Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
111 lines (103 sloc) 3.78 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: "Packet Capture Server"
Parameters:
ParamAmi:
Type: String
ParamInstanceType:
Type: String
Default: "t2.micro"
ParamStackName:
Type: String
Description: "Name used in resource tags and names"
ParamKeyName:
Type: String
Description: "EC2 Key Pair name for CLI Commands over SSH"
Resources:
PacketCaptureInstanceNetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
Description: Packet Capture Instance Network Interface
GroupSet:
- !ImportValue FireboxManagementSecurityGroup
- !ImportValue S3CidrSecurityGroup
- !ImportValue SSHAdminSecurityGroup
SubnetId: !ImportValue FireboxManagementSubnet
SourceDestCheck: false
Tags:
- Key: Name
Value: PacketCaptureInstanceEni
- Key: Stack
Value: !Ref ParamStackName
PacketServerRoleProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Roles:
- FireboxLambdaCLIRole
InstanceProfileName: !Join [ "-", [ "pkt-srv-role-profile-", !Ref "AWS::AccountId", !Ref "AWS::Region" ] ]
PacketCaptureServer:
Type: "AWS::EC2::Instance"
Properties:
ImageId: !Ref ParamAmi
InstanceType: !Ref ParamInstanceType
IamInstanceProfile: !Ref PacketServerRoleProfile
NetworkInterfaces:
- NetworkInterfaceId:
Ref: PacketCaptureInstanceNetworkInterface
DeviceIndex: '0'
KeyName: !Ref ParamKeyName
UserData:
Fn::Base64: !Sub
- |
#!/bin/bash -xe
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
service ntpd stop
ntpsrv="amazon.pool.ntp.org"
sed -i "s/0.$ntpsrv/${fireboxmanagementip}/g" /etc/ntp.conf
sed -i "s/server 1.$ntpsrv iburst//g" /etc/ntp.conf
sed -i "s/server 2.$ntpsrv iburst//g" /etc/ntp.conf
sed -i "s/server 3.$ntpsrv iburst//g" /etc/ntp.conf
service ntpd start
yum update -y
yum install -y awslogs
cat /etc/awslogs/awslogs.conf > awslogs.conf
echo "" >> awslogs.conf
echo "[/tmp/packets.txt]" >> awslogs.conf
echo "datetime_format = %b %d %H:%M:%S" >> awslogs.conf
echo "file = /tmp/packets.txt" >> awslogs.conf
echo "buffer_duration = 5000" >> awslogs.conf
echo "log_stream_name = {instance_id}" >> awslogs.conf
echo "initial_position = start_of_file" >> awslogs.conf
echo "log_group_name = /tmp/packets.txt" >> awslogs.conf
cp awslogs.conf /etc/awslogs/awslogs.conf
service awslogs start
chkconfig awslogs on
aws s3 cp s3://${fireboxkeybucket}/${fireboxkey} fb.pem
chmod 700 fb.pem
echo "ssh -i fb.pem admin@${fireboxmanagementip} -p 4118" > capture.sh
echo "tcpdump -G 15 -x" >> capture.sh
echo "exit" >> capture.sh
chmod 700 capture.sh
./capture.sh > /tmp/packets.txt
-
fireboxmanagementip:
'Fn::ImportValue': 'FireboxPrimaryManagementIpAddress'
fireboxkey:
'firebox-cli-ec2-key.pem'
fireboxkeybucket:
'Fn::ImportValue': 'FireboxPrivateBucket'
logbucket:
'Fn::ImportValue': 'FireboxLogBucket'
Tags:
- Key: Name
Value: PacketCapture
- Key: Stack
Value: !Ref ParamStackName
Outputs:
PacketCaptureServer:
Value: !Ref PacketCaptureServer
Export:
Name: "PacketCaptureServer"
PacketCaptureServerIPAddress:
Value: !GetAtt PacketCaptureServer.PrivateIp
Export:
Name: "PacketCaptureServerIPAddress"