mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update ES

This commit is contained in:
Gene Wood 2018-10-16 14:57:21 -07:00
Родитель fe452fc9eb
Коммит e6f0639d3c
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: F0A9E7DCD39E452E
3 изменённых файлов: 38 добавлений и 59 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

16
cloudy_mozdef/cloudformation/base-iam.yml
Просмотреть файл

@ -18,27 +18,11 @@ Resources:
# Attach the instance profile here for cleanlieness.
InstanceProfile:
Type: "AWS::IAM::InstanceProfile"
DependsOn: WebRole
Properties:
Roles:
-
Ref: WebRole
# Add an SSM parameter for easy discovery.
WebArnParameter:
Type: "AWS::SSM::Parameter"
DependsOn: [WebRole]
Properties:
Description: 'MozDef Web Role'
Name: '/MozDef/instance_role_arn'
Type: String
Value: !GetAtt WebRole.Arn
Outputs:
WebRoleArn:
Description: The arn of the delivery server role.
Value: !GetAtt WebRole.Arn
WebRoleName:
Description: The name of the delivery server role.
Value: !Ref WebRole
InstanceProfileArn:
Description: The arn of the instanceprofile.
Value: !GetAtt InstanceProfile.Arn

41
cloudy_mozdef/cloudformation/mozdef-es.yml
Просмотреть файл

@ -4,11 +4,11 @@ Parameters:
SubnetIds:
Type: "List<AWS::EC2::Subnet::Id>"
Description: "Comma-delimited list of subnet IDs within which the ElasticSearch instance will be provisioned."
Default: "subnet-8931f7ee"
Default: "subnet-dd8eacb5,subnet-df8eacb7,subnet-de8eacb6"
BlockStoreSizeGB:
Type: Number
Default: 100
Description: "The size of the Elastic Block Store to have back ElasticSearch, in GigaBytes."
Default: 100
VpcId:
Type: "AWS::EC2::VPC::Id"
Description: "The VPC ID of the VPC to deploy in"
@ -28,20 +28,12 @@ Resources:
# Properties:
# AWSServiceName: "es.amazonaws.com"
# Description: "Role to enable Amazon ES to manage your cluster."
ElasticSearchMozDefWaitConditionHandle:
Type: "AWS::CloudFormation::WaitConditionHandle"
ElasticSearchMozDefWaitCondition:
Type: "AWS::CloudFormation::WaitCondition"
DependsOn: "MozDefElasticSearch"
Properties:
Handle:
Ref: "ElasticSearchMozDefWaitConditionHandle"
Timeout: "1200"
MozDefElasticSearch:
Type: "AWS::Elasticsearch::Domain"
Properties:
VPCOptions:
SubnetIds: !Ref SubnetIds
SubnetIds:
- !Select [ 0, !Ref SubnetIds ]
EBSOptions:
EBSEnabled: true
VolumeType: "gp2"
@ -82,38 +74,13 @@ Resources:
Key: "application"
Value: "mozdef"
VpcId: !Ref VpcId
ElasticsearchDomainEndpointParameter:
Type: "AWS::SSM::Parameter"
Properties:
Description: "MozDef ES Cluster Endpoint"
Name: "/MozDef/es_cluster_endpoint"
Type: String
Value: !GetAtt MozDefElasticSearch.DomainEndpoint
ElasticsearchKibanaURLParameter:
Type: "AWS::SSM::Parameter"
Properties:
Description: "MozDef ES Kibana URL"
Name: "/MozDef/es_kibana_url"
Type: String
Value: !Join [ '', [ 'https://', !GetAtt MozDefElasticSearch.DomainEndpoint, "/_plugin/kibana/" ] ]
Outputs:
ElasticsearchDomainArn:
Description: "ARN of the provisioned ElasticSearch Cluster"
Value: !GetAtt MozDefElasticSearch.DomainArn
Export:
Name: "ElasticsearchDomainArn"
ElasticsearchDomainEndpoint:
Description: "Endpoint of the provisioned ElasticSearch Cluster"
Value: !GetAtt MozDefElasticSearch.DomainEndpoint
Export:
Name: "ElasticsearchDomainEndpoint"
ElasticsearchKibanaURL:
Description: "URL for the Kibana UI"
Value: !Join [ '', [ 'https://', !GetAtt MozDefElasticSearch.DomainEndpoint, "/_plugin/kibana/" ] ]
Export:
Name: "ElasticsearchKibanaURL"
ElasticsearchWaitHandle:
Description: "A wait handle that waits until the Elastic Search instances are up"
Value: !GetAtt ElasticSearchMozDefWaitCondition.Data
Export:
Name: "ElasticseachWaitHandle"

40
cloudy_mozdef/cloudformation/mozdef-parent.yml
Просмотреть файл

@ -1,10 +1,28 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: Deploy MozDef into AWS
Metadata:
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: 'VPC Settings'
Parameters:
- VpcId
- PublicSubnetIds
- Label:
default: 'EC2 Instance'
Parameters:
- InstanceType
- KeyName
- AMIImageId
Parameters:
VpcId:
Type: "AWS::EC2::VPC::Id"
Description: "The VPC ID of the VPC to deploy in"
Default: "vpc-dc8eacb4"
PublicSubnetIds:
Type: "List<AWS::EC2::Subnet::Id>"
Description: "A comma delimited list of public subnet IDs"
Default: "subnet-dd8eacb5,subnet-df8eacb7,subnet-de8eacb6"
InstanceType:
Type: "String"
Default: "m5.large"
@ -13,14 +31,10 @@ Parameters:
Type: "AWS::EC2::KeyPair::KeyName"
Description: "Name of an existing EC2 KeyPair to enable SSH access to the web server"
Default: "infosec-pdx-workweek-2018"
PublicSubnetIds:
Type: "List<AWS::EC2::Subnet::Id>"
Description: "A comma delimited list of public subnet IDs"
Default: "subnet-dd8eacb5,subnet-df8eacb7,subnet-de8eacb6"
AMIImageId:
Type: "String"
Description: "The AMI Image ID to use of the EC2 instance"
Default: "ami-09c6e771"
Default: "ami-0e7bda6769c8b3854"
Resources:
MozDefSecurityGroups:
Type: AWS::CloudFormation::Stack
@ -38,6 +52,7 @@ Resources:
TemplateURL: https://s3-us-west-2.amazonaws.com/mozdef.infosec.mozilla.org/cf/base-iam.yml
MozDefInstance:
Type: AWS::CloudFormation::Stack
DependsOn: [MozDefES] # The user_data provisioning needs to wait until the ES index creation process completes
Properties:
Parameters:
VpcId: !Ref VpcId
@ -51,4 +66,17 @@ Resources:
Tags:
- Key: application
Value: mozdef
TemplateURL: https://s3-us-west-2.amazonaws.com/mozdef.infosec.mozilla.org/cf/mozdef-instance.yml
TemplateURL: https://s3-us-west-2.amazonaws.com/mozdef.infosec.mozilla.org/cf/mozdef-instance.yml
MozDefES:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
SubnetIds: !Join [ ",", !Ref PublicSubnetIds ]
BlockStoreSizeGB: 100
VpcId: !Ref VpcId
MozDefInstanceSecurityGroup: !GetAtt MozDefSecurityGroups.Outputs.MozDefSecurityGroupId
ESInstanceCount: 1
Tags:
- Key: application
Value: mozdef
TemplateURL: https://s3-us-west-2.amazonaws.com/mozdef.infosec.mozilla.org/cf/mozdef-es.yml