/
firebox.yaml
133 lines (127 loc) · 3.94 KB
/
firebox.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
AWSTemplateFormatVersion: "2010-09-09"
Description: "Firebox Cloud"
Parameters:
ParamStackName:
Type: String
Description: "Name used in resource tags and names"
ParamFireboxAMI:
Type: String
ParamInstanceType:
Type: String
Description: Allowed instance type for Firebox Cloud AMI.
ParamKeyName:
Type: String
Description: "EC2 Key Pair name for CLI Commands over SSH"
Resources:
FireboxPublicNetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
Description: Firebox Public Network Interface
GroupSet:
- !ImportValue FireboxPublicSecurityGroup
- !ImportValue SSHAdminSecurityGroup
SubnetId: !ImportValue FireboxPublicSubnet
SourceDestCheck: false
Tags:
- Key: Name
Value: FireboxPublicEni
- Key: Stack
Value: !Ref ParamStackName
FireboxManagementNetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
Description: Firebox Management Network Interface
GroupSet:
- !ImportValue FireboxManagementEniSecurityGroup
- !ImportValue SSHAdminSecurityGroup
SubnetId: !ImportValue FireboxManagementSubnet
SourceDestCheck: false
Tags:
- Key: Name
Value: FireboxManagementEni
- Key: Stack
Value: !Ref ParamStackName
FireboxWebServerNetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
Description: Firebox Web Server Network Interface
GroupSet:
- !ImportValue FireboxWebServerEniSecurityGroup
- !ImportValue SSHAdminSecurityGroup
SubnetId: !ImportValue WebServerSubnet
SourceDestCheck: false
Tags:
- Key: Name
Value: FireboxWebServerEni
- Key: Stack
Value: !Ref ParamStackName
Firebox:
Type: "AWS::EC2::Instance"
Properties:
ImageId:
Ref: ParamFireboxAMI
InstanceType:
Ref: ParamInstanceType
NetworkInterfaces:
- NetworkInterfaceId:
Ref: FireboxPublicNetworkInterface
DeviceIndex: '0'
- NetworkInterfaceId:
Ref: FireboxManagementNetworkInterface
DeviceIndex: '1'
- NetworkInterfaceId:
Ref: FireboxWebServerNetworkInterface
DeviceIndex: '2'
KeyName: !Ref ParamKeyName
Tags:
- Key: Name
Value: FireboxCloud
- Key: Stack
Value: !Ref ParamStackName
#Route all traffic to the firebox
#that is destined for teh Interent
#from the web server subnet
FireboxNATRouteWeb:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: "0.0.0.0/0"
NetworkInterfaceId:
!Ref FireboxWebServerNetworkInterface
RouteTableId:
!ImportValue WebServerRouteTable
#Do not want to open to Interent but
#if turning on SSH for testing
#access to packet capture host will need this
FireboxNATRouteMgmt:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: "0.0.0.0/0"
NetworkInterfaceId:
!Ref FireboxManagementNetworkInterface
RouteTableId:
!ImportValue FireboxManagementRouteTable
Outputs:
FireboxManagementNetworkInterface:
Value: !Ref FireboxManagementNetworkInterface
Export:
Name: "FireboxManagementNetworkInterface"
FireboxPublicNetworkInterface:
Value: !Ref FireboxPublicNetworkInterface
Export:
Name: "FireboxPublicNetworkInterface"
FireboxWebServerNetworkInterface:
Value: !Ref FireboxWebServerNetworkInterface
Export:
Name: "FireboxWebServerNetworkInterface"
Firebox:
Value: !Ref Firebox
Export:
Name: "Firebox"
FireboxManagementPrivateIpAddress:
Value: !GetAtt FireboxManagementNetworkInterface.PrimaryPrivateIpAddress
Export:
Name: "FireboxPrimaryManagementIpAddress"
FireboxWebPrivateIpAddress:
Value: !GetAtt FireboxWebServerNetworkInterface.PrimaryPrivateIpAddress
Export:
Name: "FireboxPrimaryWebServerIpAddress"