Skip to content

Commit

Permalink
readme main submiodules
Browse files Browse the repository at this point in the history
  • Loading branch information
chkp-guybarak committed Dec 24, 2024
1 parent d3c1e4d commit cbae893
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 428 deletions.
32 changes: 32 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,41 @@ This repository provides a structured set of Terraform modules for deploying Che
## Available Submodules

**Submodules:**
* [`autoscale`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/autoscale) - Deploys Auto Scaling Group of CloudGuard Security Gateways into an existing VPC.
* [`autoscale_gwlb`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/autoscale_gwlb) - Deploys Auto Scaling Group of CloudGuard Security Gateways into an existing VPC.
* [`cluster`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/cluster) - Deploys CloudGuard Network Security Cluster into an existing VPC on AWS.
* [`cluster_master`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/cluster_master) - Deploys CloudGuard Network Security Cluster into a new VPC.
* [`cme_iam_role`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/cme_iam_role) - Creates AWS IAM Role for Cloud Management Extension (CME) on Security Management Server.
* [`cme_iam_role_gwlb`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/cme_iam_role_gwlb) - Creates AWS IAM Role for Cloud Management Extension (CME) manages Gateway Load Balancer Auto Scale Group on Security Management Server.
* [`cross_az_cluster`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/cross_az_cluster) - Deploys Check Point CloudGuard Network Security Cross AZ Cluster into an existing VPC on AWS.
* [`cross_az_cluster_master`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/cross_az_cluster_master) - Deploys Check Point CloudGuard Network Security Cross AZ Cluster into into a new VPC.
* [`gateway`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/gateway) - Deploys Check Point CloudGuard Network Security Gateway into an existing VPC.
* [`gateway_master`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/gateway_master) -Check Point CloudGuard Network Security Gateway into a new VPC.
* [`gwlb`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/gwlb) - Deploys AWS Auto Scaling group configured for Gateway Load Balancer into an existing VPC.
* [`gwlb_master`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/gwlb_master) - Deploys AWS Auto Scaling group configured for Gateway Load Balancer into a new VPC.
* [`management`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/management) - Deploys CloudGuard Network Security Management Server into an existing VPC.
* [`mds`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/mds) - Deploys CloudGuard Network Multi-Domain Server into an existing VPC.
* [`qs_autoscale`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/qs_autoscale) - Deploys CloudGuard Network Security Gateway Auto Scaling Group, an external ALB/NLB, and optionally a Security Management Server and a web server Auto Scaling Group.
* [`qs_autoscale_master`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/qs_autoscale_master) - Deploys CloudGuard Network Security Gateway Auto Scaling Group, an external ALB/NLB, and optionally a Security Management Server and a web server Auto Scaling Group in a new VPC.
* [`standalone`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/standalone) - Check Point CloudGuard Network Security Gateway & Management (Standalone) instance into an existing VPC.
* [`standalone_master`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/standalone_master) - CloudGuard Network Security Gateway & Management (Standalone) instance into a new VPC.
* [`tap`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/tap) - Deploys TAP solution in an existing VPC on AWS.
* [`tgw_asg`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/tgw_asg) - Deploys CloudGuard Network Security Gateway Auto Scaling Group for Transit Gateway with an optional Management Server into an existing VPC.
* [`tgw_asg_master`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/tgw_asg_master) - CloudGuard Network Security Gateway Auto Scaling Group for Transit Gateway with an optional Management Server in a new VPC.
* [`tgw_cross_az_cluster`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/tgw_cross_az_cluster) - Deploys CloudGuard Network Security Cross AZ Cluster into an existing VPC on AWS for Transit Gateway.
* [`tgw_cross_az_cluster_master`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/tgw_cross_az_cluster_master) - Deploys CloudGuard Network Security Cross AZ Cluster with a new VPC on AWS for Transit Gateway.
* [`tgw_gwlb`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/tgw_gwlb) - Deploys WS Auto Scaling group configured for Gateway Load Balancer into existing Centralized Security VPC for Transit Gateway.
* [`tgw_gwlb_master`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/tgw_gwlb_master) - Deploys AWS Auto Scaling group configured for Gateway Load Balancer into new Centralized Security VPC for Transit Gateway.


**Internal Submodules:**
* [`amis`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/amis)
* [`cloudwatch_policy`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/cloudwatch_policy)
* [`cluster_iam_role`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/cluster_iam_role)
* [`common`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/common)
* [`custom_autoscale`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/custom_autoscale)
* [`vpc`](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest/submodules/vpc)


___

Expand Down
125 changes: 4 additions & 121 deletions modules/gateway_master/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,130 +18,13 @@ This solution uses the following modules:
- /terraform/aws/amis
- /terraform/aws/vpc

## Configurations
## Usage
Follow best practices for using CGNS modules on [the root page](https://registry.terraform.io/modules/chkp-guybarak/guy-test1/aws/latest#:~:text=Best%20Practices%20for%20Using%20Our%20Modules).

The **main.tf** file includes the following provider configuration block used to configure the credentials for the authentication with AWS, as well as a default region for your resources:
```
provider "aws" {
region = var.region
access_key = var.access_key
secret_key = var.secret_key
}
```
The provider credentials can be provided either as static credentials or as [Environment Variables](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#environment-variables).
- Static credentials can be provided by adding an access_key and secret_key in /terraform/aws/gateway_master/**terraform.tfvars** file as follows:
```
region = "us-east-1"
access_key = "my-access-key"
secret_key = "my-secret-key"
**Instead of the standard terraform apply command, use the following:**
```
- In case the Static credentials are used, perform modifications described below:<br/>
a. The next lines in main.tf file, in the provider aws resource, need to be commented for sub-module /terraform/aws/gateway:
```
provider "aws" {
// region = var.region
// access_key = var.access_key
// secret_key = var.secret_key
}
```
- In case the Environment Variables are used, perform modifications described below:<br/>
a. The next lines in main.tf file, in the provider aws resource, need to be commented:
```
provider "aws" {
// region = var.region
// access_key = var.access_key
// secret_key = var.secret_key
}
```
b. The next lines in main.tf file, in the provider aws resource, need to be commented for sub-module /terraform/aws/gateway:
```
provider "aws" {
// region = var.region
// access_key = var.access_key
// secret_key = var.secret_key
}
## Usage
- Fill all variables in the /terraform/aws/gateway_master/**terraform.tfvars** file with proper values (see below for variables descriptions).
- From a command line initialize the Terraform configuration directory:
```
terraform init
```
- Create an execution plan:
```
terraform plan
```
- Create or modify the deployment:
- Due to terraform limitation, the apply command is:
```
terraform apply -target=module.gateway-test.aws_route_table.private_subnet_rtb -auto-approve && terraform apply
```
>Once terraform is updated, we will update accordingly.
- Variables are configured in /terraform/aws/gateway_master/**terraform.tfvars** file as follows:
```
//PLEASE refer to README.md for accepted values FOR THE VARIABLES BELOW

// --- VPC Network Configuration ---
vpc_cidr = "10.0.0.0/16"
public_subnets_map = {
"us-east-1a" = 1
}
private_subnets_map = {
"us-east-1a" = 2
}
subnets_bit_length = 8

// --- EC2 Instance Configuration ---
gateway_name = "Check-Point-Gateway-tf"
gateway_instance_type = "c5.xlarge"
key_name = "publickey"
allocate_and_associate_eip = true
volume_size = 100
volume_encryption = ""
enable_instance_connect = false
disable_instance_termination = false
instance_tags = {
key1 = "value1"
key2 = "value2"
}

// --- Check Point Settings ---
gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
gateway_maintenance_mode_password_hash = "" # For R81.10 and below the gateway_password_hash is used also as maintenance-mode password.
// --- Quick connect to Smart-1 Cloud (Recommended) ---
gateway_TokenKey = ""

// --- Advanced Settings ---
resources_tag_name = "tag-name"
gateway_hostname = "gw-hostname"
allow_upload_download = true
enable_cloudwatch = false
gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
primary_ntp = ""
secondary_ntp = ""

// --- (Optional) Automatic Provisioning with Security Management Server Settings ---
control_gateway_over_public_or_private_address = "private"
management_server = ""
configuration_template = ""
```
- Conditional creation
- To create an Elastic IP and associate it to the Gateway instance:
```
allocate_and_associate_eip = true
```
- To tear down your resources:
```
terraform destroy
```
```


## Inputs
Expand Down
Loading

0 comments on commit cbae893

Please sign in to comment.