diff --git a/aws/templates/asg/autoscale.yaml b/aws/templates/asg/autoscale.yaml index 97627bd8..04a1adbb 100644 --- a/aws/templates/asg/autoscale.yaml +++ b/aws/templates/asg/autoscale.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Create an Auto Scaling group of Check Point gateways (__VERSION__) +Description: Create an Auto Scaling group of Check Point gateways (20240417) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -410,7 +410,7 @@ Resources: Condition: EnableCloudWatch Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/iam/cloudwatch-policy.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cloudwatch-policy.yaml Parameters: PolicyName: ChkpGatewayPolicy PolicyRole: !Ref ChkpGatewayRole @@ -424,7 +424,7 @@ Resources: AMI: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml Parameters: Version: !Join ['-', [!Ref GatewayVersion, GW]] NotificationTopic: @@ -545,7 +545,7 @@ Resources: - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"']] - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" sicKey=\"${sic}\" installationType=\"autoscale\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"autoscale\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" sicKey=\"${sic}\" installationType=\"autoscale\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"autoscale\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version GatewayScaleUpPolicy: Type: AWS::AutoScaling::ScalingPolicy @@ -612,4 +612,3 @@ Outputs: SecurityGroup: Description: The Security Group of the Auto Scaling group. Value: !GetAtt PermissiveSecurityGroup.GroupId - diff --git a/aws/templates/cluster/cluster-master.yaml b/aws/templates/cluster/cluster-master.yaml index 6243e34c..87d54b56 100755 --- a/aws/templates/cluster/cluster-master.yaml +++ b/aws/templates/cluster/cluster-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Check Point Cluster in a new VPC (__VERSION__) +Description: Deploy a Check Point Cluster in a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -395,7 +395,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Ref AvailabilityZone NumberOfAZs: 1 @@ -414,7 +414,7 @@ Resources: Type: AWS::CloudFormation::Stack DependsOn: VPCStack Properties: - TemplateURL: __URL__/cluster/cluster.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/cluster/cluster.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID PublicSubnet: !GetAtt VPCStack.Outputs.PublicSubnet1ID @@ -499,12 +499,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [ [ !Ref MemberBToken ], !Ref MemberAToken ] diff --git a/aws/templates/cluster/cluster.yaml b/aws/templates/cluster/cluster.yaml index f1263257..9bea983a 100755 --- a/aws/templates/cluster/cluster.yaml +++ b/aws/templates/cluster/cluster.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploys a Check Point Cluster into an existing VPC (__VERSION__) +Description: Deploys a Check Point Cluster into an existing VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -412,7 +412,7 @@ Resources: Condition: CreateRole Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/iam/cluster-iam-role.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cluster-iam-role.yaml ClusterInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: @@ -422,14 +422,14 @@ Resources: Condition: EnableCloudWatch Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/iam/cloudwatch-policy.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cloudwatch-policy.yaml Parameters: PolicyName: !If [ProvidedResourcesTag, !Ref ResourcesTagName, !Ref 'AWS::StackName'] PolicyRole: !If [CreateRole, !GetAtt ClusterRole.Outputs.ClusterIAMRole, !Ref GatewayPredefinedRole] AMI: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml Parameters: Version: !Join [-, [!Ref GatewayVersion, GW]] PermissiveSecurityGroup: @@ -610,7 +610,7 @@ Resources: - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"']] - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version MemberBGatewayLaunchTemplate: Type: AWS::EC2::LaunchTemplate @@ -653,7 +653,7 @@ Resources: - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"']] - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230923\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version ClusterPublicAddress: Type: AWS::EC2::EIP @@ -747,12 +747,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [[!Ref MemberBToken], !Ref MemberAToken] @@ -762,4 +762,3 @@ Rules: - AssertDescription: "The same Smart-1 Cloud token is used for the two Cluster members. Each Cluster member must have a unique token" Assert: !Equals [ !Ref MemberBToken, '' ] - diff --git a/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml b/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml index dcc61a70..9826d072 100644 --- a/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml +++ b/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Check Point Cluster in a new VPC (__VERSION__) +Description: Deploy a Check Point Cluster in a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -401,7 +401,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Join [',', !Ref AvailabilityZones] NumberOfAZs: 2 @@ -422,7 +422,7 @@ Resources: Type: AWS::CloudFormation::Stack DependsOn: VPCStack Properties: - TemplateURL: __URL__/cluster/cross-az-cluster.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/cluster/cross-az-cluster.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID PublicSubnetA: !GetAtt VPCStack.Outputs.PublicSubnet1ID @@ -508,12 +508,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [ [ !Ref MemberBToken ], !Ref MemberAToken ] diff --git a/aws/templates/cross-az-cluster/cross-az-cluster.yaml b/aws/templates/cross-az-cluster/cross-az-cluster.yaml index 5d294579..3c5f6ad8 100644 --- a/aws/templates/cross-az-cluster/cross-az-cluster.yaml +++ b/aws/templates/cross-az-cluster/cross-az-cluster.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploys a Check Point Cluster into an existing VPC (__VERSION__) +Description: Deploys a Check Point Cluster into an existing VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -426,7 +426,7 @@ Resources: Condition: CreateRole Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/iam/cluster-iam-role.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cluster-iam-role.yaml ClusterInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: @@ -436,14 +436,14 @@ Resources: Condition: EnableCloudWatch Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/iam/cloudwatch-policy.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cloudwatch-policy.yaml Parameters: PolicyName: !If [ ProvidedResourcesTag, !Ref ResourcesTagName, !Ref 'AWS::StackName' ] PolicyRole: !If [CreateRole, !GetAtt ClusterRole.Outputs.ClusterIAMRole, !Ref GatewayPredefinedRole] AMI: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml Parameters: Version: !Join ['-', [!Ref GatewayVersion, GW]] PermissiveSecurityGroup: @@ -669,7 +669,7 @@ Resources: - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"']] - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cross-az-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"cross_az_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" clusterIp=\"${cluster_ip}\" secondaryIp=\"${secondary_ip}\" otherMemberPrivateClusterIp=\"${remote_secondary_ip}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cross-az-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"cross_az_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" clusterIp=\"${cluster_ip}\" secondaryIp=\"${secondary_ip}\" otherMemberPrivateClusterIp=\"${remote_secondary_ip}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version MemberBGatewayLaunchTemplate: Type: AWS::EC2::LaunchTemplate @@ -716,7 +716,7 @@ Resources: - !Join [ '', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"' ] ] - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cross-az-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"cross_az_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" clusterIp=\"${cluster_ip}\" secondaryIp=\"${secondary_ip}\" otherMemberPrivateClusterIp=\"${remote_secondary_ip}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cross-az-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"cross_az_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" clusterIp=\"${cluster_ip}\" secondaryIp=\"${secondary_ip}\" otherMemberPrivateClusterIp=\"${remote_secondary_ip}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version Outputs: ClusterPublicAddress: @@ -772,12 +772,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [ [ !Ref MemberBToken ], !Ref MemberAToken ] diff --git a/aws/templates/geo-cluster/geo-cluster-master.yaml b/aws/templates/geo-cluster/geo-cluster-master.yaml index a07c6ed7..b2d4e02f 100644 --- a/aws/templates/geo-cluster/geo-cluster-master.yaml +++ b/aws/templates/geo-cluster/geo-cluster-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Check Point cross AZ Cluster in a new VPC (__VERSION__) +Description: Deploy a Check Point cross AZ Cluster in a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -413,7 +413,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Join [',', !Ref AvailabilityZones] NumberOfAZs: 2 @@ -433,7 +433,7 @@ Resources: ClusterStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/cluster/geo-cluster.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/cluster/geo-cluster.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID PublicSubnetA: !GetAtt VPCStack.Outputs.PublicSubnet1ID @@ -507,12 +507,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [ [ !Ref MemberBToken ], !Ref MemberAToken ] diff --git a/aws/templates/geo-cluster/geo-cluster.yaml b/aws/templates/geo-cluster/geo-cluster.yaml index eee0a855..c358dfba 100644 --- a/aws/templates/geo-cluster/geo-cluster.yaml +++ b/aws/templates/geo-cluster/geo-cluster.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploys a Check Point cross AZ Cluster into an existing VPC (__VERSION__) +Description: Deploys a Check Point cross AZ Cluster into an existing VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -427,7 +427,7 @@ Resources: ClusterRole: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/iam/cluster-iam-role.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cluster-iam-role.yaml ClusterInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: @@ -437,14 +437,14 @@ Resources: Condition: EnableCloudWatch Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/iam/cloudwatch-policy.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cloudwatch-policy.yaml Parameters: PolicyName: !If [ ProvidedResourcesTag, !Ref ResourcesTagName, !Ref 'AWS::StackName' ] PolicyRole: !If [CreateRole, !GetAtt ClusterRole.Outputs.ClusterIAMRole, !Ref GatewayPredefinedRole] AMI: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml Parameters: Version: !Join ['-', [!Ref GatewayVersion, GW]] PermissiveSecurityGroup: @@ -601,7 +601,7 @@ Resources: - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"']] - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"geo-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"geo_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" otherMemberIp=\"${other_member_ip}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"geo-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"geo_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" otherMemberIp=\"${other_member_ip}\" bootstrapScript64=\"${bootstrap}\"' MemberBGatewayLaunchTemplate: Type: AWS::EC2::LaunchTemplate Properties: @@ -643,7 +643,7 @@ Resources: - !Join [ '', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"' ] ] - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"geo-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"geo_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"geo-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"geo_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version MemberAPublicAddress: Type: AWS::EC2::EIP @@ -718,12 +718,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [ [ !Ref MemberBToken ], !Ref MemberAToken ] diff --git a/aws/templates/gwlb-asg/gwlb-master.yaml b/aws/templates/gwlb-asg/gwlb-master.yaml index 6766a1b3..0e4eb4c7 100644 --- a/aws/templates/gwlb-asg/gwlb-master.yaml +++ b/aws/templates/gwlb-asg/gwlb-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (__VERSION__) +Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -647,7 +647,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Join [',' , !Ref AvailabilityZones] NumberOfAZs: !Ref NumberOfAZs @@ -660,7 +660,7 @@ Resources: GWLBStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/gwlb/gwlb.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/gwlb.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID GatewaysSubnets: !Join @@ -728,7 +728,7 @@ Outputs: Value: !GetAtt GWLBStack.Outputs.GWLBServiceName Rules: GatewayAddressAllocationRule: - RuleCondition: !Equals [!Ref ControlGatewayOverPrivateOrPublicAddress, 'public'] - Assertions: + RuleCondition: !Equals [!Ref ControlGatewayOverPrivateOrPublicAddress, 'public'] + Assertions: - AssertDescription: "Gateway's selected to be provisioned by public IP, but ['AllocatePublicAddress'] parameter is false" Assert: !Equals [!Ref AllocatePublicAddress, 'true'] diff --git a/aws/templates/gwlb-asg/gwlb.yaml b/aws/templates/gwlb-asg/gwlb.yaml index 8d0340f7..50d8e335 100644 --- a/aws/templates/gwlb-asg/gwlb.yaml +++ b/aws/templates/gwlb-asg/gwlb.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (__VERSION__) +Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -642,7 +642,7 @@ Resources: SecurityGatewaysStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/gwlb/autoscale-gwlb.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/autoscale-gwlb.yaml Parameters: VPC: !Ref VPC GatewaysSubnets: !Join [',', !Ref GatewaysSubnets] @@ -674,7 +674,7 @@ Resources: Type: AWS::CloudFormation::Stack Condition: DeployManagement Properties: - TemplateURL: __URL__/gwlb/management-gwlb.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/management-gwlb.yaml Parameters: VPC: !Ref VPC ManagementSubnet: !Select [0, !Ref GatewaysSubnets] diff --git a/aws/templates/gwlb-asg/qs-gwlb-master.yaml b/aws/templates/gwlb-asg/qs-gwlb-master.yaml index 6979b470..4d7e56a7 100644 --- a/aws/templates/gwlb-asg/qs-gwlb-master.yaml +++ b/aws/templates/gwlb-asg/qs-gwlb-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (__VERSION__) +Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (05072024) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -800,7 +800,7 @@ Resources: SecurityVPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Join [',' , !Ref AvailabilityZones] NumberOfAZs: !Ref NumberOfAZs @@ -813,7 +813,7 @@ Resources: ServersVPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/gwlb/qs-gwlb-servers-vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/qs-gwlb-servers-vpc.yaml Parameters: AvailabilityZones: !Join [ ',' , !Ref AvailabilityZones ] NumberOfAZs: !Ref NumberOfAZs @@ -832,7 +832,7 @@ Resources: Type: AWS::CloudFormation::Stack DependsOn: [SecurityVPCStack, ServersVPCStack] Properties: - TemplateURL: __URL__/gwlb/qs-gwlb.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/qs-gwlb.yaml Parameters: SecurityVPC: !GetAtt SecurityVPCStack.Outputs.VPCID NumberOfAZs: !Ref NumberOfAZs diff --git a/aws/templates/gwlb-asg/qs-gwlb.yaml b/aws/templates/gwlb-asg/qs-gwlb.yaml index 70723206..1ff5555b 100644 --- a/aws/templates/gwlb-asg/qs-gwlb.yaml +++ b/aws/templates/gwlb-asg/qs-gwlb.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: "Deploy a Quick-Start Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, optionally: Security Management Server and Application Server Autoscale in an existing VPC (__VERSION__)" +Description: "Deploy a Quick-Start Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, optionally: Security Management Server and Application Server Autoscale in an existing VPC (05072024)" Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -749,7 +749,7 @@ Resources: SecurityGatewaysStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/gwlb/autoscale-gwlb.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/autoscale-gwlb.yaml Parameters: VPC: !Ref SecurityVPC GatewaysSubnets: !Join [',', !Ref GatewaysSubnets] @@ -792,7 +792,7 @@ Resources: Condition: DeployManagement DependsOn: GWLBeEndpointStack Properties: - TemplateURL: __URL__/gwlb/management-gwlb.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/management-gwlb.yaml Parameters: VPC: !Ref SecurityVPC ManagementSubnet: !Select [0, !Ref GatewaysSubnets] @@ -841,7 +841,7 @@ Resources: Type: AWS::CloudFormation::Stack DependsOn: VpcEndpointService Properties: - TemplateURL: __URL__/gwlb/qs-gwlb-endpoints.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/qs-gwlb-endpoints.yaml Parameters: NumberOfAZs: !Ref NumberOfAZs GWLBeVPC: !Ref ServersVPC @@ -854,7 +854,7 @@ Resources: Type: AWS::CloudFormation::Stack DependsOn: GWLBeEndpointStack Properties: - TemplateURL: __URL__/gwlb/qs-gwlb-servers-autoscale.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/qs-gwlb-servers-autoscale.yaml Parameters: VPC: !Ref ServersVPC Subnets: !Join [',', !Ref ServersSubnets] diff --git a/aws/templates/gwlb-asg/tgw-gwlb-master.yaml b/aws/templates/gwlb-asg/tgw-gwlb-master.yaml index cdf99b9c..7fe4c750 100644 --- a/aws/templates/gwlb-asg/tgw-gwlb-master.yaml +++ b/aws/templates/gwlb-asg/tgw-gwlb-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in a new VPC for Transit Gateway (__VERSION__) +Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in a new VPC for Transit Gateway (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -741,7 +741,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Join [',', !Ref AvailabilityZones] NumberOfAZs: !Ref NumberOfAZs @@ -759,7 +759,7 @@ Resources: TgwGwlbStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/gwlb/tgw-gwlb.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/tgw-gwlb.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID IGWID: !GetAtt VPCStack.Outputs.IGWID @@ -869,7 +869,7 @@ Outputs: Condition: 4AZs Rules: GatewayAddressAllocationRule: - RuleCondition: !Equals [!Ref ControlGatewayOverPrivateOrPublicAddress, 'public'] - Assertions: + RuleCondition: !Equals [!Ref ControlGatewayOverPrivateOrPublicAddress, 'public'] + Assertions: - AssertDescription: "Gateway's selected to be provisioned by public IP, but ['AllocatePublicAddress'] parameter is false" Assert: !Equals [!Ref AllocatePublicAddress, 'true'] diff --git a/aws/templates/gwlb-asg/tgw-gwlb.yaml b/aws/templates/gwlb-asg/tgw-gwlb.yaml index 123d500a..89fbbc8b 100644 --- a/aws/templates/gwlb-asg/tgw-gwlb.yaml +++ b/aws/templates/gwlb-asg/tgw-gwlb.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in an existing VPC for Transit Gateway (__VERSION__) +Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in an existing VPC for Transit Gateway (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -977,7 +977,7 @@ Resources: GWLBStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/gwlb/gwlb.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gwlb/gwlb.yaml Parameters: VPC: !Ref VPC GatewaysSubnets: !Join [',', !Ref GatewaysSubnets] diff --git a/aws/templates/management/management.yaml b/aws/templates/management/management.yaml index dd756635..04e3d00e 100755 --- a/aws/templates/management/management.yaml +++ b/aws/templates/management/management.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploys a Check Point Management Server (__VERSION__) +Description: Deploys a Check Point Management Server (20240417) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -336,7 +336,7 @@ Parameters: AllowedPattern: '[\$\./a-zA-Z0-9]*' NoEcho: true ManagementHostname: - Description: The name must not contain reserved words. For details, refer to sk40179. (optional) + Description: The name must not contain reserved words. For details, refer to sk40179 (optional). Type: String Default: mgmt-aws AllowedPattern: '^([A-Za-z]([-0-9A-Za-z]{0,61}[0-9A-Za-z])?|)$' @@ -417,7 +417,7 @@ Resources: AMI: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml Parameters: Version: !Join ['-', [!Ref ManagementVersion, MGMT]] ManagementReadyHandle: @@ -493,7 +493,7 @@ Resources: Type: AWS::CloudFormation::Stack Condition: CreateRole Properties: - TemplateURL: __URL__/iam/cme-iam-role.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cme-iam-role.yaml Parameters: Permissions: !Ref ManagementPermissions STSRoles: !Join [',', !Ref ManagementSTSRoles] @@ -558,7 +558,7 @@ Resources: - !Join ['', [' pwd_hash="$(echo ', 'Fn::Base64': !Ref ManagementPasswordHash, ')"']] - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref ManagementMaintenancePasswordHash, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref ManagementVersion]]}] - - ' python3 /etc/cloud_config.py waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" installationType=\"management\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"management\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" "management_installation_type=\"${mgmt_install_type}\"" adminSubnet=\"${admin_subnet}\" allocatePublicAddress=\"${eip}\" overTheInternet=\"${pub_mgmt}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" installationType=\"management\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"management\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" "management_installation_type=\"${mgmt_install_type}\"" adminSubnet=\"${admin_subnet}\" allocatePublicAddress=\"${eip}\" overTheInternet=\"${pub_mgmt}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version PublicAddress: Type: AWS::EC2::EIP diff --git a/aws/templates/mds/mds.yaml b/aws/templates/mds/mds.yaml index 1f5a9b41..ec7913b2 100644 --- a/aws/templates/mds/mds.yaml +++ b/aws/templates/mds/mds.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: Deploys a Check Point Multi-Domain Server (__VERSION__) +Description: Deploys a Check Point Multi-Domain Server (20240417) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -321,7 +321,7 @@ Parameters: AllowedPattern: '[\$\./a-zA-Z0-9]*' NoEcho: true MDSHostname: - Description: The name must not contain reserved words. For details, refer to sk40179. (optional) + Description: The name must not contain reserved words. For details, refer to sk40179 (optional). Type: String Default: mds-aws AllowedPattern: '^([A-Za-z]([-0-9A-Za-z]{0,61}[0-9A-Za-z])?|)$' @@ -358,7 +358,7 @@ Parameters: with the Multi-Domain Server. The address should be either 0.0.0.0/0 (any address) or /32 (specific address) Type: String AllowedPattern: '^((0.0.0.0\/0)|)$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/32)$' - ConstraintDescription: Administrator address must be either 0.0.0.0/0 or /32 + ConstraintDescription: Administrator address must be either 0.0.0.0/0 or /32 GatewaysAddresses: Description: Allow gateways only from this network to communicate with the Multi-Domain. Server @@ -398,7 +398,7 @@ Resources: AMI: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml Parameters: Version: !Join ['-', [!Ref MDSVersion, MGMT]] MDSSecurityGroup: @@ -463,7 +463,7 @@ Resources: Type: AWS::CloudFormation::Stack Condition: CreateRole Properties: - TemplateURL: __URL__/iam/cme-iam-role.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cme-iam-role.yaml Parameters: Permissions: !Ref MDSPermissions STSRoles: !Join [',', !Ref MDSSTSRoles] @@ -526,5 +526,5 @@ Resources: - !Join ['', [' pwd_hash="$(echo ', 'Fn::Base64': !Ref MDSPasswordHash, ')"']] - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref MDSMaintenancePasswordHash, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref MDSVersion]]}] - - ' python3 /etc/cloud_config.py sicKey=\"${sic}\" installationType=\"mds\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"mds\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" primary=\"${primary}\" secondary=\"${secondary}\" adminSubnet=\"${admin_subnet}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py sicKey=\"${sic}\" installationType=\"mds\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"mds\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" primary=\"${primary}\" secondary=\"${secondary}\" adminSubnet=\"${admin_subnet}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version \ No newline at end of file diff --git a/aws/templates/single-gw/gateway-master.yaml b/aws/templates/single-gw/gateway-master.yaml index c7c1d195..20c82362 100644 --- a/aws/templates/single-gw/gateway-master.yaml +++ b/aws/templates/single-gw/gateway-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploys a Check Point Security Gateway into a new VPC (__VERSION__) +Description: Deploys a Check Point Security Gateway into a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -350,7 +350,7 @@ Parameters: Type: String Default: '' GatewayHostname: - Description: The name must not contain reserved words. For details, refer to sk40179. (optional) + Description: The name must not contain reserved words. For details, refer to sk40179 (optional). Type: String Default: '' AllowedPattern: '^([A-Za-z]([-0-9A-Za-z]{0,61}[0-9A-Za-z])?|)$' @@ -408,7 +408,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Ref AvailabilityZone NumberOfAZs: 1 @@ -436,7 +436,7 @@ Resources: GatewayStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/gateway/gateway.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gateway/gateway.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID PublicSubnet: !GetAtt VPCStack.Outputs.PublicSubnet1ID diff --git a/aws/templates/single-gw/gateway.yaml b/aws/templates/single-gw/gateway.yaml index 76c5cef6..645eab2f 100644 --- a/aws/templates/single-gw/gateway.yaml +++ b/aws/templates/single-gw/gateway.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploys a Check Point Security Gateway into an existing VPC (__VERSION__) +Description: Deploys a Check Point Security Gateway into an existing VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -344,7 +344,7 @@ Parameters: Type: String Default: '' GatewayHostname: - Description: The name must not contain reserved words. For details, refer to sk40179. (optional) + Description: The name must not contain reserved words. For details, refer to sk40179 (optional). Type: String Default: '' AllowedPattern: '^([A-Za-z]([-0-9A-Za-z]{0,61}[0-9A-Za-z])?|)$' @@ -437,14 +437,14 @@ Resources: Condition: EnableCloudWatch Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/iam/cloudwatch-policy.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cloudwatch-policy.yaml Parameters: PolicyName: !If [ ProvidedResourcesTag, !Ref ResourcesTagName, !Ref 'AWS::StackName' ] PolicyRole: !Ref GatewayIAMRole AMI: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml Parameters: Version: !Join ['-', [!Ref GatewayVersion,GW]] ExternalNetworkInterface: @@ -559,7 +559,7 @@ Resources: - !Join ['', [' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayMaintenancePasswordHash, ')"']] - !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']] - !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${token}\"" installationType=\"gateway\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"gateway\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${token}\"" installationType=\"gateway\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"gateway\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version PublicAddress: Type: AWS::EC2::EIP diff --git a/aws/templates/standalone/standalone-master.yaml b/aws/templates/standalone/standalone-master.yaml index 42832747..6c9847cc 100644 --- a/aws/templates/standalone/standalone-master.yaml +++ b/aws/templates/standalone/standalone-master.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: 2010-09-09 Description: Deploys either a manually configurable or a Check Point CloudGuard IaaS - Security Gateway & Management (Standalone) instance in a new VPC (__VERSION__) + Security Gateway & Management (Standalone) instance in a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -323,7 +323,7 @@ Parameters: Type: String Default: '' StandaloneHostname: - Description: (optional) + Description: The name must not contain reserved words. For details, refer to sk40179 (optional). Type: String Default: '' AllowedPattern: '^([A-Za-z]([-0-9A-Za-z]{0,61}[0-9A-Za-z])?|)$' @@ -374,7 +374,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Ref AvailabilityZone NumberOfAZs: 1 @@ -401,7 +401,7 @@ Resources: StandaloneStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/gateway/standalone.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/gateway/standalone.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID PublicSubnet: !GetAtt VPCStack.Outputs.PublicSubnet1ID diff --git a/aws/templates/standalone/standalone.yaml b/aws/templates/standalone/standalone.yaml index cc565f6c..a73e2d34 100644 --- a/aws/templates/standalone/standalone.yaml +++ b/aws/templates/standalone/standalone.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: 2010-09-09 Description: Deploys either a manually configurable or a Check Point CloudGuard IaaS - Security Gateway & Management (Standalone) instance into an existing VPC (__VERSION__) + Security Gateway & Management (Standalone) instance into an existing VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -316,7 +316,7 @@ Parameters: Type: String Default: '' StandaloneHostname: - Description: (optional) + Description: The name must not contain reserved words. For details, refer to sk40179 (optional). Type: String Default: '' AllowedPattern: '^([A-Za-z]([-0-9A-Za-z]{0,61}[0-9A-Za-z])?|)$' @@ -402,14 +402,14 @@ Resources: Condition: EnableCloudWatch Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/iam/cloudwatch-policy.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/iam/cloudwatch-policy.yaml Parameters: PolicyName: !If [ ProvidedResourcesTag, !Ref ResourcesTagName, !Ref 'AWS::StackName' ] PolicyRole: !Ref StandaloneIAMRole AMI: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/amis.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml Parameters: Version: !If [IsBYOL, !Join ['-', [!Ref StandaloneVersion,MGMT]], !Ref StandaloneVersion] ExternalNetworkInterface: @@ -510,7 +510,7 @@ Resources: - !Join [ '', [ ' pwd_hash="$(echo ', 'Fn::Base64': !Ref StandalonePasswordHash, ')"' ] ] - !Join [ '', [ ' maintenance_pwd_hash="$(echo ', 'Fn::Base64': !Ref StandaloneMaintenancePasswordHash, ')"' ] ] - !Sub [ ' version=${Version}', { Version: !Select [ 0, !Split [ '-', !Ref StandaloneVersion ] ] } ] - - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" installationType=\"standalone\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"__VERSION__\" templateName=\"standalone\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" adminSubnet=\"${admin_subnet}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"' + - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" installationType=\"standalone\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20240204\" templateName=\"standalone\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" MaintenanceModePassword=\"${maintenance_pwd_hash}\" adminSubnet=\"${admin_subnet}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"' VersionDescription: Initial template version PublicAddress: Type: AWS::EC2::EIP diff --git a/aws/templates/tgw-asg/tgw-asg-master.yaml b/aws/templates/tgw-asg/tgw-asg-master.yaml index bd72aa0e..4ddf23df 100644 --- a/aws/templates/tgw-asg/tgw-asg-master.yaml +++ b/aws/templates/tgw-asg/tgw-asg-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server in a new VPC (__VERSION__) +Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server in a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -612,7 +612,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Join [',', !Ref AvailabilityZones] NumberOfAZs: !Ref NumberOfAZs @@ -625,7 +625,7 @@ Resources: MainStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/autoscale/tgw-asg.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/autoscale/tgw-asg.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID GatewaysSubnets: !Join @@ -683,7 +683,7 @@ Outputs: Condition: DeployManagement Rules: GatewayAddressRule: - RuleCondition: !Equals [!Ref ManagementDeploy, 'true'] - Assertions: + RuleCondition: !Equals [!Ref ManagementDeploy, 'true'] + Assertions: - AssertDescription: "Gateway's netowrk to communicate with the Security Management Server must be provided" Assert: !Not [ !Equals [!Ref GatewaysAddresses, '']] diff --git a/aws/templates/tgw-asg/tgw-asg.yaml b/aws/templates/tgw-asg/tgw-asg.yaml index 096570d1..e1a5633f 100644 --- a/aws/templates/tgw-asg/tgw-asg.yaml +++ b/aws/templates/tgw-asg/tgw-asg.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server into an existing VPC (__VERSION__) +Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server into an existing VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -566,7 +566,7 @@ Resources: Type: AWS::CloudFormation::Stack Condition: DeployManagement Properties: - TemplateURL: __URL__/management/management.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/management/management.yaml Parameters: VPC: !Ref VPC ManagementSubnet: !Select [0, !Ref GatewaysSubnets] @@ -620,7 +620,7 @@ Resources: SecurityGatewaysStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/autoscale/autoscale.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/autoscale/autoscale.yaml Parameters: VPC: !Ref VPC GatewaysSubnets: !Join [',', !Ref GatewaysSubnets] @@ -675,7 +675,7 @@ Outputs: Condition: DeployManagement Rules: GatewayAddressRule: - RuleCondition: !Equals [!Ref ManagementDeploy, 'true'] - Assertions: + RuleCondition: !Equals [!Ref ManagementDeploy, 'true'] + Assertions: - AssertDescription: "Gateway's netowrk to communicate with the Security Management Server must be provided" Assert: !Not [ !Equals [!Ref GatewaysAddresses, '']] diff --git a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml index 4c03ed53..4ab74737 100644 --- a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml +++ b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Check Point TGW Cross Availabilty Zone Cluster in a new VPC (__VERSION__) +Description: Deploy a Check Point TGW Cross Availabilty Zone Cluster in a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -427,7 +427,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Join [',', !Ref AvailabilityZones] NumberOfAZs: 2 @@ -451,7 +451,7 @@ Resources: Type: AWS::CloudFormation::Stack DependsOn: VPCStack Properties: - TemplateURL: __URL__/cluster/tgw-cross-az-cluster.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/cluster/tgw-cross-az-cluster.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID PublicSubnetA: !GetAtt VPCStack.Outputs.PublicSubnet1ID @@ -518,12 +518,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [ [ !Ref MemberBToken ], !Ref MemberAToken ] diff --git a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml index 92cce90f..63062132 100644 --- a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml +++ b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml @@ -1,7 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploys a Check Point TGW Cross Availabilty Zone Cluster into an - existing VPC - (__VERSION__) +Description: Deploys a Check Point TGW Cross Availabilty Zone Cluster into an existing VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -425,7 +423,7 @@ Resources: ClusterStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/cluster/cross-az-cluster.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/cluster/cross-az-cluster.yaml Parameters: VPC: !Ref VPC PublicSubnetA: !Ref PublicSubnetA @@ -516,12 +514,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [ [ !Ref MemberBToken ], !Ref MemberAToken ] diff --git a/aws/templates/tgw-ha/tgw-ha-master.yaml b/aws/templates/tgw-ha/tgw-ha-master.yaml index dcb860be..503a1b23 100644 --- a/aws/templates/tgw-ha/tgw-ha-master.yaml +++ b/aws/templates/tgw-ha/tgw-ha-master.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploy a Check Point TGW HA cross AZ Cluster in a new VPC (__VERSION__) +Description: Deploy a Check Point TGW HA cross AZ Cluster in a new VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -428,7 +428,7 @@ Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/utils/vpc.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml Parameters: AvailabilityZones: !Join [',', !Ref AvailabilityZones] NumberOfAZs: 2 @@ -451,7 +451,7 @@ Resources: ClusterStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/cluster/tgw-ha.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/cluster/tgw-ha.yaml Parameters: VPC: !GetAtt VPCStack.Outputs.VPCID PublicSubnetA: !GetAtt VPCStack.Outputs.PublicSubnet1ID @@ -515,12 +515,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [ [ !Ref MemberBToken ], !Ref MemberAToken ] diff --git a/aws/templates/tgw-ha/tgw-ha.yaml b/aws/templates/tgw-ha/tgw-ha.yaml index d05a2e2b..9a20ff99 100644 --- a/aws/templates/tgw-ha/tgw-ha.yaml +++ b/aws/templates/tgw-ha/tgw-ha.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: 2010-09-09 -Description: Deploys a Check Point TGW HA Cluster into an existing VPC (__VERSION__) +Description: Deploys a Check Point TGW HA Cluster into an existing VPC (20240204) Metadata: AWS::CloudFormation::Interface: ParameterGroups: @@ -423,7 +423,7 @@ Resources: ClusterStack: Type: AWS::CloudFormation::Stack Properties: - TemplateURL: __URL__/cluster/geo-cluster.yaml + TemplateURL: https://cgi-cfts.s3.amazonaws.com/cluster/geo-cluster.yaml Parameters: VPC: !Ref VPC PublicSubnetA: !Ref PublicSubnetA @@ -511,12 +511,12 @@ Rules: MemberATokenNotProvided: RuleCondition: !Equals [!Ref MemberAToken, ''] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member A can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member A can not be empty." Assert: !Equals [!Ref MemberBToken, ''] MemberBTokenNotProvided: RuleCondition: !Equals [ !Ref MemberBToken, '' ] Assertions: - - AssertDescription: "Smart-1 Cloud Token for member B can not be empty" + - AssertDescription: "Smart-1 Cloud Token for member B can not be empty." Assert: !Equals [ !Ref MemberAToken, '' ] MembersTokenValueEquals: RuleCondition: !EachMemberEquals [ [ !Ref MemberBToken ], !Ref MemberAToken ] diff --git a/terraform/alicloud/cluster-master/README.md b/terraform/alicloud/cluster-master/README.md index 010a8a35..06b5ddf1 100755 --- a/terraform/alicloud/cluster-master/README.md +++ b/terraform/alicloud/cluster-master/README.md @@ -162,7 +162,7 @@ ram_role_name = "" | Template Version | Description | |------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 20240704 | R81 version deprecation | -| 20230829 | Change default Check Point version to R81.20 | +| 20230830 | Change default Check Point version to R81.20 | | 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud | | 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname | | 20230420 | Change alicloud terraform provider version to 1.203.0 | diff --git a/terraform/alicloud/cluster/README.md b/terraform/alicloud/cluster/README.md index 0df21dbd..d057f8a0 100755 --- a/terraform/alicloud/cluster/README.md +++ b/terraform/alicloud/cluster/README.md @@ -146,7 +146,7 @@ ram_role_name = "" | Template Version | Description | |------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 20240704 | R81 version deprecation | -| 20230829 | Change default version to R81.20 | +| 20230830 | Change default Check Point version to R81.20 | | 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud | | 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname | | 20230420 | Change alicloud terraform provider version to 1.203.0 | diff --git a/terraform/alicloud/gateway-master/README.md b/terraform/alicloud/gateway-master/README.md index a90166fb..501fadc7 100755 --- a/terraform/alicloud/gateway-master/README.md +++ b/terraform/alicloud/gateway-master/README.md @@ -143,7 +143,7 @@ allocate_and_associate_eip = true | Template Version | Description | |------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 20240704 | R81 version deprecation | -| 20230829 | Change default Check Point version to R81.20 | +| 20230830 | Change default Check Point version to R81.20 | | 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud | | 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname | | 20230420 | Change alicloud terraform provider version to 1.203.0 | diff --git a/terraform/alicloud/gateway/README.md b/terraform/alicloud/gateway/README.md index 32ba9dfc..737799cd 100755 --- a/terraform/alicloud/gateway/README.md +++ b/terraform/alicloud/gateway/README.md @@ -129,7 +129,7 @@ private_route_table = "rtb-12345678" | Template Version | Description | |------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 20240704 | R81 version deprecation | -| 20230829 | Change default Check Point version to R81.20 | +| 20230830 | Change default Check Point version to R81.20 | | 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud | | 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname | | 20230420 | Change alicloud terraform provider version to 1.203.0 | diff --git a/terraform/alicloud/management-master/README.md b/terraform/alicloud/management-master/README.md index 8e7ea6c2..c3e4b81b 100755 --- a/terraform/alicloud/management-master/README.md +++ b/terraform/alicloud/management-master/README.md @@ -122,9 +122,10 @@ bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt" | Template Version | Description | |------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 20240704 | R81 version deprecation | -| 20230829 | Change default Check Point version to R81.20 | +| 20230830 | Change default Check Point version to R81.20 | | 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud | | 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname | +| 20230512 | New images with Jumbo Hotfix | | 20230420 | Change alicloud terraform provider version to 1.203.0 | | 20230330 | - Added support of ECS disk category.
- Stability fixes. | | 20230129 | First release of R81.20 CloudGuard Management Terraform deployment in Alibaba Cloud. | diff --git a/terraform/alicloud/management/README.md b/terraform/alicloud/management/README.md index 0c07c661..6a0077ec 100755 --- a/terraform/alicloud/management/README.md +++ b/terraform/alicloud/management/README.md @@ -115,12 +115,13 @@ bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt" | Template Version | Description | |------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 20240704 | R81 version deprecation | -| 20230829 | Change default Check Point version to R81.20 | +| 20230830 | Change default Check Point version to R81.20 | | 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud | | 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname | +| 20230512 | New images with Jumbo Hotfix | | 20230420 | Change alicloud terraform provider version to 1.203.0 | | 20230330 | - Added support of ECS disk category.
- Stability fixes. | -| 20230129 | First release of R81.20 CloudGuard Management Terraform deployment in Alibaba Cloud. | | | | +| 20230129 | First release of R81.20 CloudGuard Management Terraform deployment in Alibaba Cloud. | | 20211011 | First release of Check Point CloudGaurd Management Terraform deployment into an existing VPC in Alibaba cloud. | ## License diff --git a/terraform/aws/autoscale-gwlb/README.md b/terraform/aws/autoscale-gwlb/README.md index 1ca4b595..b6c58219 100755 --- a/terraform/aws/autoscale-gwlb/README.md +++ b/terraform/aws/autoscale-gwlb/README.md @@ -117,7 +117,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|------------------| +|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|----------| | prefix | (Optional) Instances name prefix | string | n/a | "" | no | | asg_name | Autoscaling Group name | string | n/a | Check-Point-ASG-tf | no | | vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes | diff --git a/terraform/aws/autoscale/README.md b/terraform/aws/autoscale/README.md index 38d4d034..a46954ae 100755 --- a/terraform/aws/autoscale/README.md +++ b/terraform/aws/autoscale/README.md @@ -126,7 +126,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|----------| +|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|----------| | prefix | (Optional) Instances name prefix | string | n/a | "" | no | | asg_name | Autoscaling Group name | string | n/a | Check-Point-ASG-tf | no | | vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes | diff --git a/terraform/aws/cluster/README.md b/terraform/aws/cluster/README.md index ecb44584..e1b48f4f 100755 --- a/terraform/aws/cluster/README.md +++ b/terraform/aws/cluster/README.md @@ -133,7 +133,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|-----------| +|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------| | vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes | | public_subnet_id | The public subnet of the cluster. The cluster's public IPs will be generated from this subnet | string | n/a | n/a | yes | | private_subnet_id | The private subnet of the cluster. The cluster's private IPs will be generated from this subnet | string | n/a | n/a | yes | diff --git a/terraform/aws/gateway/README.md b/terraform/aws/gateway/README.md index fefc7512..52c8ff8a 100755 --- a/terraform/aws/gateway/README.md +++ b/terraform/aws/gateway/README.md @@ -124,7 +124,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------| +|------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|----------| | vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes | | public_subnet_id | The public subnet of the security gateway | string | n/a | n/a | yes | | private_subnet_id | The private subnet of the security gateway | string | n/a | n/a | yes | diff --git a/terraform/aws/gwlb-master/README.md b/terraform/aws/gwlb-master/README.md index c84a3ee7..2adb1f59 100755 --- a/terraform/aws/gwlb-master/README.md +++ b/terraform/aws/gwlb-master/README.md @@ -158,7 +158,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------| +|-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------| | vpc_cidr | The CIDR block of the VPC | string | n/a | n/a | yes | | public_subnets_map | A map of pairs {availability-zone = subnet-suffix-number}. Each entry creates a subnet. Minimum 1 pair. (e.g. {\"us-east-1a\" = 1} ) | map | n/a | n/a | yes | | subnets_bit_length | Number of additional bits with which to extend the vpc cidr. For example, if given a vpc_cidr ending in /16 and a subnets_bit_length value of 4, the resulting subnet address will have length /20 | number | n/a | n/a | yes | @@ -199,6 +199,7 @@ secret_key = "my-secret-key" | gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | | management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | + ## Outputs | Name | Description | |---------------------|---------------------------------------------------------------------------------------| diff --git a/terraform/aws/qs-autoscale-master/README.md b/terraform/aws/qs-autoscale-master/README.md index 6d140f0f..0c998024 100755 --- a/terraform/aws/qs-autoscale-master/README.md +++ b/terraform/aws/qs-autoscale-master/README.md @@ -167,6 +167,7 @@ secret_key = "my-secret-key" ``` ## Inputs + | Name | Description | Type | Allowed values | Default | Required | |-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------| | prefix | (Optional) Instances name prefix | string | n/a | "" | no | diff --git a/terraform/aws/qs-autoscale/README.md b/terraform/aws/qs-autoscale/README.md index 68244779..ee559913 100755 --- a/terraform/aws/qs-autoscale/README.md +++ b/terraform/aws/qs-autoscale/README.md @@ -154,8 +154,9 @@ secret_key = "my-secret-key" ``` ## Inputs + | Name | Description | Type | Allowed values | Default | Required | -|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------| +|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------| | prefix | (Optional) Instances name prefix | string | n/a | "" | no | | asg_name | Autoscaling Group name | string | n/a | Check-Point-ASG-tf | no | | vpc_id | Select an existing VPC | string | n/a | n/a | yes | @@ -194,6 +195,7 @@ secret_key = "my-secret-key" | gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | | management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | + ## Outputs | Name | Description | |----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| diff --git a/terraform/aws/standalone-master/locals.tf b/terraform/aws/standalone-master/locals.tf index 61326301..e2e6ab47 100755 --- a/terraform/aws/standalone-master/locals.tf +++ b/terraform/aws/standalone-master/locals.tf @@ -32,5 +32,4 @@ locals { // Will fail if var.standalone_password_hash is invalid regex_standalone_password_hash = regex(local.regex_valid_standalone_password_hash, var.standalone_password_hash) == var.standalone_password_hash ? 0 : "Variable [standalone_password_hash] must be a valid password hash" regex_maintenance_mode_password_hash = regex(local.regex_valid_standalone_password_hash, var.standalone_maintenance_mode_password_hash) == var.standalone_maintenance_mode_password_hash ? 0 : "Variable [standalone_maintenance_mode_password_hash] must be a valid password hash" - } \ No newline at end of file diff --git a/terraform/aws/standalone/README.md b/terraform/aws/standalone/README.md index e16f1fe8..1614c44d 100755 --- a/terraform/aws/standalone/README.md +++ b/terraform/aws/standalone/README.md @@ -114,7 +114,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------|----------| +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|----------| | vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes | | public_subnet_id | The public subnet of the Security Gateway & Management (Standalone) | string | n/a | n/a | yes | | private_subnet_id | The private subnet of the Security Gateway & Management (Standalone) | string | n/a | n/a | yes | @@ -143,6 +143,7 @@ secret_key = "my-secret-key" | gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | n/a | 0.0.0.0/0 | no | | standalone_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | + ## Outputs | Name | Description | |--------------------------|------------------------------------------------------------------------------| @@ -154,20 +155,9 @@ secret_key = "my-secret-key" ## Revision History In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585) + | Template Version | Description | -|------------------|------------------------------------------------------------------------------------------------------------------| -| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. | -| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only | -| 20231113 | Add support for BYOL license type for Standalone | -| 20231012 | Update AWS Terraform provider version to 5.20.1 | -| 20230923 | Add support for C5d instance type | -| 20230914 | Add support for maintenance mode password | -| 20230829 | Change default Check Point version to R81.20 | -| 20230806 | Add support for c6in instance type | -| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname | -| 20221123 | R81.20 version support | -| 20220606 | New instance type support | -| 20210329 | Stability fixes | +|--------------------|------------------------------------------------------------------------------------------------------------------| | 20210309 | First release of Check Point Security Management Server & Security Gateway (Standalone) Terraform module for AWS | ## License diff --git a/terraform/aws/tgw-cross-az-cluster-master/README.md b/terraform/aws/tgw-cross-az-cluster-master/README.md index 3a821c9c..6f488b2d 100755 --- a/terraform/aws/tgw-cross-az-cluster-master/README.md +++ b/terraform/aws/tgw-cross-az-cluster-master/README.md @@ -140,7 +140,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------| +|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|----------| | vpc_cidr | The CIDR block of the VPC | string | n/a | n/a | yes | | public_subnets_map | A map of pairs {availability-zone = subnet-suffix-number}. Each entry creates a subnet. Minimum 2 pairs. (e.g. {\"us-east-1a\" = 1 \"us-east-1b\" = 2} ) | map | n/a | n/a | yes | | private_subnets_map | A map of pairs {availability-zone = subnet-suffix-number}. Each entry creates a subnet. Minimum 2 pairs. (e.g. {\"us-east-1a\" = 3 \"us-east-1b\" = 4} ) | map | n/a | n/a | yes | @@ -173,6 +173,7 @@ secret_key = "my-secret-key" | secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no | | gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | + ## Outputs | Name | Description | |--------------------|-----------------------------------| diff --git a/terraform/aws/tgw-cross-az-cluster/README.md b/terraform/aws/tgw-cross-az-cluster/README.md index a8fd8013..de08521c 100755 --- a/terraform/aws/tgw-cross-az-cluster/README.md +++ b/terraform/aws/tgw-cross-az-cluster/README.md @@ -135,7 +135,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------| +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------| | vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes | | public_subnet_id | The public subnet of the cluster. The cluster's public IPs will be generated from this subnet | string | n/a | n/a | yes | | private_subnet_id | The private subnet of the cluster. The cluster's private IPs will be generated from this subnet | string | n/a | n/a | yes | @@ -168,6 +168,8 @@ secret_key = "my-secret-key" | primary_ntp | (Optional) The IPv4 addresses of Network Time Protocol primary server | string | n/a | 169.254.169.123 | no | | secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no | | gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | +| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | + ## Outputs | Name | Description | diff --git a/terraform/aws/tgw-gwlb-master/README.md b/terraform/aws/tgw-gwlb-master/README.md index a28b180a..28d62d04 100755 --- a/terraform/aws/tgw-gwlb-master/README.md +++ b/terraform/aws/tgw-gwlb-master/README.md @@ -176,7 +176,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------| +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|-----------| | vpc_cidr | The CIDR block of the VPC | string | n/a | n/a | yes | | subnets_bit_length | Number of additional bits with which to extend the vpc cidr. For example, if given a vpc_cidr ending in /16 and a subnets_bit_length value of 4, the resulting subnet address will have length /20 | number | n/a | n/a | yes | | public_subnets_map | A map of pairs {availability-zone = subnet-suffix-number}. Each entry creates a subnet. Minimum 1 pair. (e.g. {\"us-east-1a\" = 1} ) | map | n/a | n/a | yes | @@ -228,6 +228,7 @@ secret_key = "my-secret-key" | gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | | management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | + ## Outputs | Name | Description | |---------------------|---------------------------------------------------------------------------------------| diff --git a/terraform/aws/tgw-gwlb/README.md b/terraform/aws/tgw-gwlb/README.md index 5daec1a3..d85546e3 100755 --- a/terraform/aws/tgw-gwlb/README.md +++ b/terraform/aws/tgw-gwlb/README.md @@ -172,7 +172,7 @@ secret_key = "my-secret-key" ## Inputs | Name | Description | Type | Allowed values | Default | Required | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------| +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------| | vpc_id | Select an existing VPC | string | n/a | n/a | yes | | internet_gateway_id | VPC's Internet Gateway Id | string | n/a | n/a | yes | | availability_zones | The Availability Zones (AZs) to use for the subnets in the VPC. | string | n/a | n/a | yes | @@ -227,6 +227,7 @@ secret_key = "my-secret-key" | gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | | management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no | + ## Outputs | Name | Description | |---------------------|---------------------------------------------------------------------------------------|