From c8880655edb8cf850873c108e0a61247760d4274 Mon Sep 17 00:00:00 2001 From: yizhako Date: Tue, 24 Oct 2023 09:03:57 +0300 Subject: [PATCH] fixed readme --- terraform/aws/gwlb/README.md | 93 +++++++++++----------------- terraform/aws/qs-autoscale/README.md | 7 +-- 2 files changed, 37 insertions(+), 63 deletions(-) diff --git a/terraform/aws/gwlb/README.md b/terraform/aws/gwlb/README.md index 54ae3314..911c6c40 100755 --- a/terraform/aws/gwlb/README.md +++ b/terraform/aws/gwlb/README.md @@ -148,59 +148,43 @@ secret_key = "my-secret-key" ``` ## Inputs -| Name | Description | Type | Allowed values | Default | Required | -|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------| -| vpc_id | Select an existing VPC | string | n/a | n/a | yes | -| subnet_ids | The VPC subnets ID | string | n/a | n/a | yes | -| key_name | The EC2 Key Pair name to allow SSH access to the instances | string | n/a | n/a | yes | -| enable_volume_encryption | Encrypt Environment instances volume with default AWS KMS key | bool | true/false | true | no | -| enable_instance_connect | Enable SSH connection over AWS web console. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no | -| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no | -| volume_size | Instances volume size | number | n/a | 100 | no | -| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no | -| management_server | The name that represents the Security Management Server in the automatic provisioning configuration. | string | n/a | CP-Management-gwlb-tf | yes | -| configuration_template | The tag is used by the Security Management Server to automatically provision the Security Gateways. Must be up to 12 alphanumeric characters and unique for each Quick Start deployment | string | n/a | gwlb-configuration | no | -| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no | -| gateway_load_balancer_name | Load Balancer name in AWS | string | n/a | gwlb1 | yes | -| target_group_name | Target Group Name. This name must be unique within your AWS account and can have a maximum of 32 alphanumeric characters and hyphens. | string | n/a | tg1 | yes | -| connection_acceptance_required | Indicate whether requests from service consumers to create an endpoint to your service must be accepted. Default is set to false(acceptance not required). | bool | true/false | false | yes | -| enable_cross_zone_load_balancing | Select 'true' to enable cross-az load balancing. NOTE! this may cause a spike in cross-az charges. | bool | true/false | true | yes | -| gateway_name | The name tag of the Security Gateway instances. (optional) | string | n/a | Check-Point-GW-tf | yes | +| Name | Description | Type | Allowed values | Default | Required | +|----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------| +| vpc_id | Select an existing VPC | string | n/a | n/a | yes | +| subnet_ids | The VPC subnets ID | string | n/a | n/a | yes | +| key_name | The EC2 Key Pair name to allow SSH access to the instances | string | n/a | n/a | yes | +| enable_volume_encryption | Encrypt Environment instances volume with default AWS KMS key | bool | true/false | true | no | +| enable_instance_connect | Enable SSH connection over AWS web console. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no | +| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no | +| volume_size | Instances volume size | number | n/a | 100 | no | +| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no | +| management_server | The name that represents the Security Management Server in the automatic provisioning configuration. | string | n/a | CP-Management-gwlb-tf | yes | +| configuration_template | The tag is used by the Security Management Server to automatically provision the Security Gateways. Must be up to 12 alphanumeric characters and unique for each Quick Start deployment | string | n/a | gwlb-configuration | no | +| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no | +| gateway_load_balancer_name | Load Balancer name in AWS | string | n/a | gwlb1 | yes | +| target_group_name | Target Group Name. This name must be unique within your AWS account and can have a maximum of 32 alphanumeric characters and hyphens. | string | n/a | tg1 | yes | +| connection_acceptance_required | Indicate whether requests from service consumers to create an endpoint to your service must be accepted. Default is set to false(acceptance not required). | bool | true/false | false | yes | +| enable_cross_zone_load_balancing | Select 'true' to enable cross-az load balancing. NOTE! this may cause a spike in cross-az charges. | bool | true/false | true | yes | +| gateway_name | The name tag of the Security Gateway instances. (optional) | string | n/a | Check-Point-GW-tf | yes | | gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no | -| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no | -| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no | -| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no | -| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no | -| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes | -| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no | -| gateway_bootstrap_script | (Optional) An optional script with semicolon (;) separated commands to run on the initial boot | string | n/ -a - - - - - - - - - - - - - - -| "" | no | -| gateways_provision_address_type | Determines if the gateways are provisioned using their private or public address. | string | - private
- public | private | no | -| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no | -| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no | +| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no | +| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no | +| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no | +| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no | +| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes | +| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no | +| gateway_bootstrap_script | (Optional) An optional script with semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no | +| gateways_provision_address_type | Determines if the gateways are provisioned using their private or public address. | string | - private
- public | private | no | +| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no | +| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no | | management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no | -| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG | R81.20-BYOL | no | -| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no | -| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no | -| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no | -| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | valid CIDR | n/a | no | -| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | valid CIDR | n/a | no | -| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no | +| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG | R81.20-BYOL | no | +| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no | +| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no | +| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no | +| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | valid CIDR | n/a | no | +| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | valid CIDR | n/a | no | +| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no | ## Outputs @@ -227,16 +211,11 @@ In order to check the template version, please refer to [sk116585](https://suppo | 20221226 | Support ASG Launch Template instead of Launch Configuration | | 20230521 | Change default shell for the admin user to /etc/cli.sh | | 20230806 | Add support for c6in instance type | -<<<<<<< Updated upstream -| 20230830 | Change default Check Point version to R81.20 | -| 20230923 | Add support for C5d instance type | -| 20231022 | Fixed template to populate x-chkp-tags correctly | -======= | 20230829 | Change default Check Point version to R81.20 | | 20230910 | Add bootstrap script execution option for deployed gateways | | 20230923 | Add support for C5d instance type | | 20231012 | Update AWS Terraform provider version to 5.20.1 | ->>>>>>> Stashed changes +| 20231022 | Fixed template to populate x-chkp-tags correctly | ## License diff --git a/terraform/aws/qs-autoscale/README.md b/terraform/aws/qs-autoscale/README.md index caf379cc..60232be6 100755 --- a/terraform/aws/qs-autoscale/README.md +++ b/terraform/aws/qs-autoscale/README.md @@ -216,15 +216,10 @@ In order to check the template version, please refer to [sk116585](https://suppo | 20221123 | R81.20 version support | | 20221226 | Support ASG Launch Template instead of Launch Configuration | | 20230806 | Add support for c6in instance type | -<<<<<<< Updated upstream -| 20230830 | Change default Check Point version to R81.20 | -| 20230923 | Add support for C5d instance type | -| 20231022 | Fixed template to populate x-chkp-tags correctly | -======= | 20230829 | Change default Check Point version to R81.20 | | 20230923 | Add support for C5d instance type | | 20231012 | Update AWS Terraform provider version to 5.20.1 | ->>>>>>> Stashed changes +| 20231022 | Fixed template to populate x-chkp-tags correctly | ## License