From dc62a20102bdc10581d0deb36601cfdee8e2b15e Mon Sep 17 00:00:00 2001 From: meravbe Date: Mon, 27 Nov 2023 15:49:53 +0200 Subject: [PATCH] add parameter admin_shell --- terraform/aws/qs-autoscale-master/README.md | 5 ++++- terraform/aws/qs-autoscale-master/main.tf | 1 + terraform/aws/qs-autoscale-master/terraform.tfvars | 1 + terraform/aws/qs-autoscale-master/variables.tf | 5 +++++ terraform/aws/qs-autoscale/README.md | 4 ++++ terraform/aws/qs-autoscale/main.tf | 2 ++ terraform/aws/qs-autoscale/terraform.tfvars | 1 + terraform/aws/qs-autoscale/variables.tf | 5 +++++ 8 files changed, 23 insertions(+), 1 deletion(-) diff --git a/terraform/aws/qs-autoscale-master/README.md b/terraform/aws/qs-autoscale-master/README.md index 2aa737a5..af7257e2 100755 --- a/terraform/aws/qs-autoscale-master/README.md +++ b/terraform/aws/qs-autoscale-master/README.md @@ -114,6 +114,7 @@ secret_key = "my-secret-key" LB_protocol = "TCP" certificate = "arn:aws:iam::12345678:server-certificate/certificate" service_port = "80" + admin_shell = "/etc/cli.sh" // --- Check Point CloudGuard Network Security Gateways Auto Scaling Group Configuration --- gateway_instance_type = "c5.xlarge" @@ -182,6 +183,7 @@ secret_key = "my-secret-key" | load_balancer_protocol | The protocol to use on the Load Balancer | string | Network Load Balancer:
- TCP
- TLS
- UDP
- TCP_UDP

Application Load Balancer:
- HTTP
- HTTPS | TCP | yes | | certificate | Amazon Resource Name (ARN) of an HTTPS Certificate, ignored if the selected protocol is HTTP | string | n/a | n/a | no | | service_port | The external Load Balancer listens to this port. Leave this field blank to use default ports: 80 for HTTP and 443 for HTTPS | string | n/a | n/a | no | +| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no | | gateways_subnets | Select at least 2 public subnets in the VPC. If you choose to deploy a Security Management Server it will be deployed in the first subnet | list(string) | n/a | n/a | yes | | gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no | | gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no | @@ -191,7 +193,7 @@ secret_key = "my-secret-key" | gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes | | enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no | | management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no | -| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no | +| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no | | management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no | | management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no | | gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no | @@ -238,6 +240,7 @@ In order to check the template version, please refer to [sk116585](https://suppo | 20230829 | Change default Check Point version to R81.20 | | 20230923 | Add support for C5d instance type | | 20231012 | Update AWS Terraform provider version to 5.20.1 | +| 20231127 | Add support for parameter admin shell | ## License diff --git a/terraform/aws/qs-autoscale-master/main.tf b/terraform/aws/qs-autoscale-master/main.tf index 1a3997fb..1ac3f1e5 100755 --- a/terraform/aws/qs-autoscale-master/main.tf +++ b/terraform/aws/qs-autoscale-master/main.tf @@ -33,6 +33,7 @@ module "launch_qs_autoscale" { load_balancer_protocol = var.load_balancer_protocol certificate = var.certificate service_port = var.service_port + admin_shell = var.admin_shell gateways_subnets = module.launch_vpc.public_subnets_ids_list gateway_instance_type = var.gateway_instance_type gateways_min_group_size = var.gateways_min_group_size diff --git a/terraform/aws/qs-autoscale-master/terraform.tfvars b/terraform/aws/qs-autoscale-master/terraform.tfvars index 9f14d39b..1d2fea19 100755 --- a/terraform/aws/qs-autoscale-master/terraform.tfvars +++ b/terraform/aws/qs-autoscale-master/terraform.tfvars @@ -27,6 +27,7 @@ load_balancers_type = "Application Load Balancer" load_balancer_protocol = "HTTP" certificate = "" service_port = "80" +admin_shell = "/etc/cli.sh" // --- Check Point CloudGuard Network Security Gateways Auto Scaling Group Configuration --- gateway_instance_type = "c5.xlarge" diff --git a/terraform/aws/qs-autoscale-master/variables.tf b/terraform/aws/qs-autoscale-master/variables.tf index f602df1f..4757bafc 100755 --- a/terraform/aws/qs-autoscale-master/variables.tf +++ b/terraform/aws/qs-autoscale-master/variables.tf @@ -96,6 +96,11 @@ variable "service_port" { type = string description = "The external Load Balancer listens to this port. Leave this field blank to use default ports: 80 for HTTP and 443 for HTTPS" } +variable "admin_shell" { + type = string + description = "Set the admin shell to enable advanced command line configuration" + default = "/etc/cli.sh" +} // --- Check Point CloudGuard Network Security Gateways Auto Scaling Group Configuration --- variable "gateway_instance_type" { diff --git a/terraform/aws/qs-autoscale/README.md b/terraform/aws/qs-autoscale/README.md index 60232be6..eeba4c45 100755 --- a/terraform/aws/qs-autoscale/README.md +++ b/terraform/aws/qs-autoscale/README.md @@ -99,6 +99,8 @@ secret_key = "my-secret-key" load_balancer_protocol = "HTTP" certificate = "" service_port = "80" + admin_shell = "/etc/cli.sh" + // --- Check Point CloudGuard Network Security Gateways Auto Scaling Group Configuration --- gateways_subnets = ["subnet-123b5678", "subnet-123a4567"] @@ -166,6 +168,7 @@ secret_key = "my-secret-key" | load_balancer_protocol | The protocol to use on the Load Balancer | string | Network Load Balancer:
- TCP
- TLS
- UDP
- TCP_UDP

Application Load Balancer:
- HTTP
- HTTPS | TCP | yes | | certificate | Amazon Resource Name (ARN) of an HTTPS Certificate, ignored if the selected protocol is HTTP | string | n/a | n/a | no | | service_port | The external Load Balancer listens to this port. Leave this field blank to use default ports: 80 for HTTP and 443 for HTTPS | string | n/a | n/a | no | +| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no | | gateways_subnets | Select at least 2 public subnets in the VPC. If you choose to deploy a Security Management Server it will be deployed in the first subnet | list(string) | n/a | n/a | yes | | gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no | | gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no | @@ -220,6 +223,7 @@ In order to check the template version, please refer to [sk116585](https://suppo | 20230923 | Add support for C5d instance type | | 20231012 | Update AWS Terraform provider version to 5.20.1 | | 20231022 | Fixed template to populate x-chkp-tags correctly | +| 20231127 | Add support for parameter admin shell | ## License diff --git a/terraform/aws/qs-autoscale/main.tf b/terraform/aws/qs-autoscale/main.tf index d55b5b0b..c63cbfb3 100755 --- a/terraform/aws/qs-autoscale/main.tf +++ b/terraform/aws/qs-autoscale/main.tf @@ -58,6 +58,7 @@ module "autoscale" { maximum_group_size = var.gateways_max_group_size target_groups = tolist([module.external_load_balancer.target_group_arn]) gateway_version = var.gateway_version + admin_shell = var.admin_shell gateway_password_hash = var.gateway_password_hash gateway_SICKey = var.gateway_SICKey allow_upload_download = var.allow_upload_download @@ -86,6 +87,7 @@ module "management" { disable_instance_termination = var.disable_instance_termination iam_permissions = "Create with read-write permissions" management_version = var.management_version + admin_shell = var.admin_shell management_password_hash = var.management_password_hash allow_upload_download = var.allow_upload_download admin_cidr = var.admin_cidr diff --git a/terraform/aws/qs-autoscale/terraform.tfvars b/terraform/aws/qs-autoscale/terraform.tfvars index 9af94275..e37313dd 100755 --- a/terraform/aws/qs-autoscale/terraform.tfvars +++ b/terraform/aws/qs-autoscale/terraform.tfvars @@ -16,6 +16,7 @@ load_balancers_type = "Application Load Balancer" load_balancer_protocol = "HTTP" certificate = "" service_port = "80" +admin_shell = "/etc/cli.sh" // --- Check Point CloudGuard Network Security Gateways Auto Scaling Group Configuration --- gateways_subnets = ["subnet-123b5678", "subnet-123a4567"] diff --git a/terraform/aws/qs-autoscale/variables.tf b/terraform/aws/qs-autoscale/variables.tf index b6f54030..a30b9f7b 100755 --- a/terraform/aws/qs-autoscale/variables.tf +++ b/terraform/aws/qs-autoscale/variables.tf @@ -79,6 +79,11 @@ variable "service_port" { type = string description = "The external Load Balancer listens to this port. Leave this field blank to use default ports: 80 for HTTP and 443 for HTTPS" } +variable "admin_shell" { + type = string + description = "Set the admin shell to enable advanced command line configuration" + default = "/etc/cli.sh" +} // --- Check Point CloudGuard Network Security Gateways Auto Scaling Group Configuration --- variable "gateways_subnets" {