├── .github └── workflows │ └── code-analysis.yaml ├── .gitignore ├── .gitlab-ci.yml ├── README.md ├── aws ├── images │ ├── launch.png │ ├── step1_aws.png │ └── step2_aws.png └── templates │ ├── README.md │ ├── asg │ ├── README.md │ ├── autoscale-master.yaml │ └── autoscale.yaml │ ├── cluster │ ├── README.md │ ├── cluster-master.yaml │ └── cluster.yaml │ ├── cross-az-cluster │ ├── README.md │ ├── cross-az-cluster-master.yaml │ └── cross-az-cluster.yaml │ ├── general │ ├── README.md │ ├── amis.yaml │ └── cme-iam-role.yaml │ ├── geo-cluster │ ├── README.md │ ├── geo-cluster-master.yaml │ └── geo-cluster.yaml │ ├── gwlb-asg │ ├── README.md │ ├── gwlb-master.yaml │ ├── gwlb.yaml │ ├── qs-gwlb-master.yaml │ ├── qs-gwlb.yaml │ ├── tgw-gwlb-master.yaml │ └── tgw-gwlb.yaml │ ├── management │ ├── README.md │ ├── management-master.yaml │ └── management.yaml │ ├── mds │ ├── README.md │ ├── mds-master.yaml │ └── mds.yaml │ ├── single-gw │ ├── README.md │ ├── gateway-master.yaml │ └── gateway.yaml │ ├── standalone │ ├── README.md │ ├── standalone-master.yaml │ └── standalone.yaml │ ├── tgw-asg │ ├── README.md │ ├── tgw-asg-master.yaml │ └── tgw-asg.yaml │ ├── tgw-cross-az-cluster │ ├── README.md │ ├── tgw-cross-az-cluster-master.yaml │ └── tgw-cross-az-cluster.yaml │ └── tgw-ha │ ├── README.md │ ├── tgw-ha-master.yaml │ └── tgw-ha.yaml ├── azure ├── misc │ ├── azure_ha_test.py │ └── nva_bgp_config.conf └── templates │ ├── README.MD │ ├── marketplace-gateway-load-balancer │ ├── README.md │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-ha │ ├── README.md │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-management │ ├── README.md │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-mds │ ├── README.md │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-single-waap │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-single │ ├── README.md │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-stack-ha │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-stack-management │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-stack-single │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-vmss-waap │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── marketplace-vmss │ ├── README.md │ ├── createUiDefinition.json │ └── mainTemplate.json │ ├── nestedtemplates │ ├── CreateUIDefinition.MultiVm.json │ ├── azure-func-sami.json │ ├── existing-nsg-RoleAssignment.json │ ├── gateway-load-balancers.json │ ├── load-balancers-waap.json │ ├── load-balancers.json │ ├── storageAccount-existing.json │ ├── storageAccount-new.json │ ├── vnet-1-subnet-existing.json │ ├── vnet-1-subnet-new.json │ ├── vnet-2-subnet-ha-existing.json │ ├── vnet-2-subnet-ha-new.json │ ├── vnet-2-subnet-ha2-existing.json │ ├── vnet-2-subnet-ha2-new.json │ ├── vnet-4-subnet-existing.json │ ├── vnet-4-subnet-new.json │ ├── vnet-existing-no-rt.json │ ├── vnet-existing-stack-ha.json │ ├── vnet-existing-stack-mgmt.json │ ├── vnet-existing-stack.json │ ├── vnet-existing.json │ ├── vnet-new-no-rt.json │ ├── vnet-new-stack-ha.json │ ├── vnet-new-stack-mgmt.json │ ├── vnet-new-stack.json │ ├── vnet-new.json │ ├── vwan-public-ip-join-permission-assignment.json │ └── vwan-reader-role-assignment.json │ ├── single-ipv6 │ ├── README.md │ └── mainTemplate.json │ ├── vmss-ipv6 │ ├── README.md │ └── mainTemplate.json │ └── vwan-managed-app │ ├── README.md │ └── mainTemplate.json ├── cloudguard-network-application └── cgns_onboarding_azure.sh ├── common ├── central_license_debug_collector.sh ├── cme_api_postman │ ├── CME_API.postman_collection │ └── README.md ├── cme_xff_inject.sh ├── custom-management-script.py ├── custom_scripts │ ├── README.md │ └── password_script.sh ├── maintenance_mode │ ├── README.md │ └── grub.conf ├── simulate_cpu_load.sh ├── static_route_config.sh └── vwan_postman │ ├── README.md │ └── vwan.postman_collection.json ├── contrib ├── README.md ├── azure │ └── templates │ │ ├── ha-public-ip-prefix │ │ ├── README.MD │ │ ├── ha-publicipprefix-parameters.json │ │ └── ha-publicipprefix.json │ │ ├── ha-redeploy-single-member │ │ ├── README.MD │ │ ├── ha-redeploy-single-member.json │ │ └── mainTemplate.json │ │ ├── vmss-publicipprefixinstances │ │ ├── README.MD │ │ └── vmss-publicipprefix-instances.json │ │ └── vmss-publicipprefixinstanceselb │ │ ├── README.MD │ │ ├── mainTemplate.json │ │ └── nestedtemplates │ │ ├── load-balancers.json │ │ └── vnet-2-subnet-ha-existing.json ├── cme │ └── examples │ │ └── README.md ├── terraform-azure-gwlb │ ├── README.md │ ├── app-main.tf │ ├── app-variables.tf │ ├── cpcluster-main.tf │ ├── cpcluster-variables.tf │ ├── cpmgmt-main.tf │ ├── cpmgmt-variables.tf │ ├── customdata.sh │ ├── deployment-variables.tf │ ├── files │ │ └── azure-gwlb-template.json │ ├── gwlb-main.tf │ ├── gwlb-variables.tf │ ├── modules │ │ ├── common │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── network-security-group │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── vnet │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ ├── net-main.tf │ ├── net-variables.tf │ ├── terraform.tfvars │ ├── tfc-project.tf │ └── zimages │ │ └── azure-gwlb-design.jpg └── terraform │ └── azure │ └── vmss-new-vnet-with-peer │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── images │ └── Topology-2.JPG │ ├── main.tf │ ├── terraform.tfvars │ └── variables.tf ├── deprecated ├── README.md ├── aws │ └── templates │ │ ├── R77.30 │ │ ├── gateway-r7730 │ │ │ ├── README.md │ │ │ └── gateway-2-nic-existing-vpc.json │ │ ├── gateways-r7730 │ │ │ ├── README.md │ │ │ └── inter-az-cluster.json │ │ ├── instance-r7730 │ │ │ ├── README.md │ │ │ └── gwinvpc.json │ │ └── management-r7730 │ │ │ ├── README.md │ │ │ └── r7730-management.json │ │ ├── R80.30 │ │ ├── asg-r8030 │ │ │ ├── README.md │ │ │ └── autoscale.json │ │ ├── cluster-r8030 │ │ │ ├── README.md │ │ │ ├── cluster-into-vpc.json │ │ │ └── cluster.json │ │ ├── management-r8030 │ │ │ ├── README.md │ │ │ └── management.json │ │ ├── mds-r8030 │ │ │ ├── README.md │ │ │ └── mds.json │ │ ├── single-gw-r8030 │ │ │ ├── README.md │ │ │ ├── gateway-into-vpc.json │ │ │ └── gateway.json │ │ ├── tgw-asg-r8030 │ │ │ ├── README.md │ │ │ ├── checkpoint-tgw-asg-master.yaml │ │ │ └── checkpoint-tgw-asg.yaml │ │ └── transit-vpc-r8030 │ │ │ ├── README.md │ │ │ ├── checkpoint-transit-master.yaml │ │ │ ├── checkpoint-transit.yaml │ │ │ ├── transit-master.yaml │ │ │ └── transit.yaml │ │ ├── R80.40 │ │ ├── autoscale │ │ │ ├── autoscale.yaml │ │ │ ├── custom-autoscale.yaml │ │ │ ├── tgw-asg-master.yaml │ │ │ └── tgw-asg.yaml │ │ ├── cluster │ │ │ ├── cluster-master.yaml │ │ │ ├── cluster.yaml │ │ │ ├── geo-cluster-master.yaml │ │ │ ├── geo-cluster.yaml │ │ │ ├── tgw-ha-master.yaml │ │ │ └── tgw-ha.yaml │ │ ├── gateway │ │ │ ├── gateway-master.yaml │ │ │ ├── gateway.yaml │ │ │ ├── standalone-master.yaml │ │ │ └── standalone.yaml │ │ ├── gwlb │ │ │ ├── amis-gwlb.yaml │ │ │ ├── autoscale-gwlb.yaml │ │ │ ├── cme-iam-role-gwlb.yaml │ │ │ ├── gwlb-master.yaml │ │ │ ├── gwlb-servers-infrastructure.yaml │ │ │ ├── gwlb-wan-global-network-master.yaml │ │ │ ├── gwlb-wan-global-network.yaml │ │ │ ├── gwlb-wan-security-vpc-master.yaml │ │ │ ├── gwlb-wan-security-vpc.yaml │ │ │ ├── gwlb.yaml │ │ │ ├── management-gwlb.yaml │ │ │ ├── tgw-gwlb-master.yaml │ │ │ └── tgw-gwlb.yaml │ │ ├── iam │ │ │ ├── cloudwatch-policy.yaml │ │ │ ├── cluster-iam-role.yaml │ │ │ ├── cme-iam-role.yaml │ │ │ └── sts-role.yaml │ │ ├── management │ │ │ ├── management.yaml │ │ │ └── mds.yaml │ │ └── utils │ │ │ ├── copy-lambda-zip.yaml │ │ │ ├── tap-target-and-filter.yaml │ │ │ └── vpc.yaml │ │ ├── R80 │ │ └── management-r80 │ │ │ ├── README.md │ │ │ └── r80.json │ │ ├── R81 │ │ ├── autoscale │ │ │ ├── autoscale.yaml │ │ │ ├── custom-autoscale.yaml │ │ │ ├── tgw-asg-master.yaml │ │ │ └── tgw-asg.yaml │ │ ├── cluster │ │ │ ├── cluster-master.yaml │ │ │ ├── cluster.yaml │ │ │ ├── cross-az-cluster.yaml │ │ │ ├── geo-cluster-master.yaml │ │ │ ├── geo-cluster.yaml │ │ │ ├── tgw-cross-az-cluster.yaml │ │ │ ├── tgw-ha-master.yaml │ │ │ └── tgw-ha.yaml │ │ ├── gateway │ │ │ ├── gateway-master.yaml │ │ │ ├── gateway.yaml │ │ │ ├── standalone-master.yaml │ │ │ └── standalone.yaml │ │ ├── iam │ │ │ ├── cloudwatch-policy.yaml │ │ │ ├── cluster-iam-role.yaml │ │ │ ├── cme-iam-role.yaml │ │ │ └── sts-role.yaml │ │ ├── management │ │ │ ├── management.yaml │ │ │ └── mds.yaml │ │ └── utils │ │ │ ├── copy-lambda-zip.yaml │ │ │ ├── tap-target-and-filter.yaml │ │ │ └── vpc.yaml │ │ └── README.md ├── azure │ ├── misc │ │ └── azure_ha_test_python2.py │ └── templates │ │ ├── R7730 │ │ ├── cluster-r7730 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ ├── vnet-existing.json │ │ │ └── vnet-new.json │ │ ├── mgmt-r7730 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ ├── vnet-1-subnet-existing.json │ │ │ └── vnet-1-subnet-new.json │ │ ├── single-r7730 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ ├── vnet-existing.json │ │ │ └── vnet-new.json │ │ └── vmss-r7730 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ ├── vnet-1-subnet-existing.json │ │ │ └── vnet-1-subnet-new.json │ │ ├── R8010-R8020 │ │ ├── cluster-r8010 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ │ ├── vnet-existing.json │ │ │ │ └── vnet-new.json │ │ ├── ha-r8010-r8020 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ │ ├── vnet-2-subnet-ha2-existing.json │ │ │ │ └── vnet-2-subnet-ha2-new.json │ │ ├── mgmt-r8010-r8020 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ │ ├── vnet-1-subnet-existing.json │ │ │ │ └── vnet-1-subnet-new.json │ │ ├── single-r8010-r8020 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ │ ├── vnet-existing.json │ │ │ │ └── vnet-new.json │ │ └── vmss-r8010-r8020 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ ├── load-balancers.json │ │ │ ├── vnet-2-subnet-ha-existing.json │ │ │ └── vnet-2-subnet-ha-new.json │ │ ├── R8030 │ │ ├── ha-r8030 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ │ ├── vnet-2-subnet-ha2-existing.json │ │ │ │ └── vnet-2-subnet-ha2-new.json │ │ ├── mds-r8030 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ │ ├── vnet-1-subnet-existing.json │ │ │ │ └── vnet-1-subnet-new.json │ │ ├── mgmt-r8030 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ │ ├── vnet-1-subnet-existing.json │ │ │ │ └── vnet-1-subnet-new.json │ │ ├── single-r8030 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ │ ├── vnet-existing.json │ │ │ │ └── vnet-new.json │ │ └── vmss-r8030 │ │ │ ├── README.MD │ │ │ ├── createUiDefinition.json │ │ │ ├── mainTemplate.json │ │ │ └── nestedtemplates │ │ │ ├── load-balancers.json │ │ │ ├── vnet-2-subnet-ha-existing.json │ │ │ └── vnet-2-subnet-ha-new.json │ │ ├── R8040-R81 │ │ ├── ha-r8040-r81 │ │ │ ├── README.md │ │ │ ├── createUiDefinition.json │ │ │ └── mainTemplate.json │ │ ├── mds-r8040-r81 │ │ │ ├── README.md │ │ │ ├── createUiDefinition.json │ │ │ └── mainTemplate.json │ │ ├── mgmt-r840-r81 │ │ │ ├── README.md │ │ │ ├── createUiDefinition.json │ │ │ └── mainTemplate.json │ │ ├── single-ipv6-r8040-r81 │ │ │ ├── README.md │ │ │ └── mainTemplate.json │ │ ├── single-r8040-r81 │ │ │ ├── README.md │ │ │ ├── createUiDefinition.json │ │ │ └── mainTemplate.json │ │ ├── vmss-ipv6-r8040-r81 │ │ │ ├── README.md │ │ │ └── mainTemplate.json │ │ └── vmss-r8040-r81 │ │ │ ├── README.md │ │ │ ├── createUiDefinition.json │ │ │ └── mainTemplate.json │ │ ├── README.MD │ │ ├── stack-R8030 │ │ ├── stack-ha │ │ │ ├── createUiDefinition.json │ │ │ └── mainTemplate.json │ │ ├── stack-mgmt │ │ │ ├── createUiDefinition.json │ │ │ └── mainTemplate.json │ │ └── stack-single │ │ │ ├── createUiDefinition.json │ │ │ └── mainTemplate.json │ │ └── stack-R8040-R81 │ │ ├── stack-ha-r8040-r81 │ │ ├── createUiDefinition.json │ │ └── mainTemplate.json │ │ ├── stack-management-r8040-r81 │ │ ├── createUiDefinition.json │ │ └── mainTemplate.json │ │ └── stack-single-r8040-r81 │ │ ├── createUiDefinition.json │ │ └── mainTemplate.json ├── gcp │ ├── R80.30 │ │ ├── autoscale-byol-R80.30 │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-autoscale--byol.py │ │ │ ├── check-point-autoscale--byol.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ ├── autoscale-payg-R80.30 │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-autoscale--payg.py │ │ │ ├── check-point-autoscale--payg.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ ├── ha-byol-R80.30 │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-cluster--byol.py │ │ │ ├── check-point-cluster--byol.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ ├── ha-payg-R80.30 │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-cluster--payg.py │ │ │ ├── check-point-cluster--payg.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ ├── single-byol-R80.30 │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-vsec--byol.py │ │ │ ├── check-point-vsec--byol.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ └── single-payg-R80.30 │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-vsec--payg.py │ │ │ ├── check-point-vsec--payg.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ ├── R80.40-R81 │ │ ├── autoscale-byol │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-autoscale--byol.py │ │ │ ├── check-point-autoscale--byol.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ ├── autoscale-payg │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-autoscale--payg.py │ │ │ ├── check-point-autoscale--payg.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ ├── ha-byol │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-cluster--byol.py │ │ │ ├── check-point-cluster--byol.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ ├── ha-payg │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-cluster--payg.py │ │ │ ├── check-point-cluster--payg.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ ├── single-byol │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-vsec--byol.py │ │ │ ├── check-point-vsec--byol.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ │ └── single-payg │ │ │ ├── README.md │ │ │ ├── c2d_deployment_configuration.json │ │ │ ├── check-point-vsec--payg.py │ │ │ ├── check-point-vsec--payg.py.schema │ │ │ ├── common.py │ │ │ ├── config.yaml │ │ │ ├── default.py │ │ │ ├── images.py │ │ │ └── password.py │ └── README.MD └── terraform │ ├── ali │ └── R81 │ │ ├── cluster-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── cluster │ │ ├── README.md │ │ ├── cluster_member_a_userdata.yaml │ │ ├── cluster_member_b_userdata.yaml │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── gateway-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── gateway │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── management-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── management │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── management_userdata.yaml │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ └── modules │ │ ├── cluster-ram-role │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── common │ │ ├── elastic_ip │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── gateway_instance │ │ │ ├── gateway_userdata.yaml │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── instance_type │ │ │ ├── main.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── internal_default_route │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── permissive_sg │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── version_license │ │ │ ├── main.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── images │ │ ├── images.yaml │ │ ├── main.tf │ │ ├── output.tf │ │ ├── variables.tf │ │ └── versions.tf │ │ └── vpc │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── aws │ ├── R80.40 │ │ ├── autoscale-gwlb │ │ │ ├── README.md │ │ │ ├── asg_userdata.yaml │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── autoscale │ │ │ ├── README.md │ │ │ ├── asg_userdata.yaml │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── cluster-master │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── cluster │ │ │ ├── README.md │ │ │ ├── cluster_member_a_userdata.yaml │ │ │ ├── cluster_member_b_userdata.yaml │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── cme-iam-role-gwlb │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── cme-iam-role │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── cross-az-cluster-master │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── cross-az-cluster │ │ │ ├── README.md │ │ │ ├── cluster_member_a_userdata.yaml │ │ │ ├── cluster_member_b_userdata.yaml │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── gateway-master │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── gateway │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── gwlb-master │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── gwlb │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── management │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── management_userdata.yaml │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── mds │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── mds_userdata.yaml │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── modules │ │ │ ├── amis │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variables.tf │ │ │ ├── cloudwatch-policy │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ │ ├── cluster-iam-role │ │ │ │ ├── main.tf │ │ │ │ └── output.tf │ │ │ ├── common │ │ │ │ ├── elastic_ip │ │ │ │ │ ├── locals.tf │ │ │ │ │ ├── main.tf │ │ │ │ │ ├── output.tf │ │ │ │ │ └── variables.tf │ │ │ │ ├── gateway_instance │ │ │ │ │ ├── gateway_userdata.yaml │ │ │ │ │ ├── locals.tf │ │ │ │ │ ├── main.tf │ │ │ │ │ ├── output.tf │ │ │ │ │ └── variables.tf │ │ │ │ ├── instance_type │ │ │ │ │ ├── main.tf │ │ │ │ │ └── variables.tf │ │ │ │ ├── internal_default_route │ │ │ │ │ ├── locals.tf │ │ │ │ │ ├── main.tf │ │ │ │ │ ├── output.tf │ │ │ │ │ └── variables.tf │ │ │ │ ├── load_balancer │ │ │ │ │ ├── main.tf │ │ │ │ │ ├── output.tf │ │ │ │ │ └── variables.tf │ │ │ │ ├── permissive_sg │ │ │ │ │ ├── main.tf │ │ │ │ │ ├── output.tf │ │ │ │ │ └── variables.tf │ │ │ │ └── version_license │ │ │ │ │ ├── main.tf │ │ │ │ │ └── variables.tf │ │ │ ├── custom-autoscale │ │ │ │ ├── locals.tf │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ │ └── vpc │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variables.tf │ │ ├── qs-autoscale-master │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── qs-autoscale │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── standalone-master │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── standalone │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── standalone_userdata.yaml │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── tap │ │ │ ├── Check Point NOW onboarding page.docx │ │ │ ├── CheckPoint_NOW_onboarding_page.pdf │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── tap_lambda.py │ │ │ ├── tap_termination_lambda.py │ │ │ ├── tap_user_data.sh │ │ │ ├── terraform.tfvars │ │ │ └── variables.tf │ │ ├── tests │ │ │ ├── cluster_master_test.go │ │ │ ├── cross_az_cluster_master_test.go │ │ │ ├── gateway_master_test.go │ │ │ ├── globals.go │ │ │ ├── gwlb_master_test.go │ │ │ ├── qs_autoscale_master_test.go │ │ │ ├── standalone_master_test.go │ │ │ ├── tgw_asg_master_test.go │ │ │ ├── tgw_cross_az_cluster_master_test.go │ │ │ └── tgw_gwlb_master_test.go │ │ ├── tgw-asg-master │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── tgw-asg │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── tgw-cross-az-cluster-master │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── tgw-cross-az-cluster │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── tgw-gwlb-master │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── tgw-gwlb │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ └── R81 │ │ ├── autoscale-gwlb │ │ ├── README.md │ │ ├── asg_userdata.yaml │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── autoscale │ │ ├── README.md │ │ ├── asg_userdata.yaml │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── cluster-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── cluster │ │ ├── README.md │ │ ├── cluster_member_a_userdata.yaml │ │ ├── cluster_member_b_userdata.yaml │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── cme-iam-role-gwlb │ │ ├── README.md │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── cme-iam-role │ │ ├── README.md │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── cross-az-cluster-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── cross-az-cluster │ │ ├── README.md │ │ ├── cluster_member_a_userdata.yaml │ │ ├── cluster_member_b_userdata.yaml │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── gateway-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── gateway │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── gwlb-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── gwlb │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── management │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── management_userdata.yaml │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── mds │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── mds_userdata.yaml │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── modules │ │ ├── amis │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ ├── cloudwatch-policy │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ ├── cluster-iam-role │ │ │ ├── main.tf │ │ │ └── output.tf │ │ ├── common │ │ │ ├── elastic_ip │ │ │ │ ├── locals.tf │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variables.tf │ │ │ ├── gateway_instance │ │ │ │ ├── gateway_userdata.yaml │ │ │ │ ├── locals.tf │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variables.tf │ │ │ ├── instance_type │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ │ ├── internal_default_route │ │ │ │ ├── locals.tf │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variables.tf │ │ │ ├── load_balancer │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variables.tf │ │ │ ├── permissive_sg │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ └── variables.tf │ │ │ └── version_license │ │ │ │ ├── main.tf │ │ │ │ └── variables.tf │ │ ├── custom-autoscale │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ └── vpc │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ ├── qs-autoscale-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── qs-autoscale │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── standalone-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── standalone │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── standalone_userdata.yaml │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── tests │ │ ├── cluster_master_test.go │ │ ├── cross_az_cluster_master_test.go │ │ ├── gateway_master_test.go │ │ ├── globals.go │ │ ├── gwlb_master_test.go │ │ ├── qs_autoscale_master_test.go │ │ ├── standalone_master_test.go │ │ ├── tgw_asg_master_test.go │ │ ├── tgw_cross_az_cluster_master_test.go │ │ └── tgw_gwlb_master_test.go │ │ ├── tgw-asg-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── tgw-asg │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── tgw-cross-az-cluster-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── tgw-cross-az-cluster │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ ├── tgw-gwlb-master │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ │ └── tgw-gwlb │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf │ ├── azure │ ├── R8040-R81 │ │ ├── high-availability-existing-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── high-availability-new-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── management-existing-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── management-new-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── mds-existing-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── mds-new-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── modules │ │ │ ├── add-routing-intent.py │ │ │ ├── common │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── network-security-group │ │ │ │ ├── main.tf │ │ │ │ ├── output.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ └── vnet │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ ├── nva-into-existing-hub │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── nva-into-new-vwan │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── single-gateway-existing-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── single-gateway-new-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── vmss-existing-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── vmss-new-vnet │ │ │ ├── README.md │ │ │ ├── azure_public_key │ │ │ ├── cloud-init.sh │ │ │ ├── main.tf │ │ │ ├── terraform.tfvars │ │ │ ├── variables.tf │ │ │ └── versions.tf │ └── README.md │ └── gcp │ ├── R8040-R81 │ ├── autoscale-into-existing-vpc │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ ├── autoscale-into-new-vpc │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ ├── common │ │ ├── cluster-member │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ ├── firewall-rule │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ ├── members-a-b │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ ├── network-and-subnet │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ └── startup-script.sh │ ├── high-availability │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ ├── single-into-existing-vpc │ │ ├── README.md │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ └── single-into-new-vpc │ │ ├── README.md │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ └── variables.tf │ └── separate-single-and-autoscale │ ├── autoscale-into-existing-vpc │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ └── variables.tf │ ├── autoscale-into-new-vpc │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ └── variables.tf │ ├── common │ ├── cluster-member │ │ ├── main.tf │ │ ├── output.tf │ │ └── variables.tf │ ├── common │ │ ├── main.tf │ │ ├── output.tf │ │ └── variables.tf │ ├── firewall-rule │ │ ├── main.tf │ │ ├── output.tf │ │ └── variables.tf │ ├── network-and-subnet │ │ ├── main.tf │ │ ├── output.tf │ │ └── variables.tf │ └── startup-script.sh │ ├── single-into-existing-vpc │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ └── variables.tf │ └── single-into-new-vpc │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ └── variables.tf ├── gcp └── deployment-packages │ ├── README.MD │ ├── autoscale-byol │ ├── README.md │ ├── c2d_deployment_configuration.json │ ├── check-point-autoscale--byol.py │ ├── check-point-autoscale--byol.py.schema │ ├── common.py │ ├── config.yaml │ ├── default.py │ ├── images.py │ └── password.py │ ├── autoscale-payg │ ├── README.md │ ├── c2d_deployment_configuration.json │ ├── check-point-autoscale--payg.py │ ├── check-point-autoscale--payg.py.schema │ ├── common.py │ ├── config.yaml │ ├── default.py │ ├── images.py │ └── password.py │ ├── ha-byol │ ├── README.md │ ├── c2d_deployment_configuration.json │ ├── check-point-cluster--byol.py │ ├── check-point-cluster--byol.py.schema │ ├── common.py │ ├── config.yaml │ ├── default.py │ ├── images.py │ └── password.py │ ├── ha-payg │ ├── README.md │ ├── c2d_deployment_configuration.json │ ├── check-point-cluster--payg.py │ ├── check-point-cluster--payg.py.schema │ ├── common.py │ ├── config.yaml │ ├── default.py │ ├── images.py │ └── password.py │ ├── single-byol │ ├── README.md │ ├── c2d_deployment_configuration.json │ ├── check-point-vsec--byol.py │ ├── check-point-vsec--byol.py.schema │ ├── common.py │ ├── config.yaml │ ├── default.py │ ├── images.py │ └── password.py │ └── single-payg │ ├── README.md │ ├── c2d_deployment_configuration.json │ ├── check-point-vsec--payg.py │ ├── check-point-vsec--payg.py.schema │ ├── common.py │ ├── config.yaml │ ├── default.py │ ├── images.py │ └── password.py └── terraform ├── .gitattributes ├── .gitignore ├── LICENSE ├── README.MD ├── alicloud ├── cluster-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── cluster │ ├── README.md │ ├── cluster_member_a_userdata.yaml │ ├── cluster_member_b_userdata.yaml │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── gateway-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── gateway │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── management-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── management │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── management_userdata.yaml │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf └── modules │ ├── cluster-ram-role │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf │ ├── common │ ├── elastic_ip │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── gateway_instance │ │ ├── gateway_userdata.yaml │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── instance_type │ │ ├── main.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── internal_default_route │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── output.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── permissive_sg │ │ ├── main.tf │ │ ├── output.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── version_license │ │ ├── main.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── images │ ├── images.yaml │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf │ └── vpc │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── aws ├── README.md ├── autoscale-gwlb │ ├── README.md │ ├── asg_userdata.yaml │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── autoscale-master │ ├── README.md │ ├── asg_userdata.yaml │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── autoscale │ ├── README.md │ ├── asg_userdata.yaml │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── cluster-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── cluster │ ├── README.md │ ├── cluster_member_a_userdata.yaml │ ├── cluster_member_b_userdata.yaml │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── cme-iam-role-gwlb │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── cme-iam-role │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── cross-az-cluster-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── cross-az-cluster │ ├── README.md │ ├── cluster_member_a_userdata.yaml │ ├── cluster_member_b_userdata.yaml │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── gateway-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── gateway │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── gwlb-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── gwlb │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── management-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── management_userdata.yaml │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── management │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── management_userdata.yaml │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── mds-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── mds_userdata.yaml │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── mds │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── mds_userdata.yaml │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── modules │ ├── amis │ │ ├── main.tf │ │ ├── output.tf │ │ └── variables.tf │ ├── cloudwatch-policy │ │ ├── main.tf │ │ └── variables.tf │ ├── cluster-iam-role │ │ ├── main.tf │ │ └── output.tf │ ├── common │ │ ├── elastic_ip │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ ├── gateway_instance │ │ │ ├── gateway_userdata.yaml │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ ├── instance_type │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ ├── internal_default_route │ │ │ ├── locals.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ ├── load_balancer │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ ├── permissive_sg │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ │ └── version_license │ │ │ ├── main.tf │ │ │ └── variables.tf │ ├── custom-autoscale │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── variables.tf │ │ └── vpc │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── variables.tf │ └── vpc │ │ ├── main.tf │ │ ├── output.tf │ │ └── variables.tf ├── qs-autoscale-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── qs-autoscale │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── standalone-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── standalone │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── standalone_userdata.yaml │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── tap │ ├── Check Point NOW onboarding page.docx │ ├── CheckPoint_NOW_onboarding_page.pdf │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── tap_lambda.py │ ├── tap_termination_lambda.py │ ├── tap_user_data.sh │ ├── terraform.tfvars │ └── variables.tf ├── tgw-asg-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── tgw-asg │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── tgw-cross-az-cluster-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── tgw-cross-az-cluster │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── tgw-gwlb-master │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf └── tgw-gwlb │ ├── README.md │ ├── locals.tf │ ├── main.tf │ ├── output.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── azure ├── README.md ├── high-availability-existing-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── high-availability-new-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── management-existing-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── management-new-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── mds-existing-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── mds-new-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── modules │ ├── common │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── network-security-group │ │ ├── main.tf │ │ ├── output.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── vnet │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── nva-into-existing-hub │ ├── README.md │ ├── main.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── nva-into-new-vwan │ ├── README.md │ ├── main.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── single-gateway-existing-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── single-gateway-new-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── vmss-existing-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf └── vmss-new-vnet │ ├── README.md │ ├── azure_public_key │ ├── cloud-init.sh │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf └── gcp ├── README.md ├── autoscale ├── README.md ├── locals.tf ├── main.tf ├── output.tf ├── terraform.tfvars ├── variables.tf └── versions.tf ├── common ├── autoscale-common │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── cluster-member │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── common │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── firewall-rule │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── members-a-b │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── network-and-subnet │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── single-common │ ├── main.tf │ ├── output.tf │ └── variables.tf └── startup-script.sh ├── high-availability ├── README.md ├── locals.tf ├── main.tf ├── output.tf ├── terraform.tfvars ├── variables.tf └── versions.tf └── single ├── README.md ├── locals.tf ├── main.tf ├── output.tf ├── terraform.tfvars ├── variables.tf └── versions.tf /.github/workflows/code-analysis.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/.github/workflows/code-analysis.yaml -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/.gitlab-ci.yml -------------------------------------------------------------------------------- /aws/images/launch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/aws/images/launch.png -------------------------------------------------------------------------------- /aws/images/step1_aws.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/aws/images/step1_aws.png -------------------------------------------------------------------------------- /aws/images/step2_aws.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/aws/images/step2_aws.png -------------------------------------------------------------------------------- /common/cme_xff_inject.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # This script activates XFF injection on the gateways 4 | # For more information about XFF injection, see https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk167578&partition=Advanced&product=Security 5 | 6 | fw ctl set int inject_xff_header_activated 1 7 | echo "inject_xff_header_activated=1" >> $FWDIR/modules/fwkern.conf -------------------------------------------------------------------------------- /common/custom_scripts/password_script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | HASHED_PASSWORD="" 4 | 5 | # Unlock Database 6 | clish -c "lock database override" 7 | # Set password 8 | clish -c "set user admin password-hash $HASHED_PASSWORD" -s 9 | 10 | 11 | -------------------------------------------------------------------------------- /common/maintenance_mode/grub.conf: -------------------------------------------------------------------------------- 1 | default=0 2 | vmalloc=338M 3 | timeout=10 4 | serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 5 | terminal --timeout=0 serial console 6 | hiddenmenu 7 | menutitle=Check Point Gaia R81 8 | title Start in maintenance mode 64bit 9 | root (hd0,0) 10 | kernel /vmlinuz-x86_64 ro root=/dev/vg_splat/lv_current vmalloc=338M rootdelay=300 panic=15 console=ttyS0 earlyprintk=ttyS0 numa=off debug 7 single 11 | initrd /initrd-x86_64 12 | -------------------------------------------------------------------------------- /common/simulate_cpu_load.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ncores="$(cat /proc/cpuinfo | grep vendor_id | wc -l)" 3 | PIDS=() 4 | for i in $(seq $ncores) 5 | do 6 | taskset ff dd if=/dev/zero of=/dev/null & 7 | PIDS+=($!) 8 | done 9 | echo "Load started" 10 | read -n1 -r -p "Press any key to stop the load..." key 11 | kill ${PIDS[@]} 12 | -------------------------------------------------------------------------------- /common/static_route_config.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | #External Application gateway subnet address, for example 10.1.2.0/24 4 | EXTERNAL_AGW_SUBNET_CIDR=<> 5 | 6 | #VMSS frontend subnet default gateway. 7 | #For each Azure subnet the IP Address x.x.x.1 is reserved for the default gateway 8 | # https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#are-there-any-restrictions-on-using-ip-addresses-within-these-subnets 9 | EXTERNAL_VMSS_SUBNET_DEFAULT_GATEWAY=<> 10 | 11 | clish -c "lock database override" 12 | 13 | clish -s -c "set static-route $EXTERNAL_AGW_SUBNET_CIDR nexthop gateway address $EXTERNAL_VMSS_SUBNET_DEFAULT_GATEWAY on" 14 | -------------------------------------------------------------------------------- /contrib/README.md: -------------------------------------------------------------------------------- 1 | ## Disclaimer 2 | The content of this directory is released under an as-is, best effort, support policy. It should be seen as community supported and Check Point will contribute its expertise as and when possible. We do not provide technical support in using or troubleshooting the content of this directory through our normal support options. 3 | -------------------------------------------------------------------------------- /contrib/cme/examples/README.md: -------------------------------------------------------------------------------- 1 | This directory contains examples of CME configuration and usage.
2 | Refer to each subdirectorie's README.md file for more information. 3 | -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/app-variables.tf: -------------------------------------------------------------------------------- 1 | variable "app-name-con" { 2 | default = "webapp-con" 3 | } 4 | variable "docker-image" { 5 | default = "bkimminich/juice-shop" 6 | } 7 | variable "app-name-direct" { 8 | default = "webapp-direct" 9 | } 10 | variable "app-name-vm" { 11 | default = "webapp-vm" 12 | } 13 | variable "vmspoke-publisher" { 14 | default = "bitnami" 15 | } 16 | variable "vmspoke-offer" { 17 | default = "nginxstack" 18 | } 19 | variable "vmspoke-sku" { 20 | default = "1-9" 21 | } 22 | variable "vmspoke-sku-enabled" { 23 | description = "Have you ever deployed this vm spoke before? set to false if not" 24 | type = bool 25 | default = true 26 | } -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/modules/common/main.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "resource_group" { 2 | name = var.resource_group_name 3 | location = var.location 4 | } 5 | 6 | -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/modules/common/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/modules/network-security-group/output.tf: -------------------------------------------------------------------------------- 1 | output "network_security_group_id" { 2 | value = azurerm_network_security_group.nsg.id 3 | } 4 | 5 | output "network_security_group_name" { 6 | value = azurerm_network_security_group.nsg.name 7 | } -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/modules/network-security-group/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/modules/vnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vnet_id" { 2 | value = azurerm_virtual_network.vnet.id 3 | } 4 | 5 | output "vnet_name" { 6 | value = azurerm_virtual_network.vnet.name 7 | } 8 | 9 | output "vnet_location" { 10 | value = azurerm_virtual_network.vnet.location 11 | } 12 | 13 | output "vnet_address_space" { 14 | value = azurerm_virtual_network.vnet.address_space 15 | } 16 | 17 | output "vnet_subnets" { 18 | value = azurerm_subnet.subnet.*.id 19 | } 20 | 21 | output "subnet_prefixes" { 22 | value = var.subnet_prefixes 23 | } 24 | 25 | output "allocation_method" { 26 | value = var.allocation_method 27 | } -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/modules/vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/net-variables.tf: -------------------------------------------------------------------------------- 1 | variable "net-north" { 2 | description = "resources in the north" 3 | default = "net-north" 4 | } 5 | variable "net-south" { 6 | description = "resources in the south" 7 | default = "net-south" 8 | } 9 | variable "net-secmgmt" { 10 | description = "resources in the management" 11 | default = "net-mgmt" 12 | } 13 | variable "net-spoke" { 14 | description = "resources in the spoke" 15 | default = "net-spoke" 16 | } 17 | variable "num-spoke" { 18 | default = { 19 | "0" = ["10.0.0.0","10.0.1.0"] 20 | "1" = ["10.0.4.0","10.0.5.0"] 21 | } 22 | } 23 | variable "spokes-default-gateway" { 24 | type = string 25 | default = "172.16.5.5" 26 | } -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/tfc-project.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = ">= 2.92.0" 6 | } 7 | random = { 8 | version = ">= 2.2.1" 9 | } 10 | } 11 | } 12 | 13 | # Configuration of Terraform with Azure environment variables 14 | provider "azurerm" { 15 | features { } 16 | client_id = var.azure-client-id 17 | client_secret = var.azure-client-secret 18 | subscription_id = var.azure-subscription 19 | tenant_id = var.azure-tenant 20 | } -------------------------------------------------------------------------------- /contrib/terraform-azure-gwlb/zimages/azure-gwlb-design.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/contrib/terraform-azure-gwlb/zimages/azure-gwlb-design.jpg -------------------------------------------------------------------------------- /contrib/terraform/azure/vmss-new-vnet-with-peer/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/contrib/terraform/azure/vmss-new-vnet-with-peer/azure_public_key -------------------------------------------------------------------------------- /contrib/terraform/azure/vmss-new-vnet-with-peer/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion= "${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | isBlink="${is_blink}" 9 | bootstrapScript64="${bootstrap_script64}" 10 | location="${location}" 11 | sicKey="${sic_key}" 12 | vnet="${vnet}" -------------------------------------------------------------------------------- /contrib/terraform/azure/vmss-new-vnet-with-peer/images/Topology-2.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/contrib/terraform/azure/vmss-new-vnet-with-peer/images/Topology-2.JPG -------------------------------------------------------------------------------- /deprecated/README.md: -------------------------------------------------------------------------------- 1 | ## Disclaimer 2 | The content of this directory is released under an as-is, best effort, support policy. We do not provide technical support in using or troubleshooting the content of this directory through our normal support options. 3 | -------------------------------------------------------------------------------- /deprecated/azure/templates/R7730/cluster-r7730/README.MD: -------------------------------------------------------------------------------- 1 | # How to deploy this template 2 | To deploy this ARM template, follow these instructions: 3 | 1. Log in to the [Microsoft Azure Portal](https://portal.azure.com) 4 | 2. Click "*Create a resource*" 5 | 3. Search for "*Template deployment (deploy using custom templates)*" and click "*Create*" 6 | 4. Click "*Build your own template in the editor*" 7 | 5. Load the "*mainTemplate.json*" file from this directory and click "*Save*" 8 | 6. Enter the desired template parameters 9 | - Replace the "*Base Url*" property with: 10 | ``` 11 | https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/deprecated/azure/templates/cluster-r7730 12 | ``` 13 | 7. Click *Purchase* to deploy the solution 14 | -------------------------------------------------------------------------------- /deprecated/azure/templates/R7730/mgmt-r7730/README.MD: -------------------------------------------------------------------------------- 1 | # How to deploy this template 2 | To deploy this ARM template, follow these instructions: 3 | 1. Log in to the [Microsoft Azure Portal](https://portal.azure.com) 4 | 2. Click "*Create a resource*" 5 | 3. Search for "*Template deployment (deploy using custom templates)*" and click "*Create*" 6 | 4. Click "*Build your own template in the editor*" 7 | 5. Load the "*mainTemplate.json*" file from this directory and click "*Save*" 8 | 6. Enter the desired template parameters 9 | - Replace the "*Base Url*" property with: 10 | ``` 11 | https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/deprecated/azure/templates/mgmt-r7730 12 | ``` 13 | 7. Click *Purchase* to deploy the solution 14 | -------------------------------------------------------------------------------- /deprecated/azure/templates/R7730/single-r7730/README.MD: -------------------------------------------------------------------------------- 1 | # How to deploy this template 2 | To deploy this ARM template, follow these instructions: 3 | 1. Log in to the [Microsoft Azure Portal](https://portal.azure.com) 4 | 2. Click "*Create a resource*" 5 | 3. Search for "*Template deployment (deploy using custom templates)*" and click "*Create*" 6 | 4. Click "*Build your own template in the editor*" 7 | 5. Load the "*mainTemplate.json*" file from this directory and click "*Save*" 8 | 6. Enter the desired template parameters 9 | - Replace the "*Base Url*" property with: 10 | ``` 11 | https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/deprecated/azure/templates/single-r7730 12 | ``` 13 | 7. Click *Purchase* to deploy the solution 14 | -------------------------------------------------------------------------------- /deprecated/azure/templates/R7730/vmss-r7730/README.MD: -------------------------------------------------------------------------------- 1 | # How to deploy this template 2 | To deploy this ARM template, follow these instructions: 3 | 1. Log in to the [Microsoft Azure Portal](https://portal.azure.com) 4 | 2. Click "*Create a resource*" 5 | 3. Search for "*Template deployment (deploy using custom templates)*" and click "*Create*" 6 | 4. Click "*Build your own template in the editor*" 7 | 5. Load the "*mainTemplate.json*" file from this directory and click "*Save*" 8 | 6. Enter the desired template parameters 9 | - Replace the "*Base Url*" property with: 10 | ``` 11 | https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/deprecated/azure/templates/vmss-r7730 12 | ``` 13 | 7. Click *Purchase* to deploy the solution 14 | -------------------------------------------------------------------------------- /deprecated/azure/templates/R8030/ha-r8030/README.MD: -------------------------------------------------------------------------------- 1 | # How to deploy this template 2 | To deploy this ARM template, follow these instructions: 3 | 1. Log in to the [Microsoft Azure Portal](https://portal.azure.com) 4 | 2. Click "*Create a resource*" 5 | 3. Search for "*Template deployment (deploy using custom templates)*" and click "*Create*" 6 | 4. Click "*Build your own template in the editor*" 7 | 5. Load the "*mainTemplate.json*" file from this directory and click "*Save*" 8 | 6. Enter the desired template parameters 9 | - Replace the "*_artifacts Location*" property with: 10 | ``` 11 | https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/deprecated/azure/templates/ha-r8030/ 12 | ``` 13 | 7. Click *Purchase* to deploy the solution 14 | -------------------------------------------------------------------------------- /deprecated/azure/templates/R8030/mds-r8030/README.MD: -------------------------------------------------------------------------------- 1 | # How to deploy this template 2 | To deploy this ARM template, follow these instructions: 3 | 1. Log in to the [Microsoft Azure Portal](https://portal.azure.com) 4 | 2. Click "*Create a resource*" 5 | 3. Search for "*Template deployment (deploy using custom templates)*" and click "*Create*" 6 | 4. Click "*Build your own template in the editor*" 7 | 5. Load the "*mainTemplate.json*" file from this directory and click "*Save*" 8 | 6. Enter the desired template parameters 9 | - Replace the "*_artifacts Location*" property with: 10 | ``` 11 | https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/deprecated/azure/templates/mds-r8030/ 12 | ``` 13 | 7. Click *Purchase* to deploy the solution 14 | -------------------------------------------------------------------------------- /deprecated/azure/templates/README.MD: -------------------------------------------------------------------------------- 1 | # Deprecated Azure Resource Manager templates 2 | This directory contains deprecated CloudGuard IaaS solution templates. 3 | 4 | # How to deploy the templates 5 | To deploy the ARM templates follow the instructions in the README.MD file in each directory. 6 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.30/autoscale-byol-R80.30/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8110-gw-byol-mig-335-985-v20220126", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.30/autoscale-payg-R80.30/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8110-gw-payg-mig-335-985-v20220126", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.30/ha-byol-R80.30/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8110-gw-byol-cluster-335-985-v20220126", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.30/ha-payg-R80.30/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8110-gw-payg-cluster-335-985-v20220126", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.30/single-byol-R80.30/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "SINGLE_VM", 3 | "imageName": "check-point-r8110-gw-byol-single-335-985-v20220126", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.30/single-payg-R80.30/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "SINGLE_VM", 3 | "imageName": "check-point-r8110-gw-payg-single-335-985-v20220126", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.40-R81/autoscale-byol/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8120-gw-byol-mig-631-991001475-v20231221", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.40-R81/autoscale-payg/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8120-gw-payg-mig-631-991001475-v20231221", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.40-R81/ha-byol/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8120-gw-byol-cluster-631-991001475-v20231221", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.40-R81/ha-payg/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8120-gw-payg-cluster-631-991001475-v20231221", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.40-R81/single-byol/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "SINGLE_VM", 3 | "imageName": "check-point-r8120-gw-byol-single-631-991001475-v20231221", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/R80.40-R81/single-payg/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "SINGLE_VM", 3 | "imageName": "check-point-r8120-gw-payg-single-631-991001475-v20231221", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /deprecated/gcp/README.MD: -------------------------------------------------------------------------------- 1 | # Deprecated CloudGuard IaaS GCP Deployment Manager packages 2 | This directory contains deprecated CloudGuard IaaS solution templates. 3 | 4 | # How to deploy the templates 5 | To deploy the Deployment Manager packages follow the instructions in the README.MD file in each directory. -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/cluster/cluster_member_a_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py managementIpAddress=\"${ManagementIpAddress}\" sicKey=\"${SICKey}\" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230615\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" "smart1CloudToken=\"${TokenA}\"" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/cluster/cluster_member_b_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py managementIpAddress=\"${ManagementIpAddress}\" sicKey=\"${SICKey}\" installationType=\"cluster\" osVersion=\"{OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230615\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" "smart1CloudToken=\"${TokenB}\"" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/gateway-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/gateway/output.tf: -------------------------------------------------------------------------------- 1 | output "image_id" { 2 | value = module.images.image_id 3 | } 4 | output "permissive_sg_id" { 5 | value = module.common_permissive_sg.permissive_sg_id 6 | } 7 | output "permissive_sg_name" { 8 | value = module.common_permissive_sg.permissive_sg_name 9 | } 10 | output "gateway_eip_id" { 11 | value = module.common_eip.instance_eip_id 12 | } 13 | output "gateway_eip_public_ip" { 14 | value = module.common_eip.instance_eip_public_ip 15 | } 16 | output "gateway_instance_id" { 17 | value = module.common_gateway_instance.gateway_instance_id 18 | } 19 | output "gateway_instance_name" { 20 | value = module.common_gateway_instance.gateway_instance_name 21 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/gateway/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/management-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/management/management_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230615\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" primary=\"${IsPrimary}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" "overTheInternet=\"${GatewayManagement}\"" bootstrapScript64=\"${BootstrapScript}\" 5 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/management/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished" 3 | } 4 | 5 | output "image_id" { 6 | value = module.images.image_id 7 | } 8 | output "management_instance_id" { 9 | value = alicloud_instance.management_instance.id 10 | } 11 | output "management_instance_name" { 12 | value = alicloud_instance.management_instance.tags["Name"] 13 | } 14 | output "management_instance_tags" { 15 | value = alicloud_instance.management_instance.tags 16 | } 17 | output "management_public_ip" { 18 | value = module.common_eip.instance_eip_public_ip 19 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/management/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/cluster-ram-role/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | ram_role_name = format("%s-ram-role-%s", var.gateway_name, random_id.ram_uuid.hex) 3 | ram_policy_name = format("%s-ram-policy-%s", var.gateway_name, random_id.ram_uuid.hex) 4 | 5 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/cluster-ram-role/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_ram_role" { 2 | value = alicloud_ram_role.ram_role.id 3 | } 4 | output "cluster_ram_role_name" { 5 | value = alicloud_ram_role.ram_role.name 6 | } 7 | output "cluster_ram_role_arn" { 8 | value = alicloud_ram_role.ram_role.arn 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/cluster-ram-role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "gateway_name" { 2 | type = string 3 | description = "Gateway name" 4 | default = "tf-cluster" 5 | } 6 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/cluster-ram-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/elastic_ip/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | allocate_and_associate_eip_condition = var.allocate_and_associate_eip == true ? 1 : 0 3 | // https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/eip_association#instance_type 4 | association_instance_type_allowed_values = [ 5 | "EcsInstance", 6 | "SlbInstance", 7 | "Nat", 8 | "NetworkInterface"] 9 | // Will fail if var.association_instance_type is invalid 10 | validate_association_instance_type = index(local.association_instance_type_allowed_values, var.association_instance_type) 11 | 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/elastic_ip/main.tf: -------------------------------------------------------------------------------- 1 | resource "alicloud_eip" "instance_eip" { 2 | count = local.allocate_and_associate_eip_condition 3 | address_name = var.eip_name 4 | } 5 | resource "alicloud_eip_association" "address_assoc" { 6 | count = local.allocate_and_associate_eip_condition 7 | allocation_id = alicloud_eip.instance_eip[count.index].id 8 | instance_id = var.instance_id 9 | instance_type = var.association_instance_type 10 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/elastic_ip/output.tf: -------------------------------------------------------------------------------- 1 | output "instance_eip_id" { 2 | value = alicloud_eip.instance_eip.*.id 3 | } 4 | output "instance_eip_public_ip" { 5 | value = alicloud_eip.instance_eip.*.ip_address 6 | } 7 | 8 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/elastic_ip/variables.tf: -------------------------------------------------------------------------------- 1 | variable "allocate_and_associate_eip" { 2 | type = bool 3 | description = "If set to TRUE, an elastic IP will be allocated and associated with the launched instance" 4 | default = true 5 | } 6 | 7 | variable "eip_name" { 8 | type = string 9 | description = "Elastic IP resource name" 10 | default = "tf-eip" 11 | } 12 | 13 | variable "instance_id" { 14 | type = string 15 | description = "The instance id of the cloud resource to bind the eip to" 16 | } 17 | 18 | variable "association_instance_type" { 19 | type = string 20 | description = "The type of cloud resource to bind the eip to" 21 | default = "EcsInstance" 22 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/elastic_ip/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/gateway_instance/gateway_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenKey}\"" installationType=\"gateway\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"gateway\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/gateway_instance/output.tf: -------------------------------------------------------------------------------- 1 | output "gateway_instance_id" { 2 | value = alicloud_instance.gateway_instance.id 3 | } 4 | output "gateway_instance_name" { 5 | value = alicloud_instance.gateway_instance.tags["Name"] 6 | } 7 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/gateway_instance/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/instance_type/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management" 10 | //"server" 11 | ] 12 | // Will fail if var.chkp_type is invalid 13 | validate_instance_type = index(local.type_allowed_values, var.chkp_type) 14 | } 15 | 16 | variable "instance_type" { 17 | type = string 18 | description = "Alicloud Instance type" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/instance_type/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/internal_default_route/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | internal_route_table_condition = var.private_route_table != "" ? 1 : 0 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/internal_default_route/main.tf: -------------------------------------------------------------------------------- 1 | resource "alicloud_route_entry" "internal_default_route" { 2 | count = local.internal_route_table_condition 3 | route_table_id = var.private_route_table 4 | destination_cidrblock = "0.0.0.0/0" 5 | nexthop_type = "NetworkInterface" 6 | nexthop_id = var.internal_eni_id 7 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/internal_default_route/output.tf: -------------------------------------------------------------------------------- 1 | output "internal_default_route_id" { 2 | value = alicloud_route_entry.internal_default_route.*.id 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/internal_default_route/variables.tf: -------------------------------------------------------------------------------- 1 | variable "private_route_table" { 2 | type = string 3 | description = "Sets '0.0.0.0/0' route to the Gateway instance in the specified route table (e.g. rtb-12a34567)" 4 | default="" 5 | } 6 | variable "internal_eni_id" { 7 | type = string 8 | description = "The internal-eni of the security gateway" 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/internal_default_route/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/permissive_sg/output.tf: -------------------------------------------------------------------------------- 1 | output "permissive_sg_id" { 2 | value = alicloud_security_group.permissive_sg.id 3 | } 4 | output "permissive_sg_name" { 5 | value = alicloud_security_group.permissive_sg.name 6 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/permissive_sg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id" { 2 | type = string 3 | } 4 | variable "resources_tag_name" { 5 | type = string 6 | description = "(Optional)" 7 | default = "" 8 | } 9 | variable "gateway_name" { 10 | type = string 11 | description = "(Optional) The name tag of the Security Gateway instances" 12 | default = "Check-Point-Gateway-tf" 13 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/permissive_sg/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/version_license/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management", 10 | "standalone",] 11 | // Will fail if var.chkp_type is invalid 12 | validate_chkp_type = index(local.type_allowed_values, var.chkp_type) 13 | } 14 | 15 | variable "version_license" { 16 | type = string 17 | description = "AliCloud Version license" 18 | } 19 | 20 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/common/version_license/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/images/output.tf: -------------------------------------------------------------------------------- 1 | output "image_id" { 2 | value = local.image_id 3 | } 4 | output "version_license_with_sufix" { 5 | value = local.version_license_key 6 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/images/variables.tf: -------------------------------------------------------------------------------- 1 | data "alicloud_regions" "current" { 2 | current = true 3 | } 4 | locals { 5 | region = data.alicloud_regions.current.regions.0.id 6 | } 7 | 8 | // --- Version and license --- 9 | variable "chkp_type" { 10 | type = string 11 | description = "The Check Point machine type" 12 | default = "gateway" 13 | } 14 | 15 | variable "version_license" { 16 | type = string 17 | description = "Version and license" 18 | default = "R81.20-BYOL" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/images/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/vpc/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | regex_valid_cidr = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" 3 | 4 | // Will fail if var.vpc_cidr is invalid 5 | regex_vpc_cidr = regex(local.regex_valid_cidr, var.vpc_cidr) == var.vpc_cidr ? 0 : "Variable [vpc_cidr] must be a valid vpc cidr" 6 | } -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = alicloud_vpc.vpc.id 3 | } 4 | output "vpc_name" { 5 | value = alicloud_vpc.vpc.name 6 | } 7 | output "public_vswitchs_ids_list" { 8 | value = [for public_vswitch in alicloud_vswitch.publicVsw : public_vswitch.id ] 9 | } 10 | output "management_vswitchs_ids_list" { 11 | value = [for management_vswitch in alicloud_vswitch.managementVsw : management_vswitch.id ] 12 | } 13 | output "private_vswitchs_ids_list" { 14 | value = [for private_vswitch in alicloud_vswitch.privateVsw : private_vswitch.id] 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/ali/R81/modules/vpc/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/autoscale-gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/autoscale/asg_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${BootstrapScript}\" 5 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/autoscale/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cme-iam-role-gwlb/output.tf: -------------------------------------------------------------------------------- 1 | output "cme_iam_role_arn" { 2 | value = aws_iam_role.cme_iam_role_gwlb.arn 3 | } 4 | output "cme_iam_role_name" { 5 | value = aws_iam_role.cme_iam_role_gwlb.name 6 | } 7 | output "cme_iam_profile_name" { 8 | value = aws_iam_instance_profile.iam_instance_profile.name 9 | } 10 | output "cme_iam_profile_arn" { 11 | value = aws_iam_instance_profile.iam_instance_profile.arn 12 | } 13 | 14 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cme-iam-role-gwlb/terraform.tfvars: -------------------------------------------------------------------------------- 1 | //PLEASE refer to README.md for accepted values FOR THE VARIABLES BELOW 2 | 3 | permissions = "Create with read permissions" 4 | sts_roles = [] 5 | trusted_account = "" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cme-iam-role-gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cme-iam-role/output.tf: -------------------------------------------------------------------------------- 1 | output "cme_iam_role_arn" { 2 | value = aws_iam_role.cme_iam_role.arn 3 | } 4 | output "cme_iam_role_name" { 5 | value = aws_iam_role.cme_iam_role.name 6 | } 7 | output "cme_iam_profile_name" { 8 | value = aws_iam_instance_profile.iam_instance_profile.name 9 | } 10 | output "cme_iam_profile_arn" { 11 | value = aws_iam_instance_profile.iam_instance_profile.arn 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cme-iam-role/terraform.tfvars: -------------------------------------------------------------------------------- 1 | //PLEASE refer to README.md for accepted values FOR THE VARIABLES BELOW 2 | 3 | permissions = "Create with read permissions" 4 | sts_roles = [] 5 | trusted_account = "" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cme-iam-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cross-az-cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/cross-az-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/gateway-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/gateway/output.tf: -------------------------------------------------------------------------------- 1 | output "ami_id" { 2 | value = module.amis.ami_id 3 | } 4 | output "permissive_sg_id" { 5 | value = module.common_permissive_sg.permissive_sg_id 6 | } 7 | output "permissive_sg_name" { 8 | value = module.common_permissive_sg.permissive_sg_name 9 | } 10 | output "gateway_url" { 11 | value = format("https://%s", module.common_eip.gateway_eip_public_ip[0]) 12 | } 13 | output "gateway_public_ip" { 14 | value = module.common_eip.gateway_eip_public_ip 15 | } 16 | output "gateway_instance_id" { 17 | value = module.common_gateway_instance.gateway_instance_id 18 | } 19 | output "gateway_instance_name" { 20 | value = module.common_gateway_instance.gateway_instance_name 21 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/gateway/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/gwlb-master/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing instances configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | output "management_public_ip" { 5 | depends_on = [module.gwlb] 6 | value = module.gwlb[*].management_public_ip 7 | } 8 | output "gwlb_arn" { 9 | depends_on = [module.gwlb] 10 | value = module.gwlb[*].gwlb_arn 11 | } 12 | output "gwlb_service_name" { 13 | depends_on = [module.gwlb] 14 | value = module.gwlb[*].gwlb_service_name 15 | } 16 | output "gwlb_name" { 17 | value = var.gateway_load_balancer_name 18 | } 19 | output "controller_name" { 20 | value = "gwlb-controller" 21 | } 22 | output "template_name" { 23 | value = var.configuration_template 24 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/gwlb-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/management/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | 5 | output "management_instance_id" { 6 | value = aws_instance.management-instance.id 7 | } 8 | output "management_instance_name" { 9 | value = aws_instance.management-instance.tags["Name"] 10 | } 11 | output "management_instance_tags" { 12 | value = aws_instance.management-instance.tags 13 | } 14 | output "management_public_ip" { 15 | value = aws_instance.management-instance.public_ip 16 | } 17 | output "management_url" { 18 | value = format("https://%s", aws_instance.management-instance.public_ip) 19 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/management/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/mds/mds_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"mds\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"mds\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" primary=\"${IsPrimary}\" secondary=\"${IsSecondary}\" adminSubnet=\"${AdminSubnet}\" bootstrapScript64=\"${BootstrapScript}\" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/mds/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | 5 | output "mds_instance_id" { 6 | value = aws_instance.mds-instance.id 7 | } 8 | output "mds_instance_name" { 9 | value = aws_instance.mds-instance.tags["Name"] 10 | } 11 | output "mds_instance_tags" { 12 | value = aws_instance.mds-instance.tags 13 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/mds/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/amis/output.tf: -------------------------------------------------------------------------------- 1 | output "ami_id" { 2 | value = local.ami_id 3 | } 4 | output "version_license_with_suffix" { 5 | value = local.version_license_key 6 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/amis/variables.tf: -------------------------------------------------------------------------------- 1 | variable "amis_url" { 2 | type = string 3 | description = "URL to amis.yaml" 4 | default = "https://cgi-cfts-staging.s3.amazonaws.com/utils/amis.yaml" 5 | } 6 | 7 | data "http" "amis_yaml_http" { 8 | url = var.amis_url 9 | } 10 | 11 | data "aws_region" "current" {} 12 | locals { 13 | region = data.aws_region.current.name 14 | } 15 | 16 | // --- Version & License --- 17 | variable "chkp_type" { 18 | type = string 19 | description = "The Check Point machine type" 20 | default = "gateway" 21 | } 22 | variable "version_license" { 23 | type = string 24 | description = "Version and license" 25 | } 26 | 27 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/cloudwatch-policy/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "policy_document" { 2 | version = "2012-10-17" 3 | statement { 4 | actions = ["cloudwatch:PutMetricData"] 5 | effect = "Allow" 6 | resources = ["*"] 7 | } 8 | } 9 | 10 | resource "aws_iam_policy" "policy" { 11 | name_prefix = format("%s-iam_policy", var.tag_name) 12 | policy = data.aws_iam_policy_document.policy_document.json 13 | } 14 | 15 | resource "aws_iam_role_policy_attachment" "attachment" { 16 | role = var.role 17 | policy_arn = aws_iam_policy.policy.arn 18 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/cloudwatch-policy/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tag_name" { 2 | type = string 3 | description = "(Optional) IAM policy name prefix" 4 | default = "cloudwatch" 5 | } 6 | variable "role" { 7 | type = string 8 | description = "A IAM role to attach the cloudwatch policy to it" 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/cluster-iam-role/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_iam_role" { 2 | value = aws_iam_role.cluster_iam_role 3 | } 4 | output "cluster_iam_role_arn" { 5 | value = aws_iam_role.cluster_iam_role.arn 6 | } 7 | output "cluster_iam_role_name" { 8 | value = aws_iam_role.cluster_iam_role.name 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/elastic_ip/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | allocate_and_associate_eip_condition = var.allocate_and_associate_eip == true ? 1 : 0 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/elastic_ip/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eip" "gateway_eip" { 2 | count = local.allocate_and_associate_eip_condition 3 | network_interface = var.external_eni_id 4 | } 5 | resource "aws_eip_association" "address_assoc" { 6 | count = local.allocate_and_associate_eip_condition 7 | allocation_id = aws_eip.gateway_eip[count.index].id 8 | network_interface_id = var.external_eni_id 9 | private_ip_address = var.private_ip_address 10 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/elastic_ip/output.tf: -------------------------------------------------------------------------------- 1 | output "gateway_eip_id" { 2 | value = aws_eip.gateway_eip.*.id 3 | } 4 | output "gateway_eip_public_ip" { 5 | value = aws_eip.gateway_eip.*.public_ip 6 | } 7 | output "gateway_eip_attached_instance" { 8 | value = aws_eip.gateway_eip.*.instance 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/elastic_ip/variables.tf: -------------------------------------------------------------------------------- 1 | variable "allocate_and_associate_eip" { 2 | type = bool 3 | description = "If set to TRUE, an elastic IP will be allocated and associated with the launched instance" 4 | default = true 5 | } 6 | variable "external_eni_id" { 7 | type = string 8 | description = "The external-eni of the security gateway" 9 | } 10 | variable "private_ip_address" { 11 | type = string 12 | description = "The primary or secondary private IP address to associate with the Elastic IP address. " 13 | } 14 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/gateway_instance/gateway_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenKey}\"" installationType=\"gateway\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"gateway\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/gateway_instance/output.tf: -------------------------------------------------------------------------------- 1 | output "gateway_instance_id" { 2 | value = aws_instance.gateway_instance.id 3 | } 4 | output "gateway_instance_arn" { 5 | value = aws_instance.gateway_instance.arn 6 | } 7 | output "gateway_instance_name" { 8 | value = aws_instance.gateway_instance.tags["Name"] 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/instance_type/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management", 10 | "mds", 11 | "standalone", 12 | "server" 13 | ] 14 | // Will fail if var.chkp_type is invalid 15 | validate_instance_type = index(local.type_allowed_values, var.chkp_type) 16 | } 17 | 18 | variable "instance_type" { 19 | type = string 20 | description = "AWS Instance type" 21 | } 22 | 23 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/internal_default_route/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | internal_route_table_condition = var.private_route_table != "" ? 1 : 0 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/internal_default_route/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route" "internal_default_route" { 2 | count = local.internal_route_table_condition 3 | route_table_id = var.private_route_table 4 | destination_cidr_block = "0.0.0.0/0" 5 | network_interface_id = var.internal_eni_id 6 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/internal_default_route/output.tf: -------------------------------------------------------------------------------- 1 | output "internal_default_route_id" { 2 | value = aws_route.internal_default_route.*.id 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/internal_default_route/variables.tf: -------------------------------------------------------------------------------- 1 | variable "private_route_table" { 2 | type = string 3 | description = "Sets '0.0.0.0/0' route to the Gateway instance in the specified route table (e.g. rtb-12a34567)" 4 | default="" 5 | } 6 | variable "internal_eni_id" { 7 | type = string 8 | description = "The internal-eni of the security gateway" 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/load_balancer/output.tf: -------------------------------------------------------------------------------- 1 | output "load_balancer_id" { 2 | value = aws_lb.load_balancer.id 3 | } 4 | output "load_balancer_arn" { 5 | value = aws_lb.load_balancer.arn 6 | } 7 | output "load_balancer_url" { 8 | value = aws_lb.load_balancer.dns_name 9 | } 10 | output "target_group_id" { 11 | value = aws_lb_target_group.lb_target_group.id 12 | } 13 | output "target_group_arn" { 14 | value = aws_lb_target_group.lb_target_group.arn 15 | } 16 | output "load_balancer_tags" { 17 | value = aws_lb.load_balancer.tags 18 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/permissive_sg/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "permissive_sg" { 2 | description = "Permissive security group" 3 | vpc_id = var.vpc_id 4 | egress { 5 | from_port = 0 6 | to_port = 0 7 | protocol = "-1" 8 | cidr_blocks = ["0.0.0.0/0"] 9 | } 10 | ingress { 11 | from_port = 0 12 | to_port = 0 13 | protocol = "-1" 14 | cidr_blocks = ["0.0.0.0/0"] 15 | } 16 | name_prefix = format("%s-PermissiveSecurityGroup", var.resources_tag_name != "" ? var.resources_tag_name : var.gateway_name) // Group name 17 | tags = { 18 | Name = format("%s-PermissiveSecurityGroup", var.resources_tag_name != "" ? var.resources_tag_name : var.gateway_name) // Resource name 19 | } 20 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/permissive_sg/output.tf: -------------------------------------------------------------------------------- 1 | output "permissive_sg_id" { 2 | value = aws_security_group.permissive_sg.id 3 | } 4 | output "permissive_sg_name" { 5 | value = aws_security_group.permissive_sg.name 6 | } 7 | output "permissive_sg_arn" { 8 | value = aws_security_group.permissive_sg.arn 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/permissive_sg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id" { 2 | type = string 3 | } 4 | variable "resources_tag_name" { 5 | type = string 6 | description = "(Optional)" 7 | default = "" 8 | } 9 | variable "gateway_name" { 10 | type = string 11 | description = "(Optional) The name tag of the Security Gateway instances" 12 | default = "Check-Point-Gateway-tf" 13 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/common/version_license/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management", 10 | "mds", 11 | "standalone", 12 | "gwlb_gw"] 13 | // Will fail if var.chkp_type is invalid 14 | validate_chkp_type = index(local.type_allowed_values, var.chkp_type) 15 | } 16 | 17 | variable "version_license" { 18 | type = string 19 | description = "AWS Version license" 20 | } 21 | 22 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/custom-autoscale/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | asg_name = format("%s%s-servers", var.prefix != "" ? format("%s-", var.prefix) : "", var.asg_name) 3 | 4 | regex_valid_server_ami = "^(ami-(([0-9a-f]{8})|([0-9a-f]{17})))?$" 5 | // Will fail if var.server_ami is invalid 6 | regex_server_ami = regex(local.regex_valid_server_ami, var.server_ami) == var.server_ami ? 0 : "Amazon Machine Image ID must be in the form ami-xxxxxxxx or ami-xxxxxxxxxxxxxxxxx" 7 | 8 | provided_target_groups_condition = var.servers_target_groups != "" ? true : false 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/modules/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = aws_vpc.vpc.id 3 | } 4 | output "public_subnets_ids_list" { 5 | value = [for public_subnet in aws_subnet.public_subnets : public_subnet.id ] 6 | } 7 | output "private_subnets_ids_list" { 8 | value = [for private_subnet in aws_subnet.private_subnets : private_subnet.id] 9 | } 10 | output "tgw_subnets_ids_list" { 11 | value = [for tgw_subnet in aws_subnet.tgw_subnets : tgw_subnet.id] 12 | } 13 | output "public_rtb" { 14 | value = aws_route_table.public_subnet_rtb.id 15 | } 16 | output "aws_igw" { 17 | value = aws_internet_gateway.igw.id 18 | } 19 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/qs-autoscale-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/qs-autoscale/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/standalone-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/standalone/output.tf: -------------------------------------------------------------------------------- 1 | output "standalone_instance_id" { 2 | value = aws_instance.standalone-instance.id 3 | } 4 | output "standalone_instance_name" { 5 | value = aws_instance.standalone-instance.tags["Name"] 6 | } 7 | output "standalone_public_ip" { 8 | value = aws_instance.standalone-instance.public_ip 9 | } 10 | output "standalone_ssh" { 11 | value = format("ssh -i %s admin@%s", var.key_name, aws_instance.standalone-instance.public_ip) 12 | } 13 | output "standalone_url" { 14 | value = format("https://%s", aws_instance.standalone-instance.public_ip) 15 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/standalone/standalone_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" installationType=\"standalone\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"standalone\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" bootstrapScript64=\"${StandaloneBootstrapScript}\" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/standalone/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tap/Check Point NOW onboarding page.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/aws/R80.40/tap/Check Point NOW onboarding page.docx -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tap/CheckPoint_NOW_onboarding_page.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/aws/R80.40/tap/CheckPoint_NOW_onboarding_page.pdf -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tap/terraform.tfvars: -------------------------------------------------------------------------------- 1 | //PLEASE refer to README.md for accepted values FOR THE VARIABLES BELOW 2 | 3 | // --- VPC Network Configuration --- 4 | vpc_id = "vpc-12345678" 5 | external_subnet_id = "subnet-abc123" 6 | internal_subnet_id = "subnet-def456" 7 | resources_tag_name = "env1" 8 | 9 | // --- TAP Configuration --- 10 | registration_key = "10:10:10:10:10:10" 11 | vxlan_id = 10 12 | blacklist_tags = { 13 | env = "staging" 14 | state = "stable" 15 | } 16 | schedule_scan_interval = 60 17 | 18 | // --- EC2 Instance Configuration --- 19 | instance_name = "tap-gateway" 20 | instance_type = "c5.xlarge" 21 | key_name = "publickey" 22 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tgw-asg-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tgw-asg/output.tf: -------------------------------------------------------------------------------- 1 | output "management_instance_name" { 2 | value = module.management[0].management_instance_name 3 | } 4 | output "configuration_template" { 5 | value = var.configuration_template 6 | } 7 | output "controller_name" { 8 | value = "tgw-controller" 9 | } 10 | output "management_public_ip" { 11 | value = module.management[0].management_public_ip 12 | } 13 | output "management_url" { 14 | value = module.management[0].management_url 15 | } 16 | output "autoscaling_group_name" { 17 | value = module.autoscale.autoscale_autoscaling_group_name 18 | } 19 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tgw-asg/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tgw-cross-az-cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tgw-cross-az-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tgw-gwlb-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tgw-gwlb/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing instances configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | output "management_public_ip" { 5 | depends_on = [module.gwlb] 6 | value = module.gwlb[*].management_public_ip 7 | } 8 | output "gwlb_arn" { 9 | depends_on = [module.gwlb] 10 | value = module.gwlb[*].gwlb_arn 11 | } 12 | output "gwlb_service_name" { 13 | depends_on = [module.gwlb] 14 | value = module.gwlb[*].gwlb_service_name 15 | } 16 | output "gwlb_name" { 17 | value = var.gateway_load_balancer_name 18 | } 19 | output "controller_name" { 20 | value = "gwlb-controller" 21 | } 22 | output "template_name" { 23 | value = var.configuration_template 24 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R80.40/tgw-gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/autoscale-gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/autoscale/asg_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${BootstrapScript}\" 5 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/autoscale/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cme-iam-role-gwlb/output.tf: -------------------------------------------------------------------------------- 1 | output "cme_iam_role_arn" { 2 | value = aws_iam_role.cme_iam_role_gwlb.arn 3 | } 4 | output "cme_iam_role_name" { 5 | value = aws_iam_role.cme_iam_role_gwlb.name 6 | } 7 | output "cme_iam_profile_name" { 8 | value = aws_iam_instance_profile.iam_instance_profile.name 9 | } 10 | output "cme_iam_profile_arn" { 11 | value = aws_iam_instance_profile.iam_instance_profile.arn 12 | } 13 | 14 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cme-iam-role-gwlb/terraform.tfvars: -------------------------------------------------------------------------------- 1 | //PLEASE refer to README.md for accepted values FOR THE VARIABLES BELOW 2 | 3 | permissions = "Create with read permissions" 4 | sts_roles = [] 5 | trusted_account = "" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cme-iam-role-gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cme-iam-role/output.tf: -------------------------------------------------------------------------------- 1 | output "cme_iam_role_arn" { 2 | value = aws_iam_role.cme_iam_role.arn 3 | } 4 | output "cme_iam_role_name" { 5 | value = aws_iam_role.cme_iam_role.name 6 | } 7 | output "cme_iam_profile_name" { 8 | value = aws_iam_instance_profile.iam_instance_profile.name 9 | } 10 | output "cme_iam_profile_arn" { 11 | value = aws_iam_instance_profile.iam_instance_profile.arn 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cme-iam-role/terraform.tfvars: -------------------------------------------------------------------------------- 1 | //PLEASE refer to README.md for accepted values FOR THE VARIABLES BELOW 2 | 3 | permissions = "Create with read permissions" 4 | sts_roles = [] 5 | trusted_account = "" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cme-iam-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cross-az-cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/cross-az-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/gateway-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/gateway/output.tf: -------------------------------------------------------------------------------- 1 | output "ami_id" { 2 | value = module.amis.ami_id 3 | } 4 | output "permissive_sg_id" { 5 | value = module.common_permissive_sg.permissive_sg_id 6 | } 7 | output "permissive_sg_name" { 8 | value = module.common_permissive_sg.permissive_sg_name 9 | } 10 | output "gateway_url" { 11 | value = format("https://%s", module.common_eip.gateway_eip_public_ip[0]) 12 | } 13 | output "gateway_public_ip" { 14 | value = module.common_eip.gateway_eip_public_ip 15 | } 16 | output "gateway_instance_id" { 17 | value = module.common_gateway_instance.gateway_instance_id 18 | } 19 | output "gateway_instance_name" { 20 | value = module.common_gateway_instance.gateway_instance_name 21 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/gateway/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/gwlb-master/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing instances configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | output "management_public_ip" { 5 | depends_on = [module.gwlb] 6 | value = module.gwlb[*].management_public_ip 7 | } 8 | output "gwlb_arn" { 9 | depends_on = [module.gwlb] 10 | value = module.gwlb[*].gwlb_arn 11 | } 12 | output "gwlb_service_name" { 13 | depends_on = [module.gwlb] 14 | value = module.gwlb[*].gwlb_service_name 15 | } 16 | output "gwlb_name" { 17 | value = var.gateway_load_balancer_name 18 | } 19 | output "controller_name" { 20 | value = "gwlb-controller" 21 | } 22 | output "template_name" { 23 | value = var.configuration_template 24 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/gwlb-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/management/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | 5 | output "management_instance_id" { 6 | value = aws_instance.management-instance.id 7 | } 8 | output "management_instance_name" { 9 | value = aws_instance.management-instance.tags["Name"] 10 | } 11 | output "management_instance_tags" { 12 | value = aws_instance.management-instance.tags 13 | } 14 | output "management_public_ip" { 15 | value = aws_instance.management-instance.public_ip 16 | } 17 | output "management_url" { 18 | value = format("https://%s", aws_instance.management-instance.public_ip) 19 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/management/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/mds/mds_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"mds\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"mds\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" primary=\"${IsPrimary}\" secondary=\"${IsSecondary}\" adminSubnet=\"${AdminSubnet}\" bootstrapScript64=\"${BootstrapScript}\" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/mds/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | 5 | output "mds_instance_id" { 6 | value = aws_instance.mds-instance.id 7 | } 8 | output "mds_instance_name" { 9 | value = aws_instance.mds-instance.tags["Name"] 10 | } 11 | output "mds_instance_tags" { 12 | value = aws_instance.mds-instance.tags 13 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/mds/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/amis/output.tf: -------------------------------------------------------------------------------- 1 | output "ami_id" { 2 | value = local.ami_id 3 | } 4 | output "version_license_with_suffix" { 5 | value = local.version_license_key 6 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/amis/variables.tf: -------------------------------------------------------------------------------- 1 | variable "amis_url" { 2 | type = string 3 | description = "URL to amis.yaml" 4 | default = "https://cgi-cfts-staging.s3.amazonaws.com/utils/amis.yaml" 5 | } 6 | 7 | data "http" "amis_yaml_http" { 8 | url = var.amis_url 9 | } 10 | 11 | data "aws_region" "current" {} 12 | locals { 13 | region = data.aws_region.current.name 14 | } 15 | 16 | // --- Version & License --- 17 | variable "chkp_type" { 18 | type = string 19 | description = "The Check Point machine type" 20 | default = "gateway" 21 | } 22 | variable "version_license" { 23 | type = string 24 | description = "Version and license" 25 | } 26 | 27 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/cloudwatch-policy/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "policy_document" { 2 | version = "2012-10-17" 3 | statement { 4 | actions = ["cloudwatch:PutMetricData"] 5 | effect = "Allow" 6 | resources = ["*"] 7 | } 8 | } 9 | 10 | resource "aws_iam_policy" "policy" { 11 | name_prefix = format("%s-iam_policy", var.tag_name) 12 | policy = data.aws_iam_policy_document.policy_document.json 13 | } 14 | 15 | resource "aws_iam_role_policy_attachment" "attachment" { 16 | role = var.role 17 | policy_arn = aws_iam_policy.policy.arn 18 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/cloudwatch-policy/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tag_name" { 2 | type = string 3 | description = "(Optional) IAM policy name prefix" 4 | default = "cloudwatch" 5 | } 6 | variable "role" { 7 | type = string 8 | description = "A IAM role to attach the cloudwatch policy to it" 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/cluster-iam-role/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_iam_role" { 2 | value = aws_iam_role.cluster_iam_role 3 | } 4 | output "cluster_iam_role_arn" { 5 | value = aws_iam_role.cluster_iam_role.arn 6 | } 7 | output "cluster_iam_role_name" { 8 | value = aws_iam_role.cluster_iam_role.name 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/elastic_ip/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | allocate_and_associate_eip_condition = var.allocate_and_associate_eip == true ? 1 : 0 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/elastic_ip/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eip" "gateway_eip" { 2 | count = local.allocate_and_associate_eip_condition 3 | network_interface = var.external_eni_id 4 | } 5 | resource "aws_eip_association" "address_assoc" { 6 | count = local.allocate_and_associate_eip_condition 7 | allocation_id = aws_eip.gateway_eip[count.index].id 8 | network_interface_id = var.external_eni_id 9 | private_ip_address = var.private_ip_address 10 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/elastic_ip/output.tf: -------------------------------------------------------------------------------- 1 | output "gateway_eip_id" { 2 | value = aws_eip.gateway_eip.*.id 3 | } 4 | output "gateway_eip_public_ip" { 5 | value = aws_eip.gateway_eip.*.public_ip 6 | } 7 | output "gateway_eip_attached_instance" { 8 | value = aws_eip.gateway_eip.*.instance 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/elastic_ip/variables.tf: -------------------------------------------------------------------------------- 1 | variable "allocate_and_associate_eip" { 2 | type = bool 3 | description = "If set to TRUE, an elastic IP will be allocated and associated with the launched instance" 4 | default = true 5 | } 6 | variable "external_eni_id" { 7 | type = string 8 | description = "The external-eni of the security gateway" 9 | } 10 | variable "private_ip_address" { 11 | type = string 12 | description = "The primary or secondary private IP address to associate with the Elastic IP address. " 13 | } 14 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/gateway_instance/gateway_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenKey}\"" installationType=\"gateway\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"gateway\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/gateway_instance/output.tf: -------------------------------------------------------------------------------- 1 | output "gateway_instance_id" { 2 | value = aws_instance.gateway_instance.id 3 | } 4 | output "gateway_instance_arn" { 5 | value = aws_instance.gateway_instance.arn 6 | } 7 | output "gateway_instance_name" { 8 | value = aws_instance.gateway_instance.tags["Name"] 9 | } 10 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/instance_type/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management", 10 | "mds", 11 | "standalone", 12 | "server" 13 | ] 14 | // Will fail if var.chkp_type is invalid 15 | validate_instance_type = index(local.type_allowed_values, var.chkp_type) 16 | } 17 | 18 | variable "instance_type" { 19 | type = string 20 | description = "AWS Instance type" 21 | } 22 | 23 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/internal_default_route/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | internal_route_table_condition = var.private_route_table != "" ? 1 : 0 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/internal_default_route/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route" "internal_default_route" { 2 | count = local.internal_route_table_condition 3 | route_table_id = var.private_route_table 4 | destination_cidr_block = "0.0.0.0/0" 5 | network_interface_id = var.internal_eni_id 6 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/internal_default_route/output.tf: -------------------------------------------------------------------------------- 1 | output "internal_default_route_id" { 2 | value = aws_route.internal_default_route.*.id 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/internal_default_route/variables.tf: -------------------------------------------------------------------------------- 1 | variable "private_route_table" { 2 | type = string 3 | description = "Sets '0.0.0.0/0' route to the Gateway instance in the specified route table (e.g. rtb-12a34567)" 4 | default="" 5 | } 6 | variable "internal_eni_id" { 7 | type = string 8 | description = "The internal-eni of the security gateway" 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/load_balancer/output.tf: -------------------------------------------------------------------------------- 1 | output "load_balancer_id" { 2 | value = aws_lb.load_balancer.id 3 | } 4 | output "load_balancer_arn" { 5 | value = aws_lb.load_balancer.arn 6 | } 7 | output "load_balancer_url" { 8 | value = aws_lb.load_balancer.dns_name 9 | } 10 | output "target_group_id" { 11 | value = aws_lb_target_group.lb_target_group.id 12 | } 13 | output "target_group_arn" { 14 | value = aws_lb_target_group.lb_target_group.arn 15 | } 16 | output "load_balancer_tags" { 17 | value = aws_lb.load_balancer.tags 18 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/permissive_sg/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "permissive_sg" { 2 | description = "Permissive security group" 3 | vpc_id = var.vpc_id 4 | egress { 5 | from_port = 0 6 | to_port = 0 7 | protocol = "-1" 8 | cidr_blocks = ["0.0.0.0/0"] 9 | } 10 | ingress { 11 | from_port = 0 12 | to_port = 0 13 | protocol = "-1" 14 | cidr_blocks = ["0.0.0.0/0"] 15 | } 16 | name_prefix = format("%s-PermissiveSecurityGroup", var.resources_tag_name != "" ? var.resources_tag_name : var.gateway_name) // Group name 17 | tags = { 18 | Name = format("%s-PermissiveSecurityGroup", var.resources_tag_name != "" ? var.resources_tag_name : var.gateway_name) // Resource name 19 | } 20 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/permissive_sg/output.tf: -------------------------------------------------------------------------------- 1 | output "permissive_sg_id" { 2 | value = aws_security_group.permissive_sg.id 3 | } 4 | output "permissive_sg_name" { 5 | value = aws_security_group.permissive_sg.name 6 | } 7 | output "permissive_sg_arn" { 8 | value = aws_security_group.permissive_sg.arn 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/permissive_sg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id" { 2 | type = string 3 | } 4 | variable "resources_tag_name" { 5 | type = string 6 | description = "(Optional)" 7 | default = "" 8 | } 9 | variable "gateway_name" { 10 | type = string 11 | description = "(Optional) The name tag of the Security Gateway instances" 12 | default = "Check-Point-Gateway-tf" 13 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/common/version_license/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management", 10 | "mds", 11 | "standalone", 12 | "gwlb_gw"] 13 | // Will fail if var.chkp_type is invalid 14 | validate_chkp_type = index(local.type_allowed_values, var.chkp_type) 15 | } 16 | 17 | variable "version_license" { 18 | type = string 19 | description = "AWS Version license" 20 | } 21 | 22 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/custom-autoscale/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | asg_name = format("%s%s-servers", var.prefix != "" ? format("%s-", var.prefix) : "", var.asg_name) 3 | 4 | regex_valid_server_ami = "^(ami-(([0-9a-f]{8})|([0-9a-f]{17})))?$" 5 | // Will fail if var.server_ami is invalid 6 | regex_server_ami = regex(local.regex_valid_server_ami, var.server_ami) == var.server_ami ? 0 : "Amazon Machine Image ID must be in the form ami-xxxxxxxx or ami-xxxxxxxxxxxxxxxxx" 7 | 8 | provided_target_groups_condition = var.servers_target_groups != "" ? true : false 9 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/modules/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = aws_vpc.vpc.id 3 | } 4 | output "public_subnets_ids_list" { 5 | value = [for public_subnet in aws_subnet.public_subnets : public_subnet.id ] 6 | } 7 | output "private_subnets_ids_list" { 8 | value = [for private_subnet in aws_subnet.private_subnets : private_subnet.id] 9 | } 10 | output "tgw_subnets_ids_list" { 11 | value = [for tgw_subnet in aws_subnet.tgw_subnets : tgw_subnet.id] 12 | } 13 | output "public_rtb" { 14 | value = aws_route_table.public_subnet_rtb.id 15 | } 16 | output "aws_igw" { 17 | value = aws_internet_gateway.igw.id 18 | } 19 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/qs-autoscale-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/qs-autoscale/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/standalone-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/standalone/output.tf: -------------------------------------------------------------------------------- 1 | output "standalone_instance_id" { 2 | value = aws_instance.standalone-instance.id 3 | } 4 | output "standalone_instance_name" { 5 | value = aws_instance.standalone-instance.tags["Name"] 6 | } 7 | output "standalone_public_ip" { 8 | value = aws_instance.standalone-instance.public_ip 9 | } 10 | output "standalone_ssh" { 11 | value = format("ssh -i %s admin@%s", var.key_name, aws_instance.standalone-instance.public_ip) 12 | } 13 | output "standalone_url" { 14 | value = format("https://%s", aws_instance.standalone-instance.public_ip) 15 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/standalone/standalone_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" installationType=\"standalone\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"standalone\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" bootstrapScript64=\"${StandaloneBootstrapScript}\" -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/standalone/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/tgw-asg-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/tgw-asg/output.tf: -------------------------------------------------------------------------------- 1 | output "management_instance_name" { 2 | value = module.management[0].management_instance_name 3 | } 4 | output "configuration_template" { 5 | value = var.configuration_template 6 | } 7 | output "controller_name" { 8 | value = "tgw-controller" 9 | } 10 | output "management_public_ip" { 11 | value = module.management[0].management_public_ip 12 | } 13 | output "management_url" { 14 | value = module.management[0].management_url 15 | } 16 | output "autoscaling_group_name" { 17 | value = module.autoscale.autoscale_autoscaling_group_name 18 | } 19 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/tgw-asg/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/tgw-cross-az-cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/tgw-cross-az-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/tgw-gwlb-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/tgw-gwlb/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing instances configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | output "management_public_ip" { 5 | depends_on = [module.gwlb] 6 | value = module.gwlb[*].management_public_ip 7 | } 8 | output "gwlb_arn" { 9 | depends_on = [module.gwlb] 10 | value = module.gwlb[*].gwlb_arn 11 | } 12 | output "gwlb_service_name" { 13 | depends_on = [module.gwlb] 14 | value = module.gwlb[*].gwlb_service_name 15 | } 16 | output "gwlb_name" { 17 | value = var.gateway_load_balancer_name 18 | } 19 | output "controller_name" { 20 | value = "gwlb-controller" 21 | } 22 | output "template_name" { 23 | value = var.configuration_template 24 | } -------------------------------------------------------------------------------- /deprecated/terraform/aws/R81/tgw-gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/management-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/management-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/management-existing-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | managementGUIClientNetwork="${management_GUI_client_network}" 13 | enableApi="${enable_api}" 14 | adminShell="${admin_shell}" 15 | passwordHash="${serial_console_password_hash}" 16 | MaintenanceModePassword="${maintenance_mode_password_hash}" 17 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/management-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/management-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/management-new-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/management-new-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | managementGUIClientNetwork="${management_GUI_client_network}" 13 | enableApi="${enable_api}" 14 | adminShell="${admin_shell}" 15 | passwordHash="${serial_console_password_hash}" 16 | MaintenanceModePassword="${maintenance_mode_password_hash}" 17 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/management-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/mds-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/mds-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/mds-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/mds-new-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/mds-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/modules/common/main.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "resource_group" { 2 | name = var.resource_group_name 3 | location = var.location 4 | } 5 | 6 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/modules/common/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/modules/network-security-group/output.tf: -------------------------------------------------------------------------------- 1 | output "network_security_group_id" { 2 | value = azurerm_network_security_group.nsg.id 3 | } 4 | 5 | output "network_security_group_name" { 6 | value = azurerm_network_security_group.nsg.name 7 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/modules/network-security-group/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/modules/vnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vnet_id" { 2 | value = azurerm_virtual_network.vnet.id 3 | } 4 | 5 | output "vnet_name" { 6 | value = azurerm_virtual_network.vnet.name 7 | } 8 | 9 | output "vnet_location" { 10 | value = azurerm_virtual_network.vnet.location 11 | } 12 | 13 | output "vnet_address_space" { 14 | value = azurerm_virtual_network.vnet.address_space 15 | } 16 | 17 | output "vnet_subnets" { 18 | value = azurerm_subnet.subnet.*.id 19 | } 20 | 21 | output "subnet_prefixes" { 22 | value = var.subnet_prefixes 23 | } 24 | 25 | output "allocation_method" { 26 | value = var.allocation_method 27 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/modules/vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.5.0" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = " 3.79.0" 7 | } 8 | } 9 | } 10 | 11 | provider "azurerm" { 12 | subscription_id = var.subscription_id 13 | client_id = var.client_id 14 | client_secret = var.client_secret 15 | tenant_id = var.tenant_id 16 | features {} 17 | } 18 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.5.0" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = " 3.79.0" 7 | } 8 | } 9 | } 10 | 11 | provider "azurerm" { 12 | subscription_id = var.subscription_id 13 | client_id = var.client_id 14 | client_secret = var.client_secret 15 | tenant_id = var.tenant_id 16 | features {} 17 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | sicKey="${sic_key}" 13 | vnet="${vnet}" 14 | customMetrics="${enable_custom_metrics}" 15 | adminShell="${admin_shell}" 16 | passwordHash="${serial_console_password_hash}" 17 | MaintenanceModePassword="${maintenance_mode_password_hash}" 18 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } 13 | 14 | 15 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/vmss-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/azure_public_key -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/vmss-new-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | sicKey="${sic_key}" 13 | vnet="${vnet}" 14 | customMetrics="${enable_custom_metrics}" 15 | adminShell="${admin_shell}" 16 | passwordHash="${serial_console_password_hash}" 17 | MaintenanceModePassword="${maintenance_mode_password_hash}" 18 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/R8040-R81/vmss-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.81.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } 13 | 14 | 15 | -------------------------------------------------------------------------------- /deprecated/terraform/azure/README.md: -------------------------------------------------------------------------------- 1 | # Check Point Terraform deployment modules for Azure 2 | 3 | This project was developed to allow Terraform deployments for Check Point CloudGuard IaaS solutions on Azure. 4 | 5 | 6 | These modules use Terraform's [Azurerm provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) in order to create and provision resources on Azure. 7 | 8 | 9 | ## Prerequisites 10 | 11 | 1. [Download Terraform](https://www.terraform.io/downloads.html) and follow the instructions according to your OS. 12 | 2. Get started with Terraform Azurerm provider - refer to [Terraform Azurerm provider best practices](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs). -------------------------------------------------------------------------------- /deprecated/terraform/gcp/R8040-R81/common/cluster-member/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_member_name" { 2 | value = google_compute_instance.cluster_member.name 3 | } 4 | output "cluster_member_ip_address" { 5 | value = google_compute_address.member_ip_address.address 6 | } 7 | -------------------------------------------------------------------------------- /deprecated/terraform/gcp/R8040-R81/common/firewall-rule/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_firewall" "firewall_rules" { 2 | name = var.rule_name 3 | network = var.network[0] 4 | allow { 5 | protocol = var.protocol 6 | } 7 | source_ranges = var.source_ranges 8 | target_tags = [ 9 | "checkpoint-gateway"] 10 | } -------------------------------------------------------------------------------- /deprecated/terraform/gcp/R8040-R81/common/firewall-rule/output.tf: -------------------------------------------------------------------------------- 1 | output "firewall_rule_name" { 2 | value = google_compute_firewall.firewall_rules.name 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/gcp/R8040-R81/common/firewall-rule/variables.tf: -------------------------------------------------------------------------------- 1 | variable "protocol" { 2 | type = string 3 | description = "The IP protocol to which this rule applies." 4 | } 5 | variable "source_ranges" { 6 | type = list(string) 7 | description = "(Optional) Source IP ranges for the protocol traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable this protocol traffic." 8 | default = [] 9 | } 10 | variable "rule_name" { 11 | type = string 12 | description = "Firewall rule name." 13 | } 14 | variable "network" { 15 | type = list(string) 16 | description = "The name or self_link of the network to attach this firewall to." 17 | } -------------------------------------------------------------------------------- /deprecated/terraform/gcp/R8040-R81/common/members-a-b/output.tf: -------------------------------------------------------------------------------- 1 | output "member_a_name" { 2 | value = module.member_a.cluster_member_name 3 | } 4 | output "member_a_external_ip" { 5 | value = module.member_a.cluster_member_ip_address 6 | } 7 | 8 | output "member_b_name" { 9 | value = module.member_b.cluster_member_name 10 | } 11 | output "member_b_external_ip" { 12 | value = module.member_b.cluster_member_ip_address 13 | } -------------------------------------------------------------------------------- /deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/output.tf: -------------------------------------------------------------------------------- 1 | output "new_created_network_link" { 2 | value = google_compute_network.network[*].self_link 3 | } 4 | output "new_created_subnet_link" { 5 | value = google_compute_subnetwork.subnetwork[*].self_link 6 | } 7 | output "existing_network_link" { 8 | value = data.google_compute_network.network_name[*].self_link 9 | } 10 | output "new_created_network_name" { 11 | value = google_compute_network.network[*].name 12 | } 13 | output "new_created_subnet_name" { 14 | value = google_compute_subnetwork.subnetwork[*].name 15 | } 16 | output "existing_network_name" { 17 | value = data.google_compute_network.network_name[*].name 18 | } -------------------------------------------------------------------------------- /deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "SIC_key" { 2 | value = random_string.random_sic_key.result 3 | } 4 | output "ICMP_firewall_rules_name" { 5 | value = google_compute_firewall.ICMP_firewall_rules[*].name 6 | } 7 | output "TCP_firewall_rules_name" { 8 | value = google_compute_firewall.TCP_firewall_rules[*].name 9 | } 10 | output "UDP_firewall_rules_name" { 11 | value = google_compute_firewall.UDP_firewall_rules[*].name 12 | } 13 | output "SCTP_firewall_rules_name" { 14 | value = google_compute_firewall.SCTP_firewall_rules[*].name 15 | } 16 | output "ESP_firewall_rules_name" { 17 | value = google_compute_firewall.ESP_firewall_rules[*].name 18 | } -------------------------------------------------------------------------------- /deprecated/terraform/gcp/separate-single-and-autoscale/common/cluster-member/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_member_name" { 2 | value = google_compute_instance.cluster_member.name 3 | } 4 | output "cluster_member_ip_address" { 5 | value = google_compute_address.member_ip_address.address 6 | } 7 | -------------------------------------------------------------------------------- /deprecated/terraform/gcp/separate-single-and-autoscale/common/common/main.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /deprecated/terraform/gcp/separate-single-and-autoscale/common/common/output.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/deprecated/terraform/gcp/separate-single-and-autoscale/common/common/output.tf -------------------------------------------------------------------------------- /deprecated/terraform/gcp/separate-single-and-autoscale/common/firewall-rule/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_firewall" "firewall_rules" { 2 | name = var.rule_name 3 | network = var.network[0] 4 | allow { 5 | protocol = var.protocol 6 | } 7 | source_ranges = var.source_ranges 8 | target_tags = [ 9 | "checkpoint-gateway"] 10 | } -------------------------------------------------------------------------------- /deprecated/terraform/gcp/separate-single-and-autoscale/common/firewall-rule/output.tf: -------------------------------------------------------------------------------- 1 | output "firewall_rule_name" { 2 | value = google_compute_firewall.firewall_rules.name 3 | } -------------------------------------------------------------------------------- /deprecated/terraform/gcp/separate-single-and-autoscale/common/network-and-subnet/output.tf: -------------------------------------------------------------------------------- 1 | output "new_created_network_link" { 2 | value = google_compute_network.network[*].self_link 3 | } 4 | output "new_created_subnet_link" { 5 | value = google_compute_subnetwork.subnetwork[*].self_link 6 | } 7 | output "existing_network_link" { 8 | value = data.google_compute_network.network_name[*].self_link 9 | } 10 | output "new_created_network_name" { 11 | value = google_compute_network.network[*].name 12 | } 13 | output "new_created_subnet_name" { 14 | value = google_compute_subnetwork.subnetwork[*].name 15 | } 16 | output "existing_network_name" { 17 | value = data.google_compute_network.network_name[*].name 18 | } -------------------------------------------------------------------------------- /deprecated/terraform/gcp/separate-single-and-autoscale/single-into-existing-vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "SIC_key" { 2 | value = random_string.random_sic_key.result 3 | } 4 | output "ICMP_firewall_rules_name" { 5 | value = google_compute_firewall.ICMP_firewall_rules[*].name 6 | } 7 | output "TCP_firewall_rules_name" { 8 | value = google_compute_firewall.TCP_firewall_rules[*].name 9 | } 10 | output "UDP_firewall_rules_name" { 11 | value = google_compute_firewall.UDP_firewall_rules[*].name 12 | } 13 | output "SCTP_firewall_rules_name" { 14 | value = google_compute_firewall.SCTP_firewall_rules[*].name 15 | } 16 | output "ESP_firewall_rules_name" { 17 | value = google_compute_firewall.ESP_firewall_rules[*].name 18 | } -------------------------------------------------------------------------------- /gcp/deployment-packages/README.MD: -------------------------------------------------------------------------------- 1 | # Check Point CloudGuard IaaS GCP Deployment Manager packages 2 | This directory contains Check Point CloudGuard IaaS Deployment Manager packages for all the solutions available in the marketplace. 3 | 4 | # How to deploy the templates 5 | To deploy the Deployment Manager packages follow the instructions in the README.MD file in each directory. 6 | -------------------------------------------------------------------------------- /gcp/deployment-packages/autoscale-byol/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8120-gw-byol-mig-634-991001611-v20240613", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /gcp/deployment-packages/autoscale-payg/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8120-gw-payg-mig-634-991001611-v20240613", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /gcp/deployment-packages/ha-byol/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8120-gw-byol-cluster-634-991001611-v20240613", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /gcp/deployment-packages/ha-payg/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "MULTI_VM", 3 | "imageName": "check-point-r8120-gw-payg-cluster-634-991001611-v20240613", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /gcp/deployment-packages/single-byol/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "SINGLE_VM", 3 | "imageName": "check-point-r8120-gw-byol-single-634-991001611-v20240613", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /gcp/deployment-packages/single-payg/c2d_deployment_configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultDeploymentType": "SINGLE_VM", 3 | "imageName": "check-point-r8120-gw-payg-single-634-991001611-v20240613", 4 | "projectId": "checkpoint-public", 5 | "templateName": "nonexistent_template", 6 | "useSolutionPackage": "true" 7 | } 8 | -------------------------------------------------------------------------------- /terraform/.gitattributes: -------------------------------------------------------------------------------- 1 | *.sh text eol=lf -------------------------------------------------------------------------------- /terraform/.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | 11 | # JSON files under terraform/gcp/ directory 12 | gcp/*.json 13 | 14 | .idea 15 | -------------------------------------------------------------------------------- /terraform/alicloud/cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/alicloud/cluster/cluster_member_a_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py managementIpAddress=\"${ManagementIpAddress}\" sicKey=\"${SICKey}\" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" "smart1CloudToken=\"${TokenA}\"" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /terraform/alicloud/cluster/cluster_member_b_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py managementIpAddress=\"${ManagementIpAddress}\" sicKey=\"${SICKey}\" installationType=\"cluster\" osVersion=\"{OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" "smart1CloudToken=\"${TokenB}\"" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /terraform/alicloud/cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/alicloud/gateway-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/alicloud/gateway/output.tf: -------------------------------------------------------------------------------- 1 | output "image_id" { 2 | value = module.images.image_id 3 | } 4 | output "permissive_sg_id" { 5 | value = module.common_permissive_sg.permissive_sg_id 6 | } 7 | output "permissive_sg_name" { 8 | value = module.common_permissive_sg.permissive_sg_name 9 | } 10 | output "gateway_eip_id" { 11 | value = module.common_eip.instance_eip_id 12 | } 13 | output "gateway_eip_public_ip" { 14 | value = module.common_eip.instance_eip_public_ip 15 | } 16 | output "gateway_instance_id" { 17 | value = module.common_gateway_instance.gateway_instance_id 18 | } 19 | output "gateway_instance_name" { 20 | value = module.common_gateway_instance.gateway_instance_name 21 | } -------------------------------------------------------------------------------- /terraform/alicloud/gateway/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/alicloud/management-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/alicloud/management/management_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" primary=\"${IsPrimary}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" "overTheInternet=\"${GatewayManagement}\"" bootstrapScript64=\"${BootstrapScript}\" 5 | -------------------------------------------------------------------------------- /terraform/alicloud/management/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished" 3 | } 4 | 5 | output "image_id" { 6 | value = module.images.image_id 7 | } 8 | output "management_instance_id" { 9 | value = alicloud_instance.management_instance.id 10 | } 11 | output "management_instance_name" { 12 | value = alicloud_instance.management_instance.tags["Name"] 13 | } 14 | output "management_instance_tags" { 15 | value = alicloud_instance.management_instance.tags 16 | } 17 | output "management_public_ip" { 18 | value = module.common_eip.instance_eip_public_ip 19 | } -------------------------------------------------------------------------------- /terraform/alicloud/management/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/alicloud/modules/cluster-ram-role/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | ram_role_name = format("%s-ram-role-%s", var.gateway_name, random_id.ram_uuid.hex) 3 | ram_policy_name = format("%s-ram-policy-%s", var.gateway_name, random_id.ram_uuid.hex) 4 | 5 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/cluster-ram-role/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_ram_role" { 2 | value = alicloud_ram_role.ram_role.id 3 | } 4 | output "cluster_ram_role_name" { 5 | value = alicloud_ram_role.ram_role.name 6 | } 7 | output "cluster_ram_role_arn" { 8 | value = alicloud_ram_role.ram_role.arn 9 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/cluster-ram-role/variables.tf: -------------------------------------------------------------------------------- 1 | variable "gateway_name" { 2 | type = string 3 | description = "Gateway name" 4 | default = "tf-cluster" 5 | } 6 | -------------------------------------------------------------------------------- /terraform/alicloud/modules/cluster-ram-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/elastic_ip/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | allocate_and_associate_eip_condition = var.allocate_and_associate_eip == true ? 1 : 0 3 | // https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/eip_association#instance_type 4 | association_instance_type_allowed_values = [ 5 | "EcsInstance", 6 | "SlbInstance", 7 | "Nat", 8 | "NetworkInterface"] 9 | // Will fail if var.association_instance_type is invalid 10 | validate_association_instance_type = index(local.association_instance_type_allowed_values, var.association_instance_type) 11 | 12 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/elastic_ip/main.tf: -------------------------------------------------------------------------------- 1 | resource "alicloud_eip" "instance_eip" { 2 | count = local.allocate_and_associate_eip_condition 3 | address_name = var.eip_name 4 | } 5 | resource "alicloud_eip_association" "address_assoc" { 6 | count = local.allocate_and_associate_eip_condition 7 | allocation_id = alicloud_eip.instance_eip[count.index].id 8 | instance_id = var.instance_id 9 | instance_type = var.association_instance_type 10 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/elastic_ip/output.tf: -------------------------------------------------------------------------------- 1 | output "instance_eip_id" { 2 | value = alicloud_eip.instance_eip.*.id 3 | } 4 | output "instance_eip_public_ip" { 5 | value = alicloud_eip.instance_eip.*.ip_address 6 | } 7 | 8 | -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/elastic_ip/variables.tf: -------------------------------------------------------------------------------- 1 | variable "allocate_and_associate_eip" { 2 | type = bool 3 | description = "If set to TRUE, an elastic IP will be allocated and associated with the launched instance" 4 | default = true 5 | } 6 | 7 | variable "eip_name" { 8 | type = string 9 | description = "Elastic IP resource name" 10 | default = "tf-eip" 11 | } 12 | 13 | variable "instance_id" { 14 | type = string 15 | description = "The instance id of the cloud resource to bind the eip to" 16 | } 17 | 18 | variable "association_instance_type" { 19 | type = string 20 | description = "The type of cloud resource to bind the eip to" 21 | default = "EcsInstance" 22 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/elastic_ip/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/gateway_instance/gateway_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenKey}\"" installationType=\"gateway\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"gateway\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/gateway_instance/output.tf: -------------------------------------------------------------------------------- 1 | output "gateway_instance_id" { 2 | value = alicloud_instance.gateway_instance.id 3 | } 4 | output "gateway_instance_name" { 5 | value = alicloud_instance.gateway_instance.tags["Name"] 6 | } 7 | -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/gateway_instance/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/instance_type/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management" 10 | //"server" 11 | ] 12 | // Will fail if var.chkp_type is invalid 13 | validate_instance_type = index(local.type_allowed_values, var.chkp_type) 14 | } 15 | 16 | variable "instance_type" { 17 | type = string 18 | description = "Alicloud Instance type" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/instance_type/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/internal_default_route/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | internal_route_table_condition = var.private_route_table != "" ? 1 : 0 3 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/internal_default_route/main.tf: -------------------------------------------------------------------------------- 1 | resource "alicloud_route_entry" "internal_default_route" { 2 | count = local.internal_route_table_condition 3 | route_table_id = var.private_route_table 4 | destination_cidrblock = "0.0.0.0/0" 5 | nexthop_type = "NetworkInterface" 6 | nexthop_id = var.internal_eni_id 7 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/internal_default_route/output.tf: -------------------------------------------------------------------------------- 1 | output "internal_default_route_id" { 2 | value = alicloud_route_entry.internal_default_route.*.id 3 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/internal_default_route/variables.tf: -------------------------------------------------------------------------------- 1 | variable "private_route_table" { 2 | type = string 3 | description = "Sets '0.0.0.0/0' route to the Gateway instance in the specified route table (e.g. rtb-12a34567)" 4 | default="" 5 | } 6 | variable "internal_eni_id" { 7 | type = string 8 | description = "The internal-eni of the security gateway" 9 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/internal_default_route/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/permissive_sg/output.tf: -------------------------------------------------------------------------------- 1 | output "permissive_sg_id" { 2 | value = alicloud_security_group.permissive_sg.id 3 | } 4 | output "permissive_sg_name" { 5 | value = alicloud_security_group.permissive_sg.name 6 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/permissive_sg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id" { 2 | type = string 3 | } 4 | variable "resources_tag_name" { 5 | type = string 6 | description = "(Optional)" 7 | default = "" 8 | } 9 | variable "gateway_name" { 10 | type = string 11 | description = "(Optional) The name tag of the Security Gateway instances" 12 | default = "Check-Point-Gateway-tf" 13 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/permissive_sg/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/version_license/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | gw_versions = [ 3 | "R81.10-BYOL", 4 | "R81.20-BYOL" 5 | ] 6 | mgmt_versions = [ 7 | "R81.10-BYOL", 8 | "R81.20-BYOL" 9 | ] 10 | } 11 | 12 | locals { 13 | gw_values = var.chkp_type == "gateway" ? local.gw_versions : [] 14 | mgmt_values = var.chkp_type == "management" ? local.mgmt_versions : [] 15 | // standalone_values = var.chkp_type == "standalone" ? local.standalone_versions : [] 16 | allowed_values = coalescelist(local.gw_values, local.mgmt_values)//, local.standalone_values) 17 | is_allowed_type = index(local.allowed_values, var.version_license) 18 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/version_license/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management", 10 | "standalone",] 11 | // Will fail if var.chkp_type is invalid 12 | validate_chkp_type = index(local.type_allowed_values, var.chkp_type) 13 | } 14 | 15 | variable "version_license" { 16 | type = string 17 | description = "AliCloud Version license" 18 | } 19 | 20 | -------------------------------------------------------------------------------- /terraform/alicloud/modules/common/version_license/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/images/output.tf: -------------------------------------------------------------------------------- 1 | output "image_id" { 2 | value = local.image_id 3 | } 4 | output "version_license_with_sufix" { 5 | value = local.version_license_key 6 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/images/variables.tf: -------------------------------------------------------------------------------- 1 | data "alicloud_regions" "current" { 2 | current = true 3 | } 4 | locals { 5 | region = data.alicloud_regions.current.regions.0.id 6 | } 7 | 8 | // --- Version and license --- 9 | variable "chkp_type" { 10 | type = string 11 | description = "The Check Point machine type" 12 | default = "gateway" 13 | } 14 | 15 | variable "version_license" { 16 | type = string 17 | description = "Version and license" 18 | default = "R81.20-BYOL" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /terraform/alicloud/modules/images/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/vpc/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | regex_valid_cidr = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" 3 | 4 | // Will fail if var.vpc_cidr is invalid 5 | regex_vpc_cidr = regex(local.regex_valid_cidr, var.vpc_cidr) == var.vpc_cidr ? 0 : "Variable [vpc_cidr] must be a valid vpc cidr" 6 | } -------------------------------------------------------------------------------- /terraform/alicloud/modules/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = alicloud_vpc.vpc.id 3 | } 4 | output "vpc_name" { 5 | value = alicloud_vpc.vpc.name 6 | } 7 | output "public_vswitchs_ids_list" { 8 | value = [for public_vswitch in alicloud_vswitch.publicVsw : public_vswitch.id ] 9 | } 10 | output "management_vswitchs_ids_list" { 11 | value = [for management_vswitch in alicloud_vswitch.managementVsw : management_vswitch.id ] 12 | } 13 | output "private_vswitchs_ids_list" { 14 | value = [for private_vswitch in alicloud_vswitch.privateVsw : private_vswitch.id] 15 | } 16 | -------------------------------------------------------------------------------- /terraform/alicloud/modules/vpc/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | alicloud = { 5 | source = "hashicorp/alicloud" 6 | version = "1.203.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /terraform/aws/autoscale-gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/autoscale-master/asg_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${BootstrapScript}\" 5 | -------------------------------------------------------------------------------- /terraform/aws/autoscale-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/autoscale/asg_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${BootstrapScript}\" 5 | -------------------------------------------------------------------------------- /terraform/aws/autoscale/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/cluster/cluster_member_a_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberAPublicAddress}\" templateVersion=\"20241027\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /terraform/aws/cluster/cluster_member_b_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberBPublicAddress}\" templateVersion=\"20241027\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /terraform/aws/cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/cme-iam-role-gwlb/output.tf: -------------------------------------------------------------------------------- 1 | output "cme_iam_role_arn" { 2 | value = aws_iam_role.cme_iam_role_gwlb.arn 3 | } 4 | output "cme_iam_role_name" { 5 | value = aws_iam_role.cme_iam_role_gwlb.name 6 | } 7 | output "cme_iam_profile_name" { 8 | value = aws_iam_instance_profile.iam_instance_profile.name 9 | } 10 | output "cme_iam_profile_arn" { 11 | value = aws_iam_instance_profile.iam_instance_profile.arn 12 | } 13 | 14 | -------------------------------------------------------------------------------- /terraform/aws/cme-iam-role-gwlb/terraform.tfvars: -------------------------------------------------------------------------------- 1 | //PLEASE refer to README.md for accepted values FOR THE VARIABLES BELOW 2 | 3 | permissions = "Create with read permissions" 4 | sts_roles = [] 5 | trusted_account = "" -------------------------------------------------------------------------------- /terraform/aws/cme-iam-role-gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/aws/cme-iam-role/output.tf: -------------------------------------------------------------------------------- 1 | output "cme_iam_role_arn" { 2 | value = aws_iam_role.cme_iam_role.arn 3 | } 4 | output "cme_iam_role_name" { 5 | value = aws_iam_role.cme_iam_role.name 6 | } 7 | output "cme_iam_profile_name" { 8 | value = aws_iam_instance_profile.iam_instance_profile.name 9 | } 10 | output "cme_iam_profile_arn" { 11 | value = aws_iam_instance_profile.iam_instance_profile.arn 12 | } -------------------------------------------------------------------------------- /terraform/aws/cme-iam-role/terraform.tfvars: -------------------------------------------------------------------------------- 1 | //PLEASE refer to README.md for accepted values FOR THE VARIABLES BELOW 2 | 3 | permissions = "Create with read permissions" 4 | sts_roles = [] 5 | trusted_account = "" -------------------------------------------------------------------------------- /terraform/aws/cme-iam-role/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /terraform/aws/cross-az-cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/cross-az-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/gateway-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/gateway/output.tf: -------------------------------------------------------------------------------- 1 | output "ami_id" { 2 | value = module.amis.ami_id 3 | } 4 | output "permissive_sg_id" { 5 | value = module.common_permissive_sg.permissive_sg_id 6 | } 7 | output "permissive_sg_name" { 8 | value = module.common_permissive_sg.permissive_sg_name 9 | } 10 | output "gateway_url" { 11 | value = format("https://%s", module.common_eip.gateway_eip_public_ip[0]) 12 | } 13 | output "gateway_public_ip" { 14 | value = module.common_eip.gateway_eip_public_ip 15 | } 16 | output "gateway_instance_id" { 17 | value = module.common_gateway_instance.gateway_instance_id 18 | } 19 | output "gateway_instance_name" { 20 | value = module.common_gateway_instance.gateway_instance_name 21 | } -------------------------------------------------------------------------------- /terraform/aws/gateway/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/gwlb-master/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing instances configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | output "management_public_ip" { 5 | depends_on = [module.gwlb] 6 | value = module.gwlb[*].management_public_ip 7 | } 8 | output "gwlb_arn" { 9 | depends_on = [module.gwlb] 10 | value = module.gwlb[*].gwlb_arn 11 | } 12 | output "gwlb_service_name" { 13 | depends_on = [module.gwlb] 14 | value = module.gwlb[*].gwlb_service_name 15 | } 16 | output "gwlb_name" { 17 | value = var.gateway_load_balancer_name 18 | } 19 | output "controller_name" { 20 | value = "gwlb-controller" 21 | } 22 | output "template_name" { 23 | value = var.configuration_template 24 | } -------------------------------------------------------------------------------- /terraform/aws/gwlb-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/gwlb/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing instances configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | output "gwlb_arn" { 5 | value = module.gateway_load_balancer.load_balancer_arn 6 | } 7 | output "gwlb_service_name" { 8 | value = "com.amazonaws.vpce.${data.aws_region.current.name}.${aws_vpc_endpoint_service.gwlb_endpoint_service.id}" 9 | } 10 | output "management_public_ip" { 11 | depends_on = [module.management] 12 | value = module.management[*].management_public_ip 13 | } 14 | output "gwlb_name" { 15 | value = var.gateway_load_balancer_name 16 | } 17 | output "controller_name" { 18 | value = "gwlb-controller" 19 | } 20 | output "template_name" { 21 | value = var.configuration_template 22 | } -------------------------------------------------------------------------------- /terraform/aws/gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/management-master/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | 5 | output "management_instance_id" { 6 | value = aws_instance.management-instance.id 7 | } 8 | output "management_instance_name" { 9 | value = aws_instance.management-instance.tags["Name"] 10 | } 11 | output "management_instance_tags" { 12 | value = aws_instance.management-instance.tags 13 | } 14 | output "management_public_ip" { 15 | value = aws_instance.management-instance.public_ip 16 | } 17 | output "management_url" { 18 | value = format("https://%s", aws_instance.management-instance.public_ip) 19 | } -------------------------------------------------------------------------------- /terraform/aws/management-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/management/management_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" "management_installation_type=\"${ManagementInstallationType}\"" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" overTheInternet=\"${PubMgmt}\" bootstrapScript64=\"${BootstrapScript}\" -------------------------------------------------------------------------------- /terraform/aws/management/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | 5 | output "management_instance_id" { 6 | value = aws_instance.management-instance.id 7 | } 8 | output "management_instance_name" { 9 | value = aws_instance.management-instance.tags["Name"] 10 | } 11 | output "management_instance_tags" { 12 | value = aws_instance.management-instance.tags 13 | } 14 | output "management_public_ip" { 15 | value = aws_instance.management-instance.public_ip 16 | } 17 | output "management_url" { 18 | value = format("https://%s", aws_instance.management-instance.public_ip) 19 | } -------------------------------------------------------------------------------- /terraform/aws/management/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/mds-master/mds_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"mds\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"mds\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" primary=\"${IsPrimary}\" secondary=\"${IsSecondary}\" adminSubnet=\"${AdminSubnet}\" bootstrapScript64=\"${BootstrapScript}\" -------------------------------------------------------------------------------- /terraform/aws/mds-master/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | 5 | output "mds_instance_id" { 6 | value = aws_instance.mds-instance.id 7 | } 8 | output "mds_instance_name" { 9 | value = aws_instance.mds-instance.tags["Name"] 10 | } 11 | output "mds_instance_tags" { 12 | value = aws_instance.mds-instance.tags 13 | } -------------------------------------------------------------------------------- /terraform/aws/mds-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/mds/mds_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"mds\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"mds\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" primary=\"${IsPrimary}\" secondary=\"${IsSecondary}\" adminSubnet=\"${AdminSubnet}\" bootstrapScript64=\"${BootstrapScript}\" -------------------------------------------------------------------------------- /terraform/aws/mds/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | 5 | output "mds_instance_id" { 6 | value = aws_instance.mds-instance.id 7 | } 8 | output "mds_instance_name" { 9 | value = aws_instance.mds-instance.tags["Name"] 10 | } 11 | output "mds_instance_tags" { 12 | value = aws_instance.mds-instance.tags 13 | } -------------------------------------------------------------------------------- /terraform/aws/mds/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/modules/amis/output.tf: -------------------------------------------------------------------------------- 1 | output "ami_id" { 2 | value = local.ami_id 3 | } 4 | output "version_license_with_suffix" { 5 | value = local.version_license_key 6 | } -------------------------------------------------------------------------------- /terraform/aws/modules/amis/variables.tf: -------------------------------------------------------------------------------- 1 | variable "amis_url" { 2 | type = string 3 | description = "URL to amis.yaml" 4 | default = "https://cgi-cfts.s3.amazonaws.com/utils/amis.yaml" 5 | } 6 | 7 | data "http" "amis_yaml_http" { 8 | url = var.amis_url 9 | } 10 | 11 | data "aws_region" "current" {} 12 | locals { 13 | region = data.aws_region.current.name 14 | } 15 | 16 | // --- Version & License --- 17 | variable "chkp_type" { 18 | type = string 19 | description = "The Check Point machine type" 20 | default = "gateway" 21 | } 22 | variable "version_license" { 23 | type = string 24 | description = "Version and license" 25 | } 26 | 27 | -------------------------------------------------------------------------------- /terraform/aws/modules/cloudwatch-policy/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "policy_document" { 2 | version = "2012-10-17" 3 | statement { 4 | actions = ["cloudwatch:PutMetricData"] 5 | effect = "Allow" 6 | resources = ["*"] 7 | } 8 | } 9 | 10 | resource "aws_iam_policy" "policy" { 11 | name_prefix = format("%s-iam_policy", var.tag_name) 12 | policy = data.aws_iam_policy_document.policy_document.json 13 | } 14 | 15 | resource "aws_iam_role_policy_attachment" "attachment" { 16 | role = var.role 17 | policy_arn = aws_iam_policy.policy.arn 18 | } -------------------------------------------------------------------------------- /terraform/aws/modules/cloudwatch-policy/variables.tf: -------------------------------------------------------------------------------- 1 | variable "tag_name" { 2 | type = string 3 | description = "(Optional) IAM policy name prefix" 4 | default = "cloudwatch" 5 | } 6 | variable "role" { 7 | type = string 8 | description = "A IAM role to attach the cloudwatch policy to it" 9 | } -------------------------------------------------------------------------------- /terraform/aws/modules/cluster-iam-role/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_iam_role" { 2 | value = aws_iam_role.cluster_iam_role 3 | } 4 | output "cluster_iam_role_arn" { 5 | value = aws_iam_role.cluster_iam_role.arn 6 | } 7 | output "cluster_iam_role_name" { 8 | value = aws_iam_role.cluster_iam_role.name 9 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/elastic_ip/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | allocate_and_associate_eip_condition = var.allocate_and_associate_eip == true ? 1 : 0 3 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/elastic_ip/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_eip" "gateway_eip" { 2 | count = local.allocate_and_associate_eip_condition 3 | network_interface = var.external_eni_id 4 | } 5 | resource "aws_eip_association" "address_assoc" { 6 | count = local.allocate_and_associate_eip_condition 7 | allocation_id = aws_eip.gateway_eip[count.index].id 8 | network_interface_id = var.external_eni_id 9 | private_ip_address = var.private_ip_address 10 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/elastic_ip/output.tf: -------------------------------------------------------------------------------- 1 | output "gateway_eip_id" { 2 | value = aws_eip.gateway_eip.*.id 3 | } 4 | output "gateway_eip_public_ip" { 5 | value = aws_eip.gateway_eip.*.public_ip 6 | } 7 | output "gateway_eip_attached_instance" { 8 | value = aws_eip.gateway_eip.*.instance 9 | } 10 | -------------------------------------------------------------------------------- /terraform/aws/modules/common/elastic_ip/variables.tf: -------------------------------------------------------------------------------- 1 | variable "allocate_and_associate_eip" { 2 | type = bool 3 | description = "If set to TRUE, an elastic IP will be allocated and associated with the launched instance" 4 | default = true 5 | } 6 | variable "external_eni_id" { 7 | type = string 8 | description = "The external-eni of the security gateway" 9 | } 10 | variable "private_ip_address" { 11 | type = string 12 | description = "The primary or secondary private IP address to associate with the Elastic IP address. " 13 | } 14 | -------------------------------------------------------------------------------- /terraform/aws/modules/common/gateway_instance/gateway_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenKey}\"" installationType=\"gateway\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"gateway\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${GatewayBootstrapScript}\" -------------------------------------------------------------------------------- /terraform/aws/modules/common/gateway_instance/output.tf: -------------------------------------------------------------------------------- 1 | output "gateway_instance_id" { 2 | value = aws_instance.gateway_instance.id 3 | } 4 | output "gateway_instance_arn" { 5 | value = aws_instance.gateway_instance.arn 6 | } 7 | output "gateway_instance_name" { 8 | value = aws_instance.gateway_instance.tags["Name"] 9 | } 10 | -------------------------------------------------------------------------------- /terraform/aws/modules/common/instance_type/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management", 10 | "mds", 11 | "standalone", 12 | "server" 13 | ] 14 | // Will fail if var.chkp_type is invalid 15 | validate_instance_type = index(local.type_allowed_values, var.chkp_type) 16 | } 17 | 18 | variable "instance_type" { 19 | type = string 20 | description = "AWS Instance type" 21 | } 22 | 23 | -------------------------------------------------------------------------------- /terraform/aws/modules/common/internal_default_route/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | internal_route_table_condition = var.private_route_table != "" ? 1 : 0 3 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/internal_default_route/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route" "internal_default_route" { 2 | count = local.internal_route_table_condition 3 | route_table_id = var.private_route_table 4 | destination_cidr_block = "0.0.0.0/0" 5 | network_interface_id = var.internal_eni_id 6 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/internal_default_route/output.tf: -------------------------------------------------------------------------------- 1 | output "internal_default_route_id" { 2 | value = aws_route.internal_default_route.*.id 3 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/internal_default_route/variables.tf: -------------------------------------------------------------------------------- 1 | variable "private_route_table" { 2 | type = string 3 | description = "Sets '0.0.0.0/0' route to the Gateway instance in the specified route table (e.g. rtb-12a34567)" 4 | default="" 5 | } 6 | variable "internal_eni_id" { 7 | type = string 8 | description = "The internal-eni of the security gateway" 9 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/load_balancer/output.tf: -------------------------------------------------------------------------------- 1 | output "load_balancer_id" { 2 | value = aws_lb.load_balancer.id 3 | } 4 | output "load_balancer_arn" { 5 | value = aws_lb.load_balancer.arn 6 | } 7 | output "load_balancer_url" { 8 | value = aws_lb.load_balancer.dns_name 9 | } 10 | output "target_group_id" { 11 | value = aws_lb_target_group.lb_target_group.id 12 | } 13 | output "target_group_arn" { 14 | value = aws_lb_target_group.lb_target_group.arn 15 | } 16 | output "load_balancer_tags" { 17 | value = aws_lb.load_balancer.tags 18 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/permissive_sg/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "permissive_sg" { 2 | description = "Permissive security group" 3 | vpc_id = var.vpc_id 4 | egress { 5 | from_port = 0 6 | to_port = 0 7 | protocol = "-1" 8 | cidr_blocks = ["0.0.0.0/0"] 9 | } 10 | ingress { 11 | from_port = 0 12 | to_port = 0 13 | protocol = "-1" 14 | cidr_blocks = ["0.0.0.0/0"] 15 | } 16 | name_prefix = format("%s-PermissiveSecurityGroup", var.resources_tag_name != "" ? var.resources_tag_name : var.gateway_name) // Group name 17 | tags = { 18 | Name = format("%s-PermissiveSecurityGroup", var.resources_tag_name != "" ? var.resources_tag_name : var.gateway_name) // Resource name 19 | } 20 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/permissive_sg/output.tf: -------------------------------------------------------------------------------- 1 | output "permissive_sg_id" { 2 | value = aws_security_group.permissive_sg.id 3 | } 4 | output "permissive_sg_name" { 5 | value = aws_security_group.permissive_sg.name 6 | } 7 | output "permissive_sg_arn" { 8 | value = aws_security_group.permissive_sg.arn 9 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/permissive_sg/variables.tf: -------------------------------------------------------------------------------- 1 | variable "vpc_id" { 2 | type = string 3 | } 4 | variable "resources_tag_name" { 5 | type = string 6 | description = "(Optional)" 7 | default = "" 8 | } 9 | variable "gateway_name" { 10 | type = string 11 | description = "(Optional) The name tag of the Security Gateway instances" 12 | default = "Check-Point-Gateway-tf" 13 | } -------------------------------------------------------------------------------- /terraform/aws/modules/common/version_license/variables.tf: -------------------------------------------------------------------------------- 1 | variable "chkp_type" { 2 | type = string 3 | description = "The Check Point machine type" 4 | default = "gateway" 5 | } 6 | locals { 7 | type_allowed_values = [ 8 | "gateway", 9 | "management", 10 | "mds", 11 | "standalone", 12 | "gwlb_gw"] 13 | // Will fail if var.chkp_type is invalid 14 | validate_chkp_type = index(local.type_allowed_values, var.chkp_type) 15 | } 16 | 17 | variable "version_license" { 18 | type = string 19 | description = "AWS Version license" 20 | } 21 | 22 | -------------------------------------------------------------------------------- /terraform/aws/modules/custom-autoscale/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | asg_name = format("%s%s-servers", var.prefix != "" ? format("%s-", var.prefix) : "", var.asg_name) 3 | 4 | regex_valid_server_ami = "^(ami-(([0-9a-f]{8})|([0-9a-f]{17})))?$" 5 | // Will fail if var.server_ami is invalid 6 | regex_server_ami = regex(local.regex_valid_server_ami, var.server_ami) == var.server_ami ? 0 : "Amazon Machine Image ID must be in the form ami-xxxxxxxx or ami-xxxxxxxxxxxxxxxxx" 7 | 8 | provided_target_groups_condition = var.servers_target_groups != "" ? true : false 9 | } -------------------------------------------------------------------------------- /terraform/aws/modules/custom-autoscale/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = aws_vpc.vpc.id 3 | } 4 | output "public_subnets_ids_list" { 5 | value = [for public_subnet in aws_subnet.public_subnets : public_subnet.id ] 6 | } 7 | output "private_subnets_ids_list" { 8 | value = [for private_subnet in aws_subnet.private_subnets : private_subnet.id] 9 | } 10 | output "public_rtb" { 11 | value = aws_route_table.public_subnet_rtb.id 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/modules/vpc/output.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = aws_vpc.vpc.id 3 | } 4 | output "public_subnets_ids_list" { 5 | value = [for public_subnet in aws_subnet.public_subnets : public_subnet.id ] 6 | } 7 | output "private_subnets_ids_list" { 8 | value = [for private_subnet in aws_subnet.private_subnets : private_subnet.id] 9 | } 10 | output "tgw_subnets_ids_list" { 11 | value = [for tgw_subnet in aws_subnet.tgw_subnets : tgw_subnet.id] 12 | } 13 | output "public_rtb" { 14 | value = aws_route_table.public_subnet_rtb.id 15 | } 16 | output "aws_igw" { 17 | value = aws_internet_gateway.igw.id 18 | } 19 | -------------------------------------------------------------------------------- /terraform/aws/qs-autoscale-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/qs-autoscale/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/standalone-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/aws/standalone/output.tf: -------------------------------------------------------------------------------- 1 | output "standalone_instance_id" { 2 | value = aws_instance.standalone-instance.id 3 | } 4 | output "standalone_instance_name" { 5 | value = aws_instance.standalone-instance.tags["Name"] 6 | } 7 | output "standalone_public_ip" { 8 | value = aws_instance.standalone-instance.public_ip 9 | } 10 | output "standalone_ssh" { 11 | value = format("ssh -i %s admin@%s", var.key_name, aws_instance.standalone-instance.public_ip) 12 | } 13 | output "standalone_url" { 14 | value = format("https://%s", aws_instance.standalone-instance.public_ip) 15 | } -------------------------------------------------------------------------------- /terraform/aws/standalone/standalone_userdata.yaml: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | runcmd: 3 | - | 4 | python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" installationType=\"standalone\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"standalone\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" bootstrapScript64=\"${StandaloneBootstrapScript}\" -------------------------------------------------------------------------------- /terraform/aws/standalone/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/aws/tap/Check Point NOW onboarding page.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/aws/tap/Check Point NOW onboarding page.docx -------------------------------------------------------------------------------- /terraform/aws/tap/CheckPoint_NOW_onboarding_page.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/aws/tap/CheckPoint_NOW_onboarding_page.pdf -------------------------------------------------------------------------------- /terraform/aws/tap/terraform.tfvars: -------------------------------------------------------------------------------- 1 | //PLEASE refer to README.md for accepted values FOR THE VARIABLES BELOW 2 | 3 | // --- VPC Network Configuration --- 4 | vpc_id = "vpc-12345678" 5 | external_subnet_id = "subnet-abc123" 6 | internal_subnet_id = "subnet-def456" 7 | resources_tag_name = "env1" 8 | 9 | // --- TAP Configuration --- 10 | registration_key = "10:10:10:10:10:10" 11 | vxlan_id = 10 12 | blacklist_tags = { 13 | env = "staging" 14 | state = "stable" 15 | } 16 | schedule_scan_interval = 60 17 | 18 | // --- EC2 Instance Configuration --- 19 | instance_name = "tap-gateway" 20 | instance_type = "c5.xlarge" 21 | key_name = "publickey" 22 | -------------------------------------------------------------------------------- /terraform/aws/tgw-asg-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/tgw-asg/output.tf: -------------------------------------------------------------------------------- 1 | output "management_instance_name" { 2 | value = module.management[0].management_instance_name 3 | } 4 | output "configuration_template" { 5 | value = var.configuration_template 6 | } 7 | output "controller_name" { 8 | value = "tgw-controller" 9 | } 10 | output "management_public_ip" { 11 | value = module.management[0].management_public_ip 12 | } 13 | output "management_url" { 14 | value = module.management[0].management_url 15 | } 16 | output "autoscaling_group_name" { 17 | value = module.autoscale.autoscale_autoscaling_group_name 18 | } 19 | -------------------------------------------------------------------------------- /terraform/aws/tgw-asg/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/tgw-cross-az-cluster-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/tgw-cross-az-cluster/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/tgw-gwlb-master/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing instances configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | output "management_public_ip" { 5 | depends_on = [module.tgw-gwlb] 6 | value = module.tgw-gwlb[*].management_public_ip 7 | } 8 | output "gwlb_arn" { 9 | depends_on = [module.tgw-gwlb] 10 | value = module.tgw-gwlb[*].gwlb_arn 11 | } 12 | output "gwlb_service_name" { 13 | depends_on = [module.tgw-gwlb] 14 | value = module.tgw-gwlb[*].gwlb_service_name 15 | } 16 | output "gwlb_name" { 17 | value = var.gateway_load_balancer_name 18 | } 19 | output "controller_name" { 20 | value = "gwlb-controller" 21 | } 22 | output "template_name" { 23 | value = var.configuration_template 24 | } -------------------------------------------------------------------------------- /terraform/aws/tgw-gwlb-master/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/aws/tgw-gwlb/output.tf: -------------------------------------------------------------------------------- 1 | output "Deployment" { 2 | value = "Finalizing instances configuration may take up to 20 minutes after deployment is finished." 3 | } 4 | output "management_public_ip" { 5 | depends_on = [module.gwlb] 6 | value = module.gwlb[*].management_public_ip 7 | } 8 | output "gwlb_arn" { 9 | depends_on = [module.gwlb] 10 | value = module.gwlb[*].gwlb_arn 11 | } 12 | output "gwlb_service_name" { 13 | depends_on = [module.gwlb] 14 | value = module.gwlb[*].gwlb_service_name 15 | } 16 | output "gwlb_name" { 17 | value = var.gateway_load_balancer_name 18 | } 19 | output "controller_name" { 20 | value = "gwlb-controller" 21 | } 22 | output "template_name" { 23 | value = var.configuration_template 24 | } -------------------------------------------------------------------------------- /terraform/aws/tgw-gwlb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | aws = { 5 | source = "hashicorp/aws" 6 | version = "~> 5.20.0" 7 | } 8 | http = { 9 | version = "~> 3.4.0" 10 | } 11 | random = { 12 | version = "~> 3.5.1" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/azure/high-availability-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/high-availability-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/high-availability-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/azure/high-availability-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/high-availability-new-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/high-availability-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/azure/management-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/management-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/management-existing-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | managementGUIClientNetwork="${management_GUI_client_network}" 13 | enableApi="${enable_api}" 14 | adminShell="${admin_shell}" 15 | passwordHash="${serial_console_password_hash}" 16 | MaintenanceModePassword="${maintenance_mode_password_hash}" 17 | -------------------------------------------------------------------------------- /terraform/azure/management-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/azure/management-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/management-new-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/management-new-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | managementGUIClientNetwork="${management_GUI_client_network}" 13 | enableApi="${enable_api}" 14 | adminShell="${admin_shell}" 15 | passwordHash="${serial_console_password_hash}" 16 | MaintenanceModePassword="${maintenance_mode_password_hash}" 17 | -------------------------------------------------------------------------------- /terraform/azure/management-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/azure/mds-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/mds-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/mds-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/azure/mds-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/mds-new-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/mds-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /terraform/azure/modules/common/main.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_resource_group" "resource_group" { 2 | name = var.resource_group_name 3 | location = var.location 4 | } 5 | 6 | -------------------------------------------------------------------------------- /terraform/azure/modules/common/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /terraform/azure/modules/network-security-group/output.tf: -------------------------------------------------------------------------------- 1 | output "network_security_group_id" { 2 | value = azurerm_network_security_group.nsg.id 3 | } 4 | 5 | output "network_security_group_name" { 6 | value = azurerm_network_security_group.nsg.name 7 | } -------------------------------------------------------------------------------- /terraform/azure/modules/network-security-group/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /terraform/azure/modules/vnet/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vnet_id" { 2 | value = azurerm_virtual_network.vnet.id 3 | } 4 | 5 | output "vnet_name" { 6 | value = azurerm_virtual_network.vnet.name 7 | } 8 | 9 | output "vnet_location" { 10 | value = azurerm_virtual_network.vnet.location 11 | } 12 | 13 | output "vnet_address_space" { 14 | value = azurerm_virtual_network.vnet.address_space 15 | } 16 | 17 | output "vnet_subnets" { 18 | value = azurerm_subnet.subnet.*.id 19 | } 20 | 21 | output "subnet_prefixes" { 22 | value = var.subnet_prefixes 23 | } 24 | 25 | output "allocation_method" { 26 | value = var.allocation_method 27 | } -------------------------------------------------------------------------------- /terraform/azure/modules/vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | } -------------------------------------------------------------------------------- /terraform/azure/single-gateway-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/single-gateway-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/single-gateway-existing-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | adminShell="${admin_shell}" 13 | sicKey="${sic_key}" 14 | managementGUIClientNetwork="${management_GUI_client_network}" 15 | smart1CloudToken="${smart_1_cloud_token}" 16 | customMetrics="${enable_custom_metrics}" 17 | passwordHash="${serial_console_password_hash}" 18 | MaintenanceModePassword="${maintenance_mode_password_hash}" -------------------------------------------------------------------------------- /terraform/azure/single-gateway-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/azure/single-gateway-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/single-gateway-new-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/single-gateway-new-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | adminShell="${admin_shell}" 13 | sicKey="${sic_key}" 14 | managementGUIClientNetwork="${management_GUI_client_network}" 15 | smart1CloudToken="${smart_1_cloud_token}" 16 | customMetrics="${enable_custom_metrics}" 17 | passwordHash="${serial_console_password_hash}" 18 | MaintenanceModePassword="${maintenance_mode_password_hash}" -------------------------------------------------------------------------------- /terraform/azure/single-gateway-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /terraform/azure/vmss-existing-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/vmss-existing-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/vmss-existing-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | sicKey="${sic_key}" 13 | vnet="${vnet}" 14 | customMetrics="${enable_custom_metrics}" 15 | adminShell="${admin_shell}" 16 | passwordHash="${serial_console_password_hash}" 17 | MaintenanceModePassword="${maintenance_mode_password_hash}" 18 | -------------------------------------------------------------------------------- /terraform/azure/vmss-existing-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } 13 | 14 | 15 | -------------------------------------------------------------------------------- /terraform/azure/vmss-new-vnet/azure_public_key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/azure/vmss-new-vnet/azure_public_key -------------------------------------------------------------------------------- /terraform/azure/vmss-new-vnet/cloud-init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 /etc/cloud_config.py 2 | 3 | installationType="${installation_type}" 4 | allowUploadDownload="${allow_upload_download}" 5 | osVersion="${os_version}" 6 | templateName="${template_name}" 7 | templateVersion="${template_version}" 8 | templateType="${template_type}" 9 | isBlink="${is_blink}" 10 | bootstrapScript64="${bootstrap_script64}" 11 | location="${location}" 12 | sicKey="${sic_key}" 13 | vnet="${vnet}" 14 | customMetrics="${enable_custom_metrics}" 15 | adminShell="${admin_shell}" 16 | passwordHash="${serial_console_password_hash}" 17 | MaintenanceModePassword="${maintenance_mode_password_hash}" 18 | -------------------------------------------------------------------------------- /terraform/azure/vmss-new-vnet/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14.3" 3 | required_providers { 4 | azurerm = { 5 | source = "hashicorp/azurerm" 6 | version = "~> 3.90.0" 7 | } 8 | random = { 9 | version = "~> 3.5.1" 10 | } 11 | } 12 | } 13 | 14 | 15 | -------------------------------------------------------------------------------- /terraform/gcp/README.md: -------------------------------------------------------------------------------- 1 | # Check Point Terraform deployment modules for Google Cloud Platform 2 | 3 | This project was developed to allow Terraform deployments for Check Point CloudGuard IaaS solutions on GCP. 4 | 5 | 6 | These modules use Terraform's [Google Cloud Platform provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs) in order to create and provision resources on GCP. 7 | 8 | 9 | ## Prerequisites 10 | 11 | 1. [Download Terraform](https://www.terraform.io/downloads.html) and follow the instructions according to your OS. 12 | 2. Get started with Terraform GCP provider - refer to [Terraform GCP provider best practices](https://registry.terraform.io/providers/hashicorp/google/latest/docs). -------------------------------------------------------------------------------- /terraform/gcp/autoscale/locals.tf: -------------------------------------------------------------------------------- 1 | locals{ 2 | create_external_network_condition = var.external_network_cidr == "" ? false : true 3 | create_internal_network_condition = var.internal_network_cidr == "" ? false : true 4 | ICMP_traffic_condition = length(var.ICMP_traffic) == 0 ? false : true 5 | TCP_traffic_condition = length(var.TCP_traffic) == 0 ? false : true 6 | UDP_traffic_condition = length(var.UDP_traffic) == 0 ? false : true 7 | SCTP_traffic_condition = length(var.SCTP_traffic) == 0 ? false : true 8 | ESP_traffic_condition = length(var.ESP_traffic) == 0 ? false : true 9 | } -------------------------------------------------------------------------------- /terraform/gcp/autoscale/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | google = { 5 | source = "hashicorp/google" 6 | version = ">= 3.53, < 5.0" 7 | } 8 | 9 | random = { 10 | source = "hashicorp/random" 11 | version = "~>3.4" 12 | } 13 | } 14 | 15 | provider_meta "google" { 16 | module_name = "blueprints/terraform/canonical-mp/v0.0.1" 17 | } 18 | } -------------------------------------------------------------------------------- /terraform/gcp/common/autoscale-common/output.tf: -------------------------------------------------------------------------------- 1 | output "SIC_key" { 2 | value = random_string.random_sic_key.result 3 | } 4 | output "management_name" { 5 | value = var.management_name 6 | } 7 | output "configuration_template_name" { 8 | value = var.configuration_template_name 9 | } 10 | output "instance_template_name" { 11 | value = google_compute_instance_template.instance_template.name 12 | } 13 | output "instance_group_manager_name" { 14 | value = google_compute_region_instance_group_manager.instance_group_manager.name 15 | } 16 | output "autoscaler_name" { 17 | value = google_compute_region_autoscaler.autoscaler.name 18 | } -------------------------------------------------------------------------------- /terraform/gcp/common/cluster-member/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_member_name" { 2 | value = google_compute_instance.cluster_member.name 3 | } 4 | output "cluster_member_ip_address" { 5 | value = google_compute_address.member_ip_address.address 6 | } 7 | -------------------------------------------------------------------------------- /terraform/gcp/common/common/main.tf: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /terraform/gcp/common/common/output.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/00c0df4af7c38c6f78bf33343991469fa1982f9a/terraform/gcp/common/common/output.tf -------------------------------------------------------------------------------- /terraform/gcp/common/firewall-rule/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_compute_firewall" "firewall_rules" { 2 | name = var.rule_name 3 | network = var.network[0] 4 | allow { 5 | protocol = var.protocol 6 | } 7 | source_ranges = var.source_ranges 8 | target_tags = var.target_tags 9 | } -------------------------------------------------------------------------------- /terraform/gcp/common/firewall-rule/output.tf: -------------------------------------------------------------------------------- 1 | output "firewall_rule_name" { 2 | value = google_compute_firewall.firewall_rules.name 3 | } -------------------------------------------------------------------------------- /terraform/gcp/common/members-a-b/output.tf: -------------------------------------------------------------------------------- 1 | output "member_a_name" { 2 | value = module.member_a.cluster_member_name 3 | } 4 | output "member_a_external_ip" { 5 | value = module.member_a.cluster_member_ip_address 6 | } 7 | 8 | output "member_b_name" { 9 | value = module.member_b.cluster_member_name 10 | } 11 | output "member_b_external_ip" { 12 | value = module.member_b.cluster_member_ip_address 13 | } -------------------------------------------------------------------------------- /terraform/gcp/common/network-and-subnet/output.tf: -------------------------------------------------------------------------------- 1 | output "new_created_network_link" { 2 | value = google_compute_network.network[*].self_link 3 | } 4 | output "new_created_subnet_link" { 5 | value = google_compute_subnetwork.subnetwork[*].self_link 6 | } 7 | output "existing_network_link" { 8 | value = data.google_compute_network.network_name[*].self_link 9 | } 10 | output "new_created_network_name" { 11 | value = google_compute_network.network[*].name 12 | } 13 | output "new_created_subnet_name" { 14 | value = google_compute_subnetwork.subnetwork[*].name 15 | } 16 | output "existing_network_name" { 17 | value = data.google_compute_network.network_name[*].name 18 | } -------------------------------------------------------------------------------- /terraform/gcp/common/single-common/output.tf: -------------------------------------------------------------------------------- 1 | output "external_nat_ip" { 2 | value = google_compute_instance.gateway.network_interface[0].access_config[0].nat_ip 3 | } -------------------------------------------------------------------------------- /terraform/gcp/high-availability/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | google = { 5 | source = "hashicorp/google" 6 | version = ">= 3.53, < 5.0" 7 | } 8 | 9 | random = { 10 | source = "hashicorp/random" 11 | version = "~>3.4" 12 | } 13 | } 14 | 15 | provider_meta "google" { 16 | module_name = "blueprints/terraform/canonical-mp/v0.0.1" 17 | } 18 | } -------------------------------------------------------------------------------- /terraform/gcp/single/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | google = { 5 | source = "hashicorp/google" 6 | version = ">= 3.53, < 5.0" 7 | } 8 | 9 | random = { 10 | source = "hashicorp/random" 11 | version = "~>3.4" 12 | } 13 | } 14 | 15 | provider_meta "google" { 16 | module_name = "blueprints/terraform/canonical-mp/v0.0.1" 17 | } 18 | } --------------------------------------------------------------------------------