From 8836744fe8da2300b4db6891ae5ed35037852c57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D7=A0=CF=85=CE=B1=CE=B7=20=D7=A0=CF=85=CE=B1=CE=B7=D1=95?= =?UTF-8?q?=CF=83=CE=B7?= Date: Wed, 6 Nov 2024 12:16:01 -0800 Subject: [PATCH] Restructured repo and brought tf examples (#3) * Restructured repo and brought tf examples * reworked based on feedback * corrected a few minor things per review --------- Co-authored-by: John Dewey --- .github/workflows/dev.yaml | 4 +- .github/workflows/prod.yaml | 4 +- README.md | 59 ++--- .../AWS => cloudformation}/README.md | 20 +- .../autoscaling-sensor.yaml | 0 terraform/README.md | 26 +++ terraform/aws-autoscaling-sensor/README.md | 11 + terraform/aws-autoscaling-sensor/main.tf | 59 +++++ terraform/aws-autoscaling-sensor/versions.tf | 10 + terraform/aws-cloud-enrichment/README.md | 11 + terraform/aws-cloud-enrichment/main.tf | 211 ++++++++++++++++++ terraform/aws-cloud-enrichment/versions.tf | 10 + terraform/azure-cloud-enrichment/README.md | 11 + terraform/azure-cloud-enrichment/main.tf | 74 ++++++ terraform/azure-cloud-enrichment/versions.tf | 15 ++ terraform/azure-scaleset-sensor/README.md | 11 + terraform/azure-scaleset-sensor/main.tf | 63 ++++++ terraform/gcp-cloud-enrichment/README.md | 11 + terraform/gcp-cloud-enrichment/main.tf | 67 ++++++ terraform/gcp-cloud-enrichment/versions.tf | 10 + terraform/gcp-mig-sensor/README.md | 11 + terraform/gcp-mig-sensor/main.tf | 150 +++++++++++++ terraform/gcp-mig-sensor/versions.tf | 10 + terraform/integrations/README.md | 11 + 24 files changed, 811 insertions(+), 58 deletions(-) rename {cloud-native-iac/AWS => cloudformation}/README.md (85%) rename cloud-native-iac/AWS/cfn.yaml => cloudformation/autoscaling-sensor.yaml (100%) create mode 100644 terraform/README.md create mode 100644 terraform/aws-autoscaling-sensor/README.md create mode 100644 terraform/aws-autoscaling-sensor/main.tf create mode 100644 terraform/aws-autoscaling-sensor/versions.tf create mode 100644 terraform/aws-cloud-enrichment/README.md create mode 100644 terraform/aws-cloud-enrichment/main.tf create mode 100644 terraform/aws-cloud-enrichment/versions.tf create mode 100644 terraform/azure-cloud-enrichment/README.md create mode 100644 terraform/azure-cloud-enrichment/main.tf create mode 100644 terraform/azure-cloud-enrichment/versions.tf create mode 100644 terraform/azure-scaleset-sensor/README.md create mode 100644 terraform/azure-scaleset-sensor/main.tf create mode 100644 terraform/gcp-cloud-enrichment/README.md create mode 100644 terraform/gcp-cloud-enrichment/main.tf create mode 100644 terraform/gcp-cloud-enrichment/versions.tf create mode 100644 terraform/gcp-mig-sensor/README.md create mode 100644 terraform/gcp-mig-sensor/main.tf create mode 100644 terraform/gcp-mig-sensor/versions.tf create mode 100644 terraform/integrations/README.md diff --git a/.github/workflows/dev.yaml b/.github/workflows/dev.yaml index dc48570..d38b22f 100644 --- a/.github/workflows/dev.yaml +++ b/.github/workflows/dev.yaml @@ -20,7 +20,7 @@ jobs: role-duration-seconds: 1200 - name: Push Files run: | - aws s3 cp cloud-native-iac/AWS/*.yaml s3://${{ env.S3_BUCKET }} + aws s3 cp cloudformation/*.yaml s3://${{ env.S3_BUCKET }} permissions: id-token: write - contents: read \ No newline at end of file + contents: read diff --git a/.github/workflows/prod.yaml b/.github/workflows/prod.yaml index c875404..a4b77dd 100644 --- a/.github/workflows/prod.yaml +++ b/.github/workflows/prod.yaml @@ -20,7 +20,7 @@ jobs: role-duration-seconds: 1200 - name: Push Files run: | - aws s3 cp cloud-native-iac/AWS/*.yaml s3://${{ env.S3_BUCKET }} + aws s3 cp cloudformation/*.yaml s3://${{ env.S3_BUCKET }} permissions: id-token: write - contents: read \ No newline at end of file + contents: read diff --git a/README.md b/README.md index 57a3ae7..cf4c51f 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,29 @@ -# Corelight Cloud +# Corelight Deployment Guide -IaC used to deploy Corelight Sensors into various Cloud Providers. +This repository provides sample configurations for deploying Corelight products +across AWS, Azure, and Google Cloud Platform (GCP). The examples offer both +**Terraform-based** and **native IaC solutions**, allowing users to choose +the approach that best fits their platform requirements and preferences. -## Cloud Enrichment Service +## Directory Structure Overview -Code to deploy Corelight's Cloud Enrichment services. +### `cloudformation/` -### AWS +This directory includes **AWS CloudFormation templates** for deploying Corelight +solutions within AWS environments using native AWS IaC. Each template provides +configurations tailored for Corelight. -* [Terraform][terraform-aws-enrichment] +### `terraform/` -[terraform-aws-enrichment]: https://github.com/corelight/terraform-aws-enrichment/ +The `terraform/` directory contains **Terraform modules** structured by cloud +provider. Each subdirectory under `terraform/` is organized by provider and +service, with individual `README.md` files for specific guidance on deploying +Corelight products within that cloud. -### Azure +#### Integrations -* [Terraform][terraform-azure-enrichment] - -[terraform-azure-enrichment]: https://github.com/corelight/terraform-azure-enrichment/ - -### GCP - -* [Terraform][terraform-gcp-enrichment] - -[terraform-gcp-enrichment]: https://github.com/corelight/terraform-gcp-sensor/ - -## Cloud Sensor - -Code to deploy Corelight's Cloud Sensor. - -### AWS - -* [CFN][cfn-aws-sensor] -* [Terraform][terraform-aws-sensor] - -[cfn-aws-sensor]: https://github.com/corelight/corelight-cloud/tree/main/cloud-native-iac/AWS -[terraform-aws-sensor]: https://github.com/corelight/terraform-aws-sensor/ - -### Azure - -* [Terraform][terraform-azure-sensor] - -[terraform-azure-sensor]: https://github.com/corelight/terraform-azure-sensor/ - -### GCP - -* [Terraform][terraform-gcp-sensor] - -[terraform-gcp-sensor]: https://github.com/corelight/terraform-gcp-enrichment/ +Within `terraform/integrations/`, you’ll find subdirectories for integrating +Corelight products with partner solutions. ## License diff --git a/cloud-native-iac/AWS/README.md b/cloudformation/README.md similarity index 85% rename from cloud-native-iac/AWS/README.md rename to cloudformation/README.md index a5a4a20..0885f71 100644 --- a/cloud-native-iac/AWS/README.md +++ b/cloudformation/README.md @@ -1,22 +1,18 @@ -# AWS +# Corelight CloudFormation Templates -AWS specific deployment scripts. +This directory contains AWS CloudFormation templates for deploying Corelight +solutions within AWS environments. -## Cloud Formation +## Templates -A Cloud Formation template for deploying Corelight Sensors. +- **`autoscaling-sensor.yaml`**: Sets up an Auto Scaling group for Corelight Sensors, + enabling automatic scaling based on demand. -## Dependencies - -* Install [AWS Command Line Interface][awscli] - -### Deployment Instructions +## Usage Execute the following commands making sure to provide the appropriate parameters for your environment. -#### Sensor - Create a new stack: ```bash @@ -52,5 +48,3 @@ aws cloudformation update-stack --region \ ParameterKey=KeyPairName,ParameterValue= \ --template-body file://cfn.yaml ``` - -[awscli]: https://aws.amazon.com/cli/ diff --git a/cloud-native-iac/AWS/cfn.yaml b/cloudformation/autoscaling-sensor.yaml similarity index 100% rename from cloud-native-iac/AWS/cfn.yaml rename to cloudformation/autoscaling-sensor.yaml diff --git a/terraform/README.md b/terraform/README.md new file mode 100644 index 0000000..90f5ded --- /dev/null +++ b/terraform/README.md @@ -0,0 +1,26 @@ +# Terraform + +This directory contains **Terraform** modules used to deploy Corelight solutions +across multiple cloud providers. + +#### Subdirectories + +- **`aws-autoscaling-sensor/`**: Contains Terraform files for deploying an + autoscaling sensor within AWS, including `main.tf` and `versions.tf` files for configuration. +- **`aws-cloud-enrichment/`**: A Terraform module for setting up cloud enrichment + services on AWS. +- **`azure-cloud-enrichment/`**: Module to configure cloud enrichment capabilities + on Azure. +- **`azure-scaleset-sensor/`**: Azure Terraform configuration to deploy Corelight + sensors on a Virtual Machine Scale Set. +- **`gcp-mig-sensor/`**: A Terraform module for deploying a sensor with GCP’s + Managed Instance Groups (MIG). +- **`gcp-cloud-enrichment/`**: GCP-specific Terraform module for configuring cloud + enrichment services. +- **`integrations/`**: Subdirectories for integrating Corelight products with + partner solutions. + +## How to Use + +Navigate into the appropriate directory and follow the instructions provided in +the `README.md` for each module. diff --git a/terraform/aws-autoscaling-sensor/README.md b/terraform/aws-autoscaling-sensor/README.md new file mode 100644 index 0000000..7def6da --- /dev/null +++ b/terraform/aws-autoscaling-sensor/README.md @@ -0,0 +1,11 @@ +# Corelight Sensor Deployment - AWS + +This directory provides Terraform code for deploying Corelight's Cloud Sensor +on **AWS**. + +## Overview + +This deployment uses the [terraform-aws-sensor][] module, which simplifies the +setup of Corelight Sensors by automating the provisioning of AWS resources. + +[terraform-aws-sensor]: https://github.com/corelight/terraform-aws-sensor/ diff --git a/terraform/aws-autoscaling-sensor/main.tf b/terraform/aws-autoscaling-sensor/main.tf new file mode 100644 index 0000000..3671c63 --- /dev/null +++ b/terraform/aws-autoscaling-sensor/main.tf @@ -0,0 +1,59 @@ +locals { + vpc_id = "" + monitoring_subnet = "" + management_subnet = "" + sensor_ssh_key_pair_name = "" + sensor_ami_id = "" + license = "" + tags = { + terraform : true, + purpose : "Corelight" + } + fleet_token = "b1cd099ff22ed8a41abc63929d1db126" + fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket" +} + +data "aws_subnet" "management" { + id = local.management_subnet +} + +module "asg_lambda_role" { + source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda" + + lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn + security_group_arn = module.sensor.management_security_group_arn + sensor_autoscaling_group_name = module.sensor.autoscaling_group_name + subnet_arn = data.aws_subnet.management.arn + + tags = local.tags +} + +module "sensor" { + source = "github.com/corelight/terraform-aws-sensor" + + auto_scaling_availability_zones = ["us-east-1a"] + aws_key_pair_name = local.sensor_ssh_key_pair_name + corelight_sensor_ami_id = local.sensor_ami_id + license_key = local.license + management_subnet_id = local.management_subnet + monitoring_subnet_id = local.monitoring_subnet + community_string = "" + vpc_id = local.vpc_id + asg_lambda_iam_role_arn = module.asg_lambda_role.role_arn + fleet_token = local.fleet_token + fleet_url = local.fleet_url + + tags = local.tags +} + +module "bastion" { + source = "github.com/corelight/terraform-aws-sensor//modules/bastion" + + bastion_key_pair_name = "" + subnet_id = data.aws_subnet.management.id + management_security_group_id = module.sensor.management_security_group_id + vpc_id = local.vpc_id + public_ssh_allow_cidr_blocks = ["0.0.0.0/0"] + + tags = local.tags +} diff --git a/terraform/aws-autoscaling-sensor/versions.tf b/terraform/aws-autoscaling-sensor/versions.tf new file mode 100644 index 0000000..554f427 --- /dev/null +++ b/terraform/aws-autoscaling-sensor/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5" + } + } +} \ No newline at end of file diff --git a/terraform/aws-cloud-enrichment/README.md b/terraform/aws-cloud-enrichment/README.md new file mode 100644 index 0000000..7f15f64 --- /dev/null +++ b/terraform/aws-cloud-enrichment/README.md @@ -0,0 +1,11 @@ +# Corelight Cloud Enrichment Service Deployment - AWS + +This directory provides Terraform code for deploying Corelight's Cloud Enrichment +on **AWS**. + +## Overview + +This deployment uses the [terraform-aws-enrichment][] module, which simplifies the +setup of Corelight Cloud Enrichment by automating the provisioning of AWS resources. + +[terraform-aws-enrichment]: https://github.com/corelight/terraform-aws-enrichment/ diff --git a/terraform/aws-cloud-enrichment/main.tf b/terraform/aws-cloud-enrichment/main.tf new file mode 100644 index 0000000..cbd7096 --- /dev/null +++ b/terraform/aws-cloud-enrichment/main.tf @@ -0,0 +1,211 @@ +locals { + bucket_name = "corelight-enrichment" + image_name = "12345.dkr.ecr.us-east-1.amazonaws.com/corelight/sensor-enrichment-aws" + image_tag = "0.1.1" + secondary_rule_name = "corelight-ec2-state-change" + vpc_id = "" + monitoring_subnet = "" + management_subnet = "" + sensor_ssh_key_pair_name = "" + sensor_ami_id = "" + license_key_file = "/path/to/license.txt" + my_regions = [ + "us-east-1", + "us-east-2", + "us-west-1", + "us-west-2" + ] + + tags = { + terraform : true, + example : true, + purpose : "Corelight" + } +} + +#################################################################################################### +# Create the bucket where all enrichment data will be stored +#################################################################################################### +provider "aws" { + alias = "primary" + region = "us-east-1" +} + +resource "aws_s3_bucket" "enrichment_bucket" { + provider = aws.primary + + bucket = local.bucket_name + + tags = local.tags +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "enrichment_bucket_encryption" { + provider = aws.primary + + bucket = aws_s3_bucket.enrichment_bucket.id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +#################################################################################################### +# Deploy the lambda and supporting resources for the primary region +#################################################################################################### +data "aws_ecr_repository" "enrichment_repo" { + name = "corelight/sensor-enrichment-aws" +} + +module "enrichment_eventbridge_role" { + source = "github.com/corelight/terraform-aws-enrichment//modules/iam/eventbridge" + + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + + tags = local.tags +} + +module "enrichment_lambda_role" { + source = "github.com/corelight/terraform-aws-enrichment//modules/iam/lambda" + + enrichment_bucket_arn = aws_s3_bucket.enrichment_bucket.arn + enrichment_ecr_repository_arn = data.aws_ecr_repository.enrichment_repo.arn + lambda_cloudwatch_log_group_arn = module.enrichment.cloudwatch_log_group_arn + + tags = local.tags +} + +module "enrichment" { + source = "github.com/corelight/terraform-aws-enrichment" + + providers = { + aws = aws.primary + } + + corelight_cloud_enrichment_image = local.image_name + corelight_cloud_enrichment_image_tag = local.image_tag + enrichment_bucket_name = aws_s3_bucket.enrichment_bucket.bucket + scheduled_sync_regions = local.my_regions + eventbridge_iam_cross_region_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + lambda_iam_role_arn = module.enrichment_lambda_role.lambda_iam_role_arn + + tags = local.tags +} + +#################################################################################################### +# Deploy Corelight sensor and assign autoscaling group permission to read from the bucket +#################################################################################################### + +data "aws_subnet" "management" { + id = local.management_subnet +} + +module "asg_lambda_role" { + source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda" + + lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn + security_group_arn = module.sensor.management_security_group_arn + sensor_autoscaling_group_name = module.sensor.autoscaling_group_name + subnet_arn = data.aws_subnet.management.arn + + tags = local.tags +} + +module "sensor" { + source = "github.com/corelight/terraform-aws-sensor" + + auto_scaling_availability_zones = ["us-east-1a"] + aws_key_pair_name = local.sensor_ssh_key_pair_name + corelight_sensor_ami_id = local.sensor_ami_id + license_key = file(local.license_key_file) + management_subnet_id = local.management_subnet + monitoring_subnet_id = local.monitoring_subnet + community_string = "" + vpc_id = local.vpc_id + asg_lambda_iam_role_arn = module.asg_lambda_role.role_arn + + # Setting these will automatically configure cloud enrichment + enrichment_bucket_name = aws_s3_bucket.enrichment_bucket.id + enrichment_bucket_region = aws_s3_bucket.enrichment_bucket.region + enrichment_instance_profile_arn = aws_iam_instance_profile.corelight_sensor.arn + + tags = local.tags +} + +module "sensor_iam" { + source = "github.com/corelight/terraform-aws-enrichment//modules/iam/sensor" + + enrichment_bucket_arn = aws_s3_bucket.enrichment_bucket.arn + + tags = local.tags +} + +resource "aws_iam_instance_profile" "corelight_sensor" { + name = "corelight-sensor-profile" + role = module.sensor_iam.sensor_role_name + + tags = local.tags +} + +#################################################################################################### +# Setup providers and deploy the "Fan In" event bus resources in each secondary region +#################################################################################################### + +provider "aws" { + alias = "us-east-2" + region = "us-east-2" +} + + +module "secondary_eventbridge_rule_us-east-2" { + source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule" + + providers = { + aws = aws.us-east-2 + } + + cross_region_eventbridge_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-east-2" + + tags = local.tags +} + +provider "aws" { + alias = "us-west-1" + region = "us-west-1" +} + +module "secondary_eventbridge_rule_us-west-1" { + source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule" + + providers = { + aws = aws.us-west-1 + } + + cross_region_eventbridge_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-west-1" + + tags = local.tags +} + +provider "aws" { + alias = "us-west-2" + region = "us-west-2" +} + +module "secondary_eventbridge_rule_us-west-2" { + source = "github.com/corelight/terraform-aws-enrichment//modules/secondary_event_rule" + + providers = { + aws = aws.us-west-2 + } + + cross_region_eventbridge_role_arn = module.enrichment_eventbridge_role.cross_region_role_arn + primary_event_bus_arn = module.enrichment.primary_event_bus_arn + secondary_ec2_state_change_rule_name = "${local.secondary_rule_name}-us-west-2" + + tags = local.tags +} \ No newline at end of file diff --git a/terraform/aws-cloud-enrichment/versions.tf b/terraform/aws-cloud-enrichment/versions.tf new file mode 100644 index 0000000..bec63b0 --- /dev/null +++ b/terraform/aws-cloud-enrichment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">=5.45.0" + } + } +} \ No newline at end of file diff --git a/terraform/azure-cloud-enrichment/README.md b/terraform/azure-cloud-enrichment/README.md new file mode 100644 index 0000000..7218e3e --- /dev/null +++ b/terraform/azure-cloud-enrichment/README.md @@ -0,0 +1,11 @@ +# Corelight Cloud Enrichment Service Deployment - Azure + +This directory provides Terraform code for deploying Corelight's Cloud Enrichment +on **Azure**. + +## Overview + +This deployment uses the [terraform-azure-enrichment][] module, which simplifies the +setup of Corelight Cloud Enrichment by automating the provisioning of Azure resources. + +[terraform-azure-enrichment]: https://github.com/corelight/terraform-azure-enrichment/ diff --git a/terraform/azure-cloud-enrichment/main.tf b/terraform/azure-cloud-enrichment/main.tf new file mode 100644 index 0000000..6db72e4 --- /dev/null +++ b/terraform/azure-cloud-enrichment/main.tf @@ -0,0 +1,74 @@ +locals { + subscription_id = "12345" # Your Azure Subscription ID (UUID) + resource_group_name = "corelight" + deployment_location = "eastus" + tags = { + terraform : true, + example : true, + purpose : "Corelight" + } +} + +data "azurerm_subscription" "subscription" { + subscription_id = local.subscription_id +} + +#################################################################################################### +# There is only one system topic per Azure subscription. Create a new one or use the existing one +#################################################################################################### +resource "azurerm_eventgrid_system_topic" "system_topic" { + location = "Global" + name = "subscription-system-topic" + resource_group_name = azurerm_resource_group.corelight_resource_group.name + source_arm_resource_id = data.azurerm_subscription.subscription.id + topic_type = "microsoft.resources.subscriptions" + + tags = local.tags +} + +#################################################################################################### +# Create a new resource group or re-use an existing one +#################################################################################################### +resource "azurerm_resource_group" "corelight_resource_group" { + name = local.resource_group_name + location = local.deployment_location + + tags = local.tags +} + +#################################################################################################### +# Create a new storage account and container to store the enrichment data or re-use an existing one +#################################################################################################### +resource "azurerm_storage_account" "enrichment_data" { + # Azure Storage account names must be globally unique and have character restrictions + # https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview#storage-account-name + name = "corelightenrichment" + resource_group_name = azurerm_resource_group.corelight_resource_group.name + location = local.deployment_location + account_replication_type = "LRS" + account_tier = "Standard" + + tags = local.tags +} + +resource "azurerm_storage_container" "enrichment_bucket" { + name = "enrichment" + storage_account_name = azurerm_storage_account.enrichment_data.name +} + +#################################################################################################### +# Deploy the Container App and its supporting infrastructure +# Replace relative source with "source = github.com/corelight/terraform-azure-enrichment" +#################################################################################################### +module "enrichment" { + source = "../.." + + resource_group_name = azurerm_resource_group.corelight_resource_group.name + enrichment_storage_account = azurerm_storage_account.enrichment_data.name + enrichment_storage_account_container = azurerm_storage_container.enrichment_bucket.name + event_grid_system_topic_name = azurerm_eventgrid_system_topic.system_topic.name + location = local.deployment_location + subscription_id = local.subscription_id + + tags = local.tags +} diff --git a/terraform/azure-cloud-enrichment/versions.tf b/terraform/azure-cloud-enrichment/versions.tf new file mode 100644 index 0000000..93b6701 --- /dev/null +++ b/terraform/azure-cloud-enrichment/versions.tf @@ -0,0 +1,15 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.97.1" + } + } +} + +provider "azurerm" { + features {} + subscription_id = local.subscription_id +} diff --git a/terraform/azure-scaleset-sensor/README.md b/terraform/azure-scaleset-sensor/README.md new file mode 100644 index 0000000..b016309 --- /dev/null +++ b/terraform/azure-scaleset-sensor/README.md @@ -0,0 +1,11 @@ +# Corelight Sensor Deployment - Azure + +This directory provides Terraform code for deploying Corelight's Cloud Sensor +on **Azure**. + +## Overview + +This deployment uses the [terraform-azure-sensor][] module, which simplifies the +setup of Corelight Sensors by automating the provisioning of AWS resources. + +[terraform-azure-sensor]: https://github.com/corelight/terraform-azure-sensor/ diff --git a/terraform/azure-scaleset-sensor/main.tf b/terraform/azure-scaleset-sensor/main.tf new file mode 100644 index 0000000..529940f --- /dev/null +++ b/terraform/azure-scaleset-sensor/main.tf @@ -0,0 +1,63 @@ +locals { + subscription_id = "" + resource_group_name = "corelight" + location = "eastus" + license = "" + tags = { + terraform : true, + purpose : "Corelight" + } + fleet_token = "b1cd099ff22ed8a41abc63929d1db126" + fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket" +} + +#################################################################################################### +# Create a resource group for the corelight resources +#################################################################################################### +resource "azurerm_resource_group" "sensor_rg" { + location = local.location + name = local.resource_group_name + + tags = local.tags +} + +#################################################################################################### +# Get data on the existing vnet and create a subnet in that vnet for the sensor +#################################################################################################### +data "azurerm_virtual_network" "existing_vnet" { + name = "" + resource_group_name = "" +} + +#################################################################################################### +# Deploy the Sensor +#################################################################################################### +module "sensor" { + source = "../.." + + license_key = local.license + location = local.location + resource_group_name = azurerm_resource_group.sensor_rg.name + virtual_network_name = data.azurerm_virtual_network.existing_vnet.name + virtual_network_resource_group = "" + virtual_network_address_space = "" + corelight_sensor_image_id = "" + community_string = "" + fleet_token = local.fleet_token + fleet_url = local.fleet_url + sensor_ssh_public_key = "" + + # (Optional) Cloud Enrichment Variables + enrichment_storage_account_name = "" + enrichment_storage_container_name = "" + tags = local.tags +} + +#################################################################################################### +# (Optional) Assign the VMSS identity access to the enrichment bucket if enabled +#################################################################################################### +resource "azurerm_role_assignment" "enrichment_data_access" { + principal_id = module.sensor.sensor_identity_principal_id + scope = "" + role_definition_name = "Storage Blob Data Reader" +} diff --git a/terraform/gcp-cloud-enrichment/README.md b/terraform/gcp-cloud-enrichment/README.md new file mode 100644 index 0000000..2649ed8 --- /dev/null +++ b/terraform/gcp-cloud-enrichment/README.md @@ -0,0 +1,11 @@ +# Corelight Cloud Enrichment Service Deployment - GCP + +This directory provides Terraform code for deploying Corelight's Cloud Enrichment +on **GCP**. + +## Overview + +This deployment uses the [terraform-gcp-enrichment][] module, which simplifies the +setup of Corelight Cloud Enrichment by automating the provisioning of GCP resources. + +[terraform-gcp-enrichment]: https://github.com/corelight/terraform-gcp-enrichment/ diff --git a/terraform/gcp-cloud-enrichment/main.tf b/terraform/gcp-cloud-enrichment/main.tf new file mode 100644 index 0000000..1f9a752 --- /dev/null +++ b/terraform/gcp-cloud-enrichment/main.tf @@ -0,0 +1,67 @@ +locals { + organization_id = "12345" + custom_org_role_id = "corelight_enrichment_role" + location = "us-central1" + zone = "us-central1-a" + folder_to_observe = "54321" + project_id = "corelight-enrichment-project" + service_account_id = "corelight-enrichment" + + labels = { + terraform : true, + example : true, + purpose : "Corelight" + } +} + +provider "google" { + project = local.project_id + region = local.location + + # Uncomment this if needed + # user_project_override = true +} + +#################################################################################################### +# Set up the GCS bucket for enrichment data +#################################################################################################### +resource "random_id" "bucket_nonce" { + byte_length = 4 +} + +resource "google_storage_bucket" "enrichment_bucket" { + location = local.location + name = "corelight-enrichment-${random_id.bucket_nonce.hex}" + public_access_prevention = "enforced" + + labels = local.labels +} + +#################################################################################################### +# Create the organizational role with access to enumerate folders and projects +#################################################################################################### +module "custom_org_role" { + source = "../../modules/org_iam" + + custom_org_role_id = local.custom_org_role_id + organization_id = local.organization_id +} + +#################################################################################################### +# Deploy Cloud Run service and create service account with proper permissions +# Replace relative source with "source = github.com/corelight/terraform-gcp-enrichment" +#################################################################################################### +module "enrichment" { + source = "../.." + + enrichment_bucket_name = google_storage_bucket.enrichment_bucket.name + folder_id = local.folder_to_observe + project_id = local.project_id + zone = local.zone + location = local.location + organization_role_id = module.custom_org_role.custom_org_role_id + service_account_id = local.service_account_id + + labels = local.labels +} + diff --git a/terraform/gcp-cloud-enrichment/versions.tf b/terraform/gcp-cloud-enrichment/versions.tf new file mode 100644 index 0000000..de76f8b --- /dev/null +++ b/terraform/gcp-cloud-enrichment/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + google = { + source = "hashicorp/google" + version = ">=5.21.0" + } + } +} \ No newline at end of file diff --git a/terraform/gcp-mig-sensor/README.md b/terraform/gcp-mig-sensor/README.md new file mode 100644 index 0000000..0f84bd4 --- /dev/null +++ b/terraform/gcp-mig-sensor/README.md @@ -0,0 +1,11 @@ +# Corelight Sensor Deployment - GCP + +This directory provides Terraform code for deploying Corelight's Cloud Sensor +on **GCP**. + +## Overview + +This deployment uses the [terraform-gcp-sensor][] module, which simplifies the +setup of Corelight Sensors by automating the provisioning of AWS resources. + +[terraform-gcp-sensor]: https://github.com/corelight/terraform-gcp-sensor/ diff --git a/terraform/gcp-mig-sensor/main.tf b/terraform/gcp-mig-sensor/main.tf new file mode 100644 index 0000000..765c684 --- /dev/null +++ b/terraform/gcp-mig-sensor/main.tf @@ -0,0 +1,150 @@ +locals { + region = "us-west1" + zone = "us-west1-a" + project_id = "" + auth = file("~/.config/gcloud/application_default_credentials.json") + instance_ssh_key_pub = "~/.ssh/id_ed25519_cl.pub" + instance_bastion_image = "ubuntu-os-cloud/ubuntu-2004-lts" + instance_sensor_image = "alma-8-20240516193720" + subnetwork_mgmt_cidr = "10.129.0.0/24" + subnetwork_mon_cidr = "10.3.0.0/24" + subnetwork_mon_gateway = "10.3.0.1" + license_key = file("~/corelight-license.txt") + community_string = "managedPassword!" + fleet_token = "b1cd099ff22ed8a41abc63929d1db126" + fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket" +} + +#################################################################################################### +# Configure the provider +#################################################################################################### + +provider "google" { + project = local.project_id + credentials = local.auth + region = local.region + zone = local.zone +} + +#################################################################################################### +# Create a VPC +#################################################################################################### + +# firewall + +# allow ssh traffic to mgmt (default is inbound) +resource "google_compute_firewall" "allow_ssh_to_mgmt" { + name = "corelight-allow-ssh-inbound-to-mgmt" + direction = "INGRESS" + network = google_compute_network.mgmt.name + + allow { + protocol = "tcp" + ports = ["22"] + } + + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-ssh"] +} + +# allow internal SSH traffic in mgmt network +resource "google_compute_firewall" "allow_internal" { + name = "corelight-allow-internal" + direction = "INGRESS" + network = google_compute_network.mgmt.name + + allow { + protocol = "tcp" + ports = ["22"] + } + + source_ranges = [local.subnetwork_mgmt_cidr] + target_tags = ["allow-ssh"] +} + +# nat + +resource "google_compute_router" "mgmt_router" { + name = "corelight-mgmt-router" + region = local.region + network = google_compute_network.mgmt.name +} + +resource "google_compute_router_nat" "mon_nat" { + name = "corelight-mgmt-nat" + router = google_compute_router.mgmt_router.name + region = local.region + nat_ip_allocate_option = "AUTO_ONLY" + source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES" + + log_config { + enable = true + filter = "ERRORS_ONLY" + } +} + +# network + +resource "google_compute_network" "mgmt" { + name = "corelight-mgmt" + routing_mode = "GLOBAL" + auto_create_subnetworks = false +} + +resource "google_compute_network" "prod" { + name = "corelight-prod" + routing_mode = "GLOBAL" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "mgmt_subnet" { + name = "corelight-subnet" + ip_cidr_range = local.subnetwork_mgmt_cidr + network = google_compute_network.mgmt.name + region = local.region +} + +resource "google_compute_subnetwork" "mon_subnet" { + name = "corelight-mon-subnet" + ip_cidr_range = local.subnetwork_mon_cidr + network = google_compute_network.prod.name + region = local.region +} + +#################################################################################################### +# Create a Bastion +#################################################################################################### + +module "custom_bastion" { + source = "../../modules/bastion" + + zone = local.zone + network_mgmt_name = google_compute_network.mgmt.name + subnetwork_mgmt_name = google_compute_subnetwork.mgmt_subnet.name + instance_ssh_key_pub = local.instance_ssh_key_pub + image = local.instance_bastion_image +} + +#################################################################################################### +# Create Sensor Managed Instance Group +#################################################################################################### + +module "sensor" { + source = "../.." + + region = local.region + zone = local.zone + network_mgmt_name = google_compute_network.mgmt.name + subnetwork_mgmt_name = google_compute_subnetwork.mgmt_subnet.name + subnetwork_mgmt_cidr = local.subnetwork_mgmt_cidr + network_prod_name = google_compute_network.prod.name + subnetwork_mon_name = google_compute_subnetwork.mon_subnet.name + subnetwork_mon_cidr = local.subnetwork_mon_cidr + subnetwork_mon_gateway = local.subnetwork_mon_gateway + instance_ssh_key_pub = local.instance_ssh_key_pub + image = local.instance_sensor_image + license_key = local.license_key + community_string = local.community_string + fleet_token = local.fleet_token + fleet_url = local.fleet_url +} diff --git a/terraform/gcp-mig-sensor/versions.tf b/terraform/gcp-mig-sensor/versions.tf new file mode 100644 index 0000000..7bb0ff6 --- /dev/null +++ b/terraform/gcp-mig-sensor/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">=1.3.2" + + required_providers { + google = { + source = "hashicorp/google" + version = ">=5.21.0" + } + } +} diff --git a/terraform/integrations/README.md b/terraform/integrations/README.md new file mode 100644 index 0000000..89962b3 --- /dev/null +++ b/terraform/integrations/README.md @@ -0,0 +1,11 @@ +# Integrations + +This directory contains Terraform modules designed to integrate Corelight +solutions with third-party platforms. + +## Available Integrations + +## How to Use + +Navigate into the appropriate directory and follow the instructions provided in +the `README.md` for each module.