virtual_network.existing_vnet.name
+  virtual_network_resource_group = "<vnet resource group>"
+  virtual_network_address_space  = "<vnet address space (CIDR)>"
+  corelight_sensor_image_id      = "<image resource id from Corelight>"
+  community_string               = "<the community string (api string) often times referenced by Fleet>"
+  fleet_token                    = local.fleet_token
+  fleet_url                      = local.fleet_url
+  sensor_ssh_public_key          = "<path to ssh public key>"
+
+  # (Optional) Cloud Enrichment Variables
+  enrichment_storage_account_name   = "<name of the enrichment storage account>"
+  enrichment_storage_container_name = "<name of the enrichment container in the storage account>"
+  tags                              = local.tags
+}
+
+####################################################################################################
+# (Optional) Assign the VMSS identity access to the enrichment bucket if enabled
+####################################################################################################
+resource "azurerm_role_assignment" "enrichment_data_access" {
+  principal_id         = module.sensor.sensor_identity_principal_id
+  scope                = "<resource id of the enrichment storage account>"
+  role_definition_name = "Storage Blob Data Reader"
+}