Merge pull request #321 from chkp-meravbe/mb-rename-vpc-stack

AWS | CFT and Terraform | stability fixes and add support for BYOL license type for Standalone
CheckPointSW · Nov 14, 2023 · 1e97a70 · 1e97a70
2 parents f1021f2 + 3c6cf63
commit 1e97a70
Show file tree

Hide file tree

Showing 12 changed files with 58 additions and 41 deletions.
diff --git a/aws/templates/single-gw/gateway-master.yaml b/aws/templates/single-gw/gateway-master.yaml
@@ -1,5 +1,5 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Security Gateway into a new VPC (20230830)
+Description: Deploys a Check Point Security Gateway into a new VPC (20231113)
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -387,7 +387,7 @@ Conditions:
   AllocateAddress: !Equals [!Ref AllocatePublicAddress, true]
   ProvidedResourcesTag: !Not [!Equals [!Ref ResourcesTagName, '']]
 Resources:
-  Vpc:
+  VPCStack:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml
@@ -402,7 +402,7 @@ Resources:
   InternalRoutingTable:
     Type: AWS::EC2::RouteTable
     Properties:
-      VpcId: !GetAtt Vpc.Outputs.VPCID
+      VpcId: !GetAtt VPCStack.Outputs.VPCID
       Tags:
         - Key: Name
           Value:
@@ -414,15 +414,15 @@ Resources:
     Type: AWS::EC2::SubnetRouteTableAssociation
     Properties:
       RouteTableId: !Ref InternalRoutingTable
-      SubnetId: !GetAtt Vpc.Outputs.PrivateSubnet1ID
+      SubnetId: !GetAtt VPCStack.Outputs.PrivateSubnet1ID
   GatewayStack:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL: https://cgi-cfts.s3.amazonaws.com/gateway/gateway.yaml
       Parameters:
-        VPC: !GetAtt Vpc.Outputs.VPCID
-        PublicSubnet: !GetAtt Vpc.Outputs.PublicSubnet1ID
-        PrivateSubnet: !GetAtt Vpc.Outputs.PrivateSubnet1ID
+        VPC: !GetAtt VPCStack.Outputs.VPCID
+        PublicSubnet: !GetAtt VPCStack.Outputs.PublicSubnet1ID
+        PrivateSubnet: !GetAtt VPCStack.Outputs.PrivateSubnet1ID
         InternalRouteTable: !Ref InternalRoutingTable
         GatewayName: !Ref GatewayName
         GatewayInstanceType: !Ref GatewayInstanceType

diff --git a/aws/templates/single-gw/gateway.yaml b/aws/templates/single-gw/gateway.yaml
@@ -1,5 +1,5 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Security Gateway into an existing VPC (20230830)
+Description: Deploys a Check Point Security Gateway into an existing VPC (20231113)
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -526,7 +526,7 @@ Resources:
             - !Join ['', ['    pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayPasswordHash, ')"']]
             - !Join ['', ['    bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']]
             - !Sub ['    version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}]
-            - '    python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${token}\"" installationType=\"gateway\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230830\" templateName=\"gateway\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
+            - '    python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${token}\"" installationType=\"gateway\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20231113\" templateName=\"gateway\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
       KeyName: !Ref KeyName
       NetworkInterfaces:
         - DeviceIndex: 0

diff --git a/aws/templates/standalone/standalone-master.yaml b/aws/templates/standalone/standalone-master.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: 2010-09-09
 Description: Deploys either a manually configurable or a Check Point CloudGuard IaaS
-  Security Gateway & Management (Standalone) instance in a new VPC (20230830)
+  Security Gateway & Management (Standalone) instance in a new VPC (20231113)
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -157,12 +157,16 @@ Parameters:
   StandaloneVersion:
     Description: Standalone Version & License.
     Type: String
-    Default: R81.20-PAYG-NGTP
+    Default: R81.20-BYOL
     AllowedValues:
       - R80.40-PAYG-NGTP
+      - R80.40-BYOL
       - R81-PAYG-NGTP
+      - R81-BYOL
       - R81.10-PAYG-NGTP
+      - R81.10-BYOL
       - R81.20-PAYG-NGTP
+      - R81.20-BYOL
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
@@ -348,7 +352,7 @@ Conditions:
   AllocateAddress: !Equals [!Ref AllocatePublicAddress, true]
   ProvidedResourcesTag: !Not [!Equals [!Ref ResourcesTagName, '']]
 Resources:
-  Vpc:
+  VPCStack:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml
@@ -363,7 +367,7 @@ Resources:
   InternalRoutingTable:
     Type: AWS::EC2::RouteTable
     Properties:
-      VpcId: !GetAtt Vpc.Outputs.VPCID
+      VpcId: !GetAtt VPCStack.Outputs.VPCID
       Tags:
         - Key: Name
           Value: !Join
@@ -374,15 +378,15 @@ Resources:
     Type: AWS::EC2::SubnetRouteTableAssociation
     Properties:
       RouteTableId: !Ref InternalRoutingTable
-      SubnetId: !GetAtt Vpc.Outputs.PrivateSubnet1ID
+      SubnetId: !GetAtt VPCStack.Outputs.PrivateSubnet1ID
   StandaloneStack:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL: https://cgi-cfts.s3.amazonaws.com/gateway/standalone.yaml
       Parameters:
-        VPC: !GetAtt Vpc.Outputs.VPCID
-        PublicSubnet: !GetAtt Vpc.Outputs.PublicSubnet1ID
-        PrivateSubnet: !GetAtt Vpc.Outputs.PrivateSubnet1ID
+        VPC: !GetAtt VPCStack.Outputs.VPCID
+        PublicSubnet: !GetAtt VPCStack.Outputs.PublicSubnet1ID
+        PrivateSubnet: !GetAtt VPCStack.Outputs.PrivateSubnet1ID
         InternalRouteTable: !Ref InternalRoutingTable
         StandaloneName: !Ref StandaloneName
         StandaloneInstanceType: !Ref StandaloneInstanceType

diff --git a/aws/templates/standalone/standalone.yaml b/aws/templates/standalone/standalone.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: 2010-09-09
 Description: Deploys either a manually configurable or a Check Point CloudGuard IaaS
-  Security Gateway & Management (Standalone) instance into an existing VPC (20230830)
+  Security Gateway & Management (Standalone) instance into an existing VPC (20231113)
 Metadata:
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -270,12 +270,16 @@ Parameters:
   StandaloneVersion:
     Description: Standalone Version & License.
     Type: String
-    Default: R81.20-PAYG-NGTP
+    Default: R81.20-BYOL
     AllowedValues:
       - R80.40-PAYG-NGTP
+      - R80.40-BYOL
       - R81-PAYG-NGTP
+      - R81-BYOL
       - R81.10-PAYG-NGTP
+      - R81.10-BYOL
       - R81.20-PAYG-NGTP
+      - R81.20-BYOL
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
@@ -347,6 +351,7 @@ Conditions:
   EncryptedVolume: !Not [!Equals [!Ref VolumeEncryption, '']]
   ProvidedRouteTable: !Not [!Equals [!Ref InternalRouteTable, '']]
   EnableCloudWatch: !Equals [!Ref CloudWatch, true]
+  IsBYOL: !Equals [!Select [1, !Split ['-', !Ref StandaloneVersion]], 'BYOL']
 Resources:
   ReadyHandle:
     Type: AWS::CloudFormation::WaitConditionHandle
@@ -390,7 +395,7 @@ Resources:
     Properties:
       TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml
       Parameters:
-        Version: !Ref StandaloneVersion
+        Version: !If [IsBYOL, !Join ['-', [!Ref StandaloneVersion,MGMT]], !Ref StandaloneVersion]
   ExternalNetworkInterface:
     Type: AWS::EC2::NetworkInterface
     Properties:
@@ -471,7 +476,7 @@ Resources:
             - !Join ['', ['    bootstrap="$(echo ', 'Fn::Base64': !Ref StandaloneBootstrapScript, ')"']]
             - !Join ['', ['    pwd_hash="$(echo ', 'Fn::Base64': !Ref StandalonePasswordHash, ')"']]
             - !Sub ['    version=${Version}', {Version: !Select [0, !Split ['-', !Ref StandaloneVersion]]}]
-            - '    python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" installationType=\"standalone\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20221123\" templateName=\"standalone\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" adminSubnet=\"${admin_subnet}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
+            - '    python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" installationType=\"standalone\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20231113\" templateName=\"standalone\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" adminSubnet=\"${admin_subnet}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
       KeyName: !Ref KeyName
       NetworkInterfaces:
         - DeviceIndex: 0

diff --git a/terraform/aws/modules/amis/main.tf b/terraform/aws/modules/amis/main.tf
@@ -9,7 +9,9 @@ locals {
   //  version_license_key = "R80.40-PAYG-NGTX-GW"
   //  version_license_value = "R8040PAYGNGTXGW"
 
-  version_license_key = format("%s%s", var.version_license, var.chkp_type == "gateway" ? "-GW" : var.chkp_type == "management" ? "-MGMT" : var.chkp_type == "mds" ? "-MGMT" : "")
+  version_license_key_mgmt_gw = format("%s%s", var.version_license, var.chkp_type == "gateway" ? "-GW" : var.chkp_type == "management" ? "-MGMT" : var.chkp_type == "mds" ? "-MGMT" : "")
+  version_license_key = var.chkp_type == "standalone" ? format("%s%s", var.version_license, element(split("-", var.version_license), 1) == "BYOL" ? "-MGMT" : "") : local.version_license_key_mgmt_gw
+
   version_license_value = local.amis_yaml_converterMap[local.version_license_key]["Value"]
 
   //  Variables example:

diff --git a/terraform/aws/modules/common/version_license/main.tf b/terraform/aws/modules/common/version_license/main.tf
@@ -30,9 +30,13 @@ locals {
     "R81.20-BYOL"
   ]
   standalone_versions = [
+    "R80.40-BYOL",
     "R80.40-PAYG-NGTP",
+    "R81-BYOL",
     "R81-PAYG-NGTP",
+    "R81.10-BYOL",
     "R81.10-PAYG-NGTP",
+    "R81.20-BYOL",
     "R81.20-PAYG-NGTP"
   ]
   gwlb_gw_versions = [