diff --git a/cloudy_mozdef/cloudformation/base-iam.yml b/cloudy_mozdef/cloudformation/base-iam.yml index 80737ce2..c77e3033 100644 --- a/cloudy_mozdef/cloudformation/base-iam.yml +++ b/cloudy_mozdef/cloudformation/base-iam.yml @@ -18,27 +18,11 @@ Resources: # Attach the instance profile here for cleanlieness. InstanceProfile: Type: "AWS::IAM::InstanceProfile" - DependsOn: WebRole Properties: Roles: - Ref: WebRole - # Add an SSM parameter for easy discovery. - WebArnParameter: - Type: "AWS::SSM::Parameter" - DependsOn: [WebRole] - Properties: - Description: 'MozDef Web Role' - Name: '/MozDef/instance_role_arn' - Type: String - Value: !GetAtt WebRole.Arn Outputs: - WebRoleArn: - Description: The arn of the delivery server role. - Value: !GetAtt WebRole.Arn - WebRoleName: - Description: The name of the delivery server role. - Value: !Ref WebRole InstanceProfileArn: Description: The arn of the instanceprofile. Value: !GetAtt InstanceProfile.Arn diff --git a/cloudy_mozdef/cloudformation/mozdef-es.yml b/cloudy_mozdef/cloudformation/mozdef-es.yml index dab8044f..f082f8b7 100644 --- a/cloudy_mozdef/cloudformation/mozdef-es.yml +++ b/cloudy_mozdef/cloudformation/mozdef-es.yml @@ -4,11 +4,11 @@ Parameters: SubnetIds: Type: "List" Description: "Comma-delimited list of subnet IDs within which the ElasticSearch instance will be provisioned." - Default: "subnet-8931f7ee" + Default: "subnet-dd8eacb5,subnet-df8eacb7,subnet-de8eacb6" BlockStoreSizeGB: Type: Number - Default: 100 Description: "The size of the Elastic Block Store to have back ElasticSearch, in GigaBytes." + Default: 100 VpcId: Type: "AWS::EC2::VPC::Id" Description: "The VPC ID of the VPC to deploy in" @@ -28,20 +28,12 @@ Resources: # Properties: # AWSServiceName: "es.amazonaws.com" # Description: "Role to enable Amazon ES to manage your cluster." - ElasticSearchMozDefWaitConditionHandle: - Type: "AWS::CloudFormation::WaitConditionHandle" - ElasticSearchMozDefWaitCondition: - Type: "AWS::CloudFormation::WaitCondition" - DependsOn: "MozDefElasticSearch" - Properties: - Handle: - Ref: "ElasticSearchMozDefWaitConditionHandle" - Timeout: "1200" MozDefElasticSearch: Type: "AWS::Elasticsearch::Domain" Properties: VPCOptions: - SubnetIds: !Ref SubnetIds + SubnetIds: + - !Select [ 0, !Ref SubnetIds ] EBSOptions: EBSEnabled: true VolumeType: "gp2" @@ -82,38 +74,13 @@ Resources: Key: "application" Value: "mozdef" VpcId: !Ref VpcId - ElasticsearchDomainEndpointParameter: - Type: "AWS::SSM::Parameter" - Properties: - Description: "MozDef ES Cluster Endpoint" - Name: "/MozDef/es_cluster_endpoint" - Type: String - Value: !GetAtt MozDefElasticSearch.DomainEndpoint - ElasticsearchKibanaURLParameter: - Type: "AWS::SSM::Parameter" - Properties: - Description: "MozDef ES Kibana URL" - Name: "/MozDef/es_kibana_url" - Type: String - Value: !Join [ '', [ 'https://', !GetAtt MozDefElasticSearch.DomainEndpoint, "/_plugin/kibana/" ] ] Outputs: ElasticsearchDomainArn: Description: "ARN of the provisioned ElasticSearch Cluster" Value: !GetAtt MozDefElasticSearch.DomainArn - Export: - Name: "ElasticsearchDomainArn" ElasticsearchDomainEndpoint: Description: "Endpoint of the provisioned ElasticSearch Cluster" Value: !GetAtt MozDefElasticSearch.DomainEndpoint - Export: - Name: "ElasticsearchDomainEndpoint" ElasticsearchKibanaURL: Description: "URL for the Kibana UI" Value: !Join [ '', [ 'https://', !GetAtt MozDefElasticSearch.DomainEndpoint, "/_plugin/kibana/" ] ] - Export: - Name: "ElasticsearchKibanaURL" - ElasticsearchWaitHandle: - Description: "A wait handle that waits until the Elastic Search instances are up" - Value: !GetAtt ElasticSearchMozDefWaitCondition.Data - Export: - Name: "ElasticseachWaitHandle" diff --git a/cloudy_mozdef/cloudformation/mozdef-parent.yml b/cloudy_mozdef/cloudformation/mozdef-parent.yml index 2187e411..d92bd732 100644 --- a/cloudy_mozdef/cloudformation/mozdef-parent.yml +++ b/cloudy_mozdef/cloudformation/mozdef-parent.yml @@ -1,10 +1,28 @@ AWSTemplateFormatVersion: "2010-09-09" Description: Deploy MozDef into AWS +Metadata: + 'AWS::CloudFormation::Interface': + ParameterGroups: + - Label: + default: 'VPC Settings' + Parameters: + - VpcId + - PublicSubnetIds + - Label: + default: 'EC2 Instance' + Parameters: + - InstanceType + - KeyName + - AMIImageId Parameters: VpcId: Type: "AWS::EC2::VPC::Id" Description: "The VPC ID of the VPC to deploy in" Default: "vpc-dc8eacb4" + PublicSubnetIds: + Type: "List" + Description: "A comma delimited list of public subnet IDs" + Default: "subnet-dd8eacb5,subnet-df8eacb7,subnet-de8eacb6" InstanceType: Type: "String" Default: "m5.large" @@ -13,14 +31,10 @@ Parameters: Type: "AWS::EC2::KeyPair::KeyName" Description: "Name of an existing EC2 KeyPair to enable SSH access to the web server" Default: "infosec-pdx-workweek-2018" - PublicSubnetIds: - Type: "List" - Description: "A comma delimited list of public subnet IDs" - Default: "subnet-dd8eacb5,subnet-df8eacb7,subnet-de8eacb6" AMIImageId: Type: "String" Description: "The AMI Image ID to use of the EC2 instance" - Default: "ami-09c6e771" + Default: "ami-0e7bda6769c8b3854" Resources: MozDefSecurityGroups: Type: AWS::CloudFormation::Stack @@ -38,6 +52,7 @@ Resources: TemplateURL: https://s3-us-west-2.amazonaws.com/mozdef.infosec.mozilla.org/cf/base-iam.yml MozDefInstance: Type: AWS::CloudFormation::Stack + DependsOn: [MozDefES] # The user_data provisioning needs to wait until the ES index creation process completes Properties: Parameters: VpcId: !Ref VpcId @@ -51,4 +66,17 @@ Resources: Tags: - Key: application Value: mozdef - TemplateURL: https://s3-us-west-2.amazonaws.com/mozdef.infosec.mozilla.org/cf/mozdef-instance.yml \ No newline at end of file + TemplateURL: https://s3-us-west-2.amazonaws.com/mozdef.infosec.mozilla.org/cf/mozdef-instance.yml + MozDefES: + Type: AWS::CloudFormation::Stack + Properties: + Parameters: + SubnetIds: !Join [ ",", !Ref PublicSubnetIds ] + BlockStoreSizeGB: 100 + VpcId: !Ref VpcId + MozDefInstanceSecurityGroup: !GetAtt MozDefSecurityGroups.Outputs.MozDefSecurityGroupId + ESInstanceCount: 1 + Tags: + - Key: application + Value: mozdef + TemplateURL: https://s3-us-west-2.amazonaws.com/mozdef.infosec.mozilla.org/cf/mozdef-es.yml