├── README.md ├── Version-1.1 ├── README.md ├── Release Notes_AWS_CFT_v1.1.pdf ├── bootstrap.xml ├── clear-log-groups.sh ├── firewall.template ├── iam-policy.json ├── init-cfg.txt ├── panw-aws.zip ├── vpc-alb-v1.1.template └── vpc-classic-v1.1.template ├── Version-1.2 ├── README.md ├── Release Notes_AWS_CFT_v1.2.2.pdf ├── bootstrap.xml ├── cft_elb.png ├── clear-log-groups.sh ├── firewall.template ├── iam-policy.json ├── init-cfg.txt ├── panw-aws.zip ├── vpc-alb-v1.2.1.template └── vpc-classic-v1.2.1.template ├── Version-2.0 ├── README.md ├── Release_Notes_AWS_AutoScaling_2_0_1.pdf ├── bootstrap.xml ├── cft_elb20.png ├── clear-log-groups.sh ├── firewall-v2.0.template ├── iam-policy.json ├── init-cfg.txt ├── lambda-docs │ ├── Makefile │ ├── README.md │ ├── build │ │ ├── .buildinfo │ │ ├── .doctrees │ │ │ ├── arch.doctree │ │ │ ├── cft_code.dnslib.doctree │ │ │ ├── cft_code.doctree │ │ │ ├── cft_code.lib.doctree │ │ │ ├── cft_code.lib.pan.doctree │ │ │ ├── environment.pickle │ │ │ ├── index.doctree │ │ │ ├── intro.doctree │ │ │ └── modules.doctree │ │ ├── _images │ │ │ ├── aws.png │ │ │ ├── graphviz-0143ea4bbf2cd9669c5b03b29f9bb753287b8401.png │ │ │ ├── graphviz-0143ea4bbf2cd9669c5b03b29f9bb753287b8401.png.map │ │ │ ├── graphviz-1cf7d329756dd56506cc0e71d64071af01cc9670.png │ │ │ ├── graphviz-1cf7d329756dd56506cc0e71d64071af01cc9670.png.map │ │ │ ├── graphviz-24c04060d1fa981569ba702761142526c0144ad1.png │ │ │ ├── graphviz-24c04060d1fa981569ba702761142526c0144ad1.png.map │ │ │ ├── graphviz-2a296e5d080624062a6794ecfa6a2058fed13969.png │ │ │ ├── graphviz-2a296e5d080624062a6794ecfa6a2058fed13969.png.map │ │ │ ├── graphviz-2afb37a1576b94b53c6b7a710542d4b74aa09255.png │ │ │ ├── graphviz-2afb37a1576b94b53c6b7a710542d4b74aa09255.png.map │ │ │ ├── graphviz-31f85d04d8d238e3173eaa3781b9f329b5dc69e0.png │ │ │ ├── graphviz-31f85d04d8d238e3173eaa3781b9f329b5dc69e0.png.map │ │ │ ├── graphviz-5ee8f410d003194c51a302c9603cbe1a0bfea474.png │ │ │ ├── graphviz-5ee8f410d003194c51a302c9603cbe1a0bfea474.png.map │ │ │ ├── graphviz-67bb755b48e1fced5bbcb152db25a25cd9c17d7a.png │ │ │ ├── graphviz-67bb755b48e1fced5bbcb152db25a25cd9c17d7a.png.map │ │ │ ├── graphviz-79fe9d454910636a86978c7900314940ba98d50f.png │ │ │ ├── graphviz-79fe9d454910636a86978c7900314940ba98d50f.png.map │ │ │ ├── graphviz-a9f2ae8b27d718865a221be10c5df80443de3cfb.png │ │ │ ├── graphviz-a9f2ae8b27d718865a221be10c5df80443de3cfb.png.map │ │ │ ├── graphviz-b0769ad1f725b2fd82532bde5559a6d71bd80f16.png │ │ │ ├── graphviz-b0769ad1f725b2fd82532bde5559a6d71bd80f16.png.map │ │ │ ├── graphviz-c30b5f31226abd179f45b0575bd41a21d32603de.png │ │ │ ├── graphviz-c30b5f31226abd179f45b0575bd41a21d32603de.png.map │ │ │ ├── graphviz-c7ccbaf3c58cf3a9c0414d21d6b927ccbfec0f63.png │ │ │ ├── graphviz-c7ccbaf3c58cf3a9c0414d21d6b927ccbfec0f63.png.map │ │ │ ├── graphviz-e24554cd90c6e61490938b82c01abe6a3793a51f.png │ │ │ ├── graphviz-e24554cd90c6e61490938b82c01abe6a3793a51f.png.map │ │ │ ├── graphviz-e3fb370fdccbc3c00bb052066495841d8c92e8bb.png │ │ │ ├── graphviz-e3fb370fdccbc3c00bb052066495841d8c92e8bb.png.map │ │ │ ├── graphviz-eb852a609a013959a5581cd67ceb17cb3be1e83a.png │ │ │ └── graphviz-eb852a609a013959a5581cd67ceb17cb3be1e83a.png.map │ │ ├── _sources │ │ │ ├── arch.rst.txt │ │ │ ├── cft_code.dnslib.rst.txt │ │ │ ├── cft_code.lib.pan.rst.txt │ │ │ ├── cft_code.lib.rst.txt │ │ │ ├── cft_code.rst.txt │ │ │ ├── index.rst.txt │ │ │ ├── intro.rst.txt │ │ │ └── modules.rst.txt │ │ ├── _static │ │ │ ├── ajax-loader.gif │ │ │ ├── basic.css │ │ │ ├── comment-bright.png │ │ │ ├── comment-close.png │ │ │ ├── comment.png │ │ │ ├── css │ │ │ │ ├── badge_only.css │ │ │ │ └── theme.css │ │ │ ├── doctools.js │ │ │ ├── down-pressed.png │ │ │ ├── down.png │ │ │ ├── file.png │ │ │ ├── fonts │ │ │ │ ├── Inconsolata-Bold.ttf │ │ │ │ ├── Inconsolata-Regular.ttf │ │ │ │ ├── Lato-Bold.ttf │ │ │ │ ├── Lato-Regular.ttf │ │ │ │ ├── RobotoSlab-Bold.ttf │ │ │ │ ├── RobotoSlab-Regular.ttf │ │ │ │ ├── fontawesome-webfont.eot │ │ │ │ ├── fontawesome-webfont.svg │ │ │ │ ├── fontawesome-webfont.ttf │ │ │ │ └── fontawesome-webfont.woff │ │ │ ├── jquery-3.1.0.js │ │ │ ├── jquery.js │ │ │ ├── js │ │ │ │ ├── modernizr.min.js │ │ │ │ └── theme.js │ │ │ ├── minus.png │ │ │ ├── plus.png │ │ │ ├── pygments.css │ │ │ ├── searchtools.js │ │ │ ├── underscore-1.3.1.js │ │ │ ├── underscore.js │ │ │ ├── up-pressed.png │ │ │ ├── up.png │ │ │ └── websupport.js │ │ ├── arch.html │ │ ├── cft_code.dnslib.html │ │ ├── cft_code.html │ │ ├── cft_code.lib.html │ │ ├── cft_code.lib.pan.html │ │ ├── genindex.html │ │ ├── index.html │ │ ├── intro.html │ │ ├── modules.html │ │ ├── objects.inv │ │ ├── py-modindex.html │ │ ├── search.html │ │ └── searchindex.js │ ├── cft_code │ │ ├── __init__.py │ │ ├── dnslib │ │ │ ├── __init__.py │ │ │ ├── bimap.py │ │ │ ├── bit.py │ │ │ ├── buffer.py │ │ │ ├── client.py │ │ │ ├── digparser.py │ │ │ ├── dns.py │ │ │ ├── fixedresolver.py │ │ │ ├── intercept.py │ │ │ ├── label.py │ │ │ ├── lex.py │ │ │ ├── pan_client.py │ │ │ ├── proxy.py │ │ │ ├── ranges.py │ │ │ ├── server.py │ │ │ ├── shellresolver.py │ │ │ ├── test │ │ │ │ ├── 20120113._domainkey.gmail.com.-TXT │ │ │ │ ├── _sip._udp.sipgate.co.uk-SRV │ │ │ │ ├── dig │ │ │ │ │ ├── google.com-A.dig │ │ │ │ │ └── google.com-ANY.dig │ │ │ │ ├── e164.org-NAPTR │ │ │ │ ├── example.com-ANY │ │ │ │ ├── facebook.com-AAAA │ │ │ │ ├── google.com-A │ │ │ │ ├── google.com-AAAA │ │ │ │ ├── google.com-ANY │ │ │ │ ├── google.com-MX │ │ │ │ ├── google.com-SOA │ │ │ │ ├── google.com-TXT │ │ │ │ ├── iana.org-ANY │ │ │ │ ├── in-addr.arpa-PTR │ │ │ │ ├── microsoft.com-ANY │ │ │ │ ├── sip2sip.info-ANY │ │ │ │ ├── sip2sip.info-NAPTR │ │ │ │ └── sipgate.co.uk-ANY │ │ │ ├── test_decode.py │ │ │ └── zoneresolver.py │ │ ├── dynamodb_evt.py │ │ ├── fw_init.py │ │ ├── init.py │ │ ├── lib │ │ │ ├── __init__.py │ │ │ └── pan │ │ │ │ ├── __init__.py │ │ │ │ └── asglib.py │ │ ├── sched_evt1.py │ │ └── sha.py │ ├── make.bat │ └── source │ │ ├── arch.rst │ │ ├── aws.png │ │ ├── cft_code.dnslib.rst │ │ ├── cft_code.lib.pan.rst │ │ ├── cft_code.lib.rst │ │ ├── cft_code.rst │ │ ├── conf.py │ │ ├── index.rst │ │ ├── intro.rst │ │ └── modules.rst └── panw-aws.zip ├── Version-2.1.1 ├── ReadMe.md ├── apps │ ├── Readme_apps.txt │ ├── ilb.zip │ ├── panw-aws-alb-existing-vpc-v2.1.1.template │ ├── panw-aws-alb-new-vpc-v2.1.1.template │ ├── panw-aws-nlb-existing-vpc-v2.1.1.template │ ├── panw-aws-nlb-new-vpc-v2.1.1.template │ └── panw-aws-same-vpc-v2.1.1.template ├── cft_elb21_MultiVPC.png ├── cft_elb21_SingleVPC.png ├── firewall │ ├── Readme_fw.txt │ ├── firewall-existing-vpc-v2.1.1.template │ ├── firewall-new-vpc-v2.1.1.template │ ├── init-cfg.txt │ └── panw-aws.zip ├── pan-logo-badge-green-dark-kick-up.png └── panorama_sample_config │ ├── dg │ ├── dg_ctxt.xml │ └── panorama-config.xml │ └── template │ └── template-svsys-config.xml └── Version-2.1 ├── ReadMe.md ├── apps ├── Readme_apps.txt ├── ilb.zip ├── panw-aws-alb-existing-vpc-v2.1.template ├── panw-aws-alb-new-vpc-v2.1.template ├── panw-aws-nlb-existing-vpc-v2.1.template ├── panw-aws-nlb-new-vpc-v2.1.template └── panw-aws-same-vpc-v2.1.template ├── cft_elb21_MultiVPC.png ├── cft_elb21_SingleVPC.png ├── firewall ├── Readme_fw.txt ├── firewall-existing-vpc-v2.1.template ├── firewall-new-vpc-v2.1.template ├── init-cfg.txt ├── panorama_sample_config │ ├── dg │ │ ├── dg_ctxt.xml │ │ └── panorama-config.xml │ └── template │ │ └── template-svsys-config.xml └── panw-aws.zip ├── pan-logo-badge-green-dark-kick-up.png └── panorama_sample_config ├── Panorama2-1-CS-Sample.xml └── init-cfg.txt /README.md: -------------------------------------------------------------------------------- 1 | # Auto Scaling VM-Series firewalls in AWS to protect Internet facing applications. 2 | 3 | This repository provides AWS CloudFormation Templates (CFT) and related Lambda functions to enable auto scaling of VM-Series next generation firewalls in AWS. They use AWS elastic load balancing (ELB) services such as classic ELB, ALB and NLB to provide elastic, on-demand, scale out of security to match increased demand for the applications protected by VM-Series. It uses a common design pattern of a load balancer sandwich to protect Internet-facing applications. VM-Series provides visibility and protection of the inbound traffic. This allows network and security administrators to use the same automation tools and Panorama to centrally manage their security in the cloud, as their on-premises environments. Review the support policy section of each folder to understand how to get help. 4 | 5 | To protect outbound traffic flows, hybrid architectures that connect AWS to on-premises, and east-west flows between VPCs, refer to the Transit VPC options listed http://live.paloaltonetworks.com/cloudtemplate 6 | 7 | ## History 8 | ### Version 1.1 - Mar 2017 Deprecated 9 | ### Version 1.2 - June 2019 Bug Fixes 10 | ### Version 2.0 - Jan 2018 Initial Release 11 | ### Version 2.0.1 - Nov 2018, Bug Fixes 12 | ### Version 2.1-CS - Jan 2019, Deprecated and removed 13 | ### Version 2.1 - May 2019 Fully GA 14 | * Support for separating the frontend firewall VPC from the backend application VPC using AWS PrivateLink or VPC peering 15 | * Support for specific combinations of external and internal load balancing 16 | 17 | # Proceed with Caution: 18 | These repositories contain default password information and should be used for Proof of Concept purposes only. If you wish to use this template in a production environment it is your responsibility to change the default passwords. -------------------------------------------------------------------------------- /Version-1.1/README.md: -------------------------------------------------------------------------------- 1 | # Auto Scaling the VM-Series in AWS 2 | ## Deprecated: This version is no longer supported. Please install version 2.1 3 | 4 | This CloudFormation Template deploys a tier of [VM-Series firewalls on AWS](https://aws.amazon.com/marketplace/seller-profile?id=0ed48363-5064-4d47-b41b-a53f7c937314) that integrates with AWS Auto Scaling and Elastic Load Balancing (ELB) using a combination of native AWS services (AWS Lambda, Amazon CloudWatch, S3, SNS) and PAN-OS/VM-Series automation features (API, bootstrapping). The template allows you to leverage AWS scalability features designed to manage sudden surges in demand for application workload resources by simultaneously scaling the VM-Series firewalls with changing workloads. 5 | 6 | **Requirements** 7 | 8 | - You can deploy this solution only in regions that support AWS Lambda. 9 | - You must accept the EULA for the [VM-Series firewall Bundle 2](https://aws.amazon.com/marketplace/pp/B00PJ2V04O) prior to launching the template. 10 | 11 | **Support Policy** 12 | 13 | ***Supported*** 14 | 15 | This project is released under the official support policy of Palo Alto Networks through the support options that you've purchased, for example Premium Support, support teams, or ASC (Authorized Support Centers) partners and Premium Partner Support options. The support scope is restricted to troubleshooting for the stated/intended use cases and product versions specified in the project documentation and does not cover customization of the scripts or templates. 16 | Only projects explicitly tagged with "Supported" information are officially supported. Unless explicitly tagged, all projects or work posted in our [GitHub repository](https://github.com/PaloAltoNetworks) or sites other than our official [Downloads page](https://support.paloaltonetworks.com/) are provided under the best effort policy. 17 | 18 | **Documentation** 19 | 20 | - Release Notes: Included in this repository. 21 | - [VM-Series auto scaling deployment guide](https://www.paloaltonetworks.com/documentation/71/virtualization/virtualization/set-up-the-vm-series-firewall-in-aws/auto-scale-vm-series-firewalls-with-the-amazon-elb ) 22 | - [Lightboard video](https://www.youtube.com/watch?v=xiPZHzdNRmI&feature=youtu.be) 23 | - About the [VM-Series Firewall for AWS](https://aws.paloaltonetworks.com) 24 | 25 | -------------------------------------------------------------------------------- /Version-1.1/Release Notes_AWS_CFT_v1.1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-1.1/Release Notes_AWS_CFT_v1.1.pdf -------------------------------------------------------------------------------- /Version-1.1/clear-log-groups.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Use this script to clear all the log-groups in your current region 4 | 5 | trap ctrl_c INT 6 | 7 | function ctrl_c() { 8 | echo "** Exiting due to CTRL+C **" 9 | exit -1 10 | } 11 | 12 | echo "WARNING: This will destroy all the log-groups in your region" 13 | echo "WARNING: Waiting for 10 seconds before kicking off..." 14 | 15 | read -r -p "Are you sure? [y/N] " response 16 | case $response in 17 | [yY][eE][sS]|[yY]) 18 | echo "Proceeding with cloud watch delete..." 19 | ;; 20 | *) 21 | exit 0 22 | ;; 23 | esac 24 | 25 | 26 | echo "Running aws log describe-log-groups ..." 27 | echo "Press CTRL+C to exit..." 28 | for i in `aws logs describe-log-groups --output text | awk -F " " '{ print $2}' | awk -F ":" '{print $7}'` 29 | do 30 | echo "Deleting LogGroupName: $i" 31 | aws logs delete-log-group --log-group-name $i 32 | done 33 | 34 | -------------------------------------------------------------------------------- /Version-1.1/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": "cloudformation:*", 7 | "Resource": "*" 8 | }, 9 | { 10 | "Effect": "Allow", 11 | "Action": [ 12 | "iam:CreateRole", 13 | "iam:PutRolePolicy", 14 | "iam:DeleteRolePolicy", 15 | "iam:DeleteRole", 16 | "iam:DeletePolicy", 17 | "iam:GetRole", 18 | "iam:CreateInstanceProfile", 19 | "iam:DeleteInstanceProfile", 20 | "iam:AddRoleToInstanceProfile", 21 | "iam:RemoveRoleFromInstanceProfile", 22 | "iam:AttachRolePolicy", 23 | "iam:ListAttachRolePolicy", 24 | "iam:ListInstanceProfiles", 25 | "iam:ListInstanceProfilesForRole", 26 | "iam:ListAttachedRolePolicies", 27 | "iam:ListRolePolicies", 28 | "iam:ListRoles", 29 | "iam:PassRole", 30 | "iam:ListUsers" 31 | ], 32 | "Resource": "*" 33 | }, 34 | { 35 | "Action": "aws-marketplace:*", 36 | "Effect": "Allow", 37 | "Resource": "*" 38 | }, 39 | { 40 | "Action": "ec2:*", 41 | "Effect": "Allow", 42 | "Resource": "*" 43 | }, 44 | { 45 | "Effect": "Allow", 46 | "Action": "elasticloadbalancing:*", 47 | "Resource": "*" 48 | }, 49 | { 50 | "Effect": "Allow", 51 | "Action": "cloudwatch:*", 52 | "Resource": "*" 53 | }, 54 | { 55 | "Effect": "Allow", 56 | "Action": "autoscaling:*", 57 | "Resource": "*" 58 | }, 59 | { 60 | "Action": "sqs:*", 61 | "Effect": "Allow", 62 | "Resource": "*" 63 | }, 64 | { 65 | "Effect": "Allow", 66 | "Action": [ 67 | "events:*", 68 | "lambda:*", 69 | "logs:*" 70 | ], 71 | "Resource": "*" 72 | }, 73 | { 74 | "Effect": "Allow", 75 | "Action": "s3:*", 76 | "Resource": "*" 77 | }, 78 | { 79 | "Action": "sns:*", 80 | "Effect": "Allow", 81 | "Resource": "*" 82 | } 83 | ] 84 | } 85 | 86 | 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /Version-1.1/init-cfg.txt: -------------------------------------------------------------------------------- 1 | op-command-modes=mgmt-interface-swap 2 | -------------------------------------------------------------------------------- /Version-1.1/panw-aws.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-1.1/panw-aws.zip -------------------------------------------------------------------------------- /Version-1.2/README.md: -------------------------------------------------------------------------------- 1 | # Auto Scaling VM-Series Firewalls on AWS 2 | ## Recommended install version is 2.1 3 | 4 | This CloudFormation Template deploys a tier of [VM-Series firewalls on AWS](https://aws.amazon.com/marketplace/seller-profile?id=0ed48363-5064-4d47-b41b-a53f7c937314) that integrates with AWS Auto Scaling and Elastic Load Balancing (ELB) using a combination of AWS services (AWS Lambda, Amazon CloudWatch, S3, SNS) and PAN-OS/VM-Series automation features (API, bootstrapping). The template allows you to leverage AWS scalability features designed to manage sudden surges in demand for application workload resources by simultaneously scaling the VM-Series firewalls with changing workloads. 5 | 6 | CFT 1.2.2 includes support for the PAYG and BYOL licensing options for the VM-Series firewalls. 7 | 8 | ![Alt text](/Version-1.2/cft_elb.png?raw=true "Topology for the Auto Scaling VM-Series Firewalls on AWS") 9 | 10 | **Requirements** 11 | * You can deploy this solution only in regions that support AWS Lambda. For regions that only support signature version 4 for S3 buckets, you must use PAN-OS 8.0 or later. 12 | * Accept the EULA for the VM-Series PAYG license bundle you plan to use. 13 | [VM-Series firewall Bundle 2](https://aws.amazon.com/marketplace/pp/B00PJ2V04O) 14 | [VM-Series firewall Bundle 1](https://aws.amazon.com/marketplace/pp/B00PJ2VDFA) 15 | 16 | **Support Policy** 17 | ***Supported*** 18 | This project is released under the official support policy of Palo Alto Networks through the support options that you've purchased, for example Premium Support, support teams, or ASC (Authorized Support Centers) partners and Premium Partner Support options. The support scope is restricted to troubleshooting for the stated/intended use cases and product versions specified in the project documentation and does not cover customization of the scripts or templates. 19 | Only projects explicitly tagged with "Supported" information are officially supported. Unless explicitly tagged, all projects or work posted in our [GitHub repository](https://github.com/PaloAltoNetworks) or sites other than our official [Downloads page](https://support.paloaltonetworks.com/) are provided under the best effort policy. 20 | 21 | **Documentation** 22 | * Release Notes: Included in this repository. 23 | * Technical Documentation: [VM-Series 7.1 Deployment Guide](https://www.paloaltonetworks.com/documentation/71/virtualization/virtualization/set-up-the-vm-series-firewall-in-aws/auto-scale-vm-series-firewalls-with-the-amazon-elb) and [VM-Series 8.0 Deployment Guide](https://www.paloaltonetworks.com/documentation/80/virtualization/virtualization/set-up-the-vm-series-firewall-on-aws/auto-scale-vm-series-firewalls-with-the-amazon-elb) 24 | * [Lightboard video](https://www.youtube.com/watch?v=xiPZHzdNRmI&feature=youtu.be) 25 | * About the [VM-Series Firewall for AWS](https://aws.paloaltonetworks.com). -------------------------------------------------------------------------------- /Version-1.2/Release Notes_AWS_CFT_v1.2.2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-1.2/Release Notes_AWS_CFT_v1.2.2.pdf -------------------------------------------------------------------------------- /Version-1.2/cft_elb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-1.2/cft_elb.png -------------------------------------------------------------------------------- /Version-1.2/clear-log-groups.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Use this script to clear all the log-groups in your current region 4 | 5 | trap ctrl_c INT 6 | 7 | function ctrl_c() { 8 | echo "** Exiting due to CTRL+C **" 9 | exit -1 10 | } 11 | 12 | echo "WARNING: This will destroy all the log-groups in your region" 13 | echo "WARNING: Waiting for 10 seconds before kicking off..." 14 | 15 | read -r -p "Are you sure? [y/N] " response 16 | case $response in 17 | [yY][eE][sS]|[yY]) 18 | echo "Proceeding with cloud watch delete..." 19 | ;; 20 | *) 21 | exit 0 22 | ;; 23 | esac 24 | 25 | 26 | echo "Running aws log describe-log-groups ..." 27 | echo "Press CTRL+C to exit..." 28 | for i in `aws logs describe-log-groups --output text | awk -F " " '{ print $2}' | awk -F ":" '{print $7}'` 29 | do 30 | echo "Deleting LogGroupName: $i" 31 | aws logs delete-log-group --log-group-name $i 32 | done 33 | 34 | -------------------------------------------------------------------------------- /Version-1.2/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": "cloudformation:*", 7 | "Resource": "*" 8 | }, 9 | { 10 | "Effect": "Allow", 11 | "Action": [ 12 | "iam:CreateRole", 13 | "iam:PutRolePolicy", 14 | "iam:DeleteRolePolicy", 15 | "iam:DeleteRole", 16 | "iam:DeletePolicy", 17 | "iam:GetRole", 18 | "iam:CreateInstanceProfile", 19 | "iam:DeleteInstanceProfile", 20 | "iam:AddRoleToInstanceProfile", 21 | "iam:RemoveRoleFromInstanceProfile", 22 | "iam:AttachRolePolicy", 23 | "iam:ListAttachRolePolicy", 24 | "iam:ListInstanceProfiles", 25 | "iam:ListInstanceProfilesForRole", 26 | "iam:ListAttachedRolePolicies", 27 | "iam:ListRolePolicies", 28 | "iam:ListRoles", 29 | "iam:PassRole", 30 | "iam:ListUsers" 31 | ], 32 | "Resource": "*" 33 | }, 34 | { 35 | "Action": "aws-marketplace:*", 36 | "Effect": "Allow", 37 | "Resource": "*" 38 | }, 39 | { 40 | "Action": "ec2:*", 41 | "Effect": "Allow", 42 | "Resource": "*" 43 | }, 44 | { 45 | "Effect": "Allow", 46 | "Action": "elasticloadbalancing:*", 47 | "Resource": "*" 48 | }, 49 | { 50 | "Effect": "Allow", 51 | "Action": "cloudwatch:*", 52 | "Resource": "*" 53 | }, 54 | { 55 | "Effect": "Allow", 56 | "Action": "autoscaling:*", 57 | "Resource": "*" 58 | }, 59 | { 60 | "Action": "sqs:*", 61 | "Effect": "Allow", 62 | "Resource": "*" 63 | }, 64 | { 65 | "Effect": "Allow", 66 | "Action": [ 67 | "events:*", 68 | "lambda:*", 69 | "logs:*" 70 | ], 71 | "Resource": "*" 72 | }, 73 | { 74 | "Effect": "Allow", 75 | "Action": "s3:*", 76 | "Resource": "*" 77 | }, 78 | { 79 | "Action": "sns:*", 80 | "Effect": "Allow", 81 | "Resource": "*" 82 | } 83 | ] 84 | } 85 | 86 | 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /Version-1.2/init-cfg.txt: -------------------------------------------------------------------------------- 1 | op-command-modes=mgmt-interface-swap 2 | -------------------------------------------------------------------------------- /Version-1.2/panw-aws.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-1.2/panw-aws.zip -------------------------------------------------------------------------------- /Version-2.0/README.md: -------------------------------------------------------------------------------- 1 | # Auto Scaling VM-Series Firewalls on AWS Version 2.0 2 | This CloudFormation Template deploys a tier of [VM-Series firewalls on AWS](https://aws.amazon.com/marketplace/seller-profile?id=0ed48363-5064-4d47-b41b-a53f7c937314) that integrates with AWS Auto Scaling and Elastic Load Balancing (ELB) using a combination of AWS services (AWS Lambda, Amazon CloudWatch, S3, SNS) and PAN-OS/VM-Series automation features (API, bootstrapping). The template allows you to leverage AWS scalability features designed to manage sudden surges in demand for application workload resources by simultaneously scaling the VM-Series firewalls with changing workloads. This solution includes support for the PAYG and BYOL licensing options for the VM-Series firewalls. 3 | 4 | ![alt text](/Version-2.0/cft_elb20.png?raw=true "Topology for the Auto Scaling VM-Series Firewalls on AWS Version 2.0") 5 | 6 | **Requirements** 7 | * You can deploy this solution only in regions that support AWS Lambda. 8 | * Accept the EULA for the VM-Series PAYG license bundle you plan to use. 9 | [VM-Series firewall Bundle 2](https://aws.amazon.com/marketplace/pp/B00PJ2V04O) 10 | [VM-Series firewall Bundle 1](https://aws.amazon.com/marketplace/pp/B00PJ2VDFA) 11 | 12 | **Support Policy** 13 | ***Supported*** 14 | The autoscaling firewall template is released under the official support policy of Palo Alto Networks through the support options that you've purchased, for example Premium Support, support teams, or ASC (Authorized Support Centers) partners and Premium Partner Support options. The support scope is restricted to troubleshooting for the stated/intended use cases and product versions specified in the project documentation and does not cover customization of the scripts or templates. 15 | 16 | The application template is Community Supported. 17 | 18 | Only projects explicitly tagged with "Supported" information are officially supported. Unless explicitly tagged, all projects or work posted in our [GitHub repository](https://github.com/PaloAltoNetworks) or sites other than our official [Downloads page](https://support.paloaltonetworks.com/) are provided under the best effort policy. 19 | 20 | 21 | 22 | **Documentation** 23 | * Release Notes: Included in this repository. 24 | * Technical Documentation: [Auto Scale VM-Series Firewalls with the Amazon ELB Service](https://www.paloaltonetworks.com/documentation/80/virtualization/virtualization/set-up-the-vm-series-firewall-on-aws/auto-scale-vm-series-firewalls-with-the-amazon-elb) 25 | * [Lightboard](https://www.youtube.com/watch?v=xiPZHzdNRmI&feature=youtu.be) 26 | * About the [VM-Series Firewall for AWS](https://aws.paloaltonetworks.com). -------------------------------------------------------------------------------- /Version-2.0/Release_Notes_AWS_AutoScaling_2_0_1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/Release_Notes_AWS_AutoScaling_2_0_1.pdf -------------------------------------------------------------------------------- /Version-2.0/cft_elb20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/cft_elb20.png -------------------------------------------------------------------------------- /Version-2.0/clear-log-groups.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Use this script to clear all the log-groups in your current region 4 | 5 | trap ctrl_c INT 6 | 7 | function ctrl_c() { 8 | echo "** Exiting due to CTRL+C **" 9 | exit -1 10 | } 11 | 12 | echo "WARNING: This will destroy all the log-groups in your region" 13 | echo "WARNING: Waiting for 10 seconds before kicking off..." 14 | 15 | read -r -p "Are you sure? [y/N] " response 16 | case $response in 17 | [yY][eE][sS]|[yY]) 18 | echo "Proceeding with cloud watch delete..." 19 | ;; 20 | *) 21 | exit 0 22 | ;; 23 | esac 24 | 25 | 26 | echo "Running aws log describe-log-groups ..." 27 | echo "Press CTRL+C to exit..." 28 | for i in `aws logs describe-log-groups --output text | awk -F " " '{ print $2}' | awk -F ":" '{print $7}'` 29 | do 30 | echo "Deleting LogGroupName: $i" 31 | aws logs delete-log-group --log-group-name $i 32 | done 33 | 34 | -------------------------------------------------------------------------------- /Version-2.0/iam-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": "cloudformation:*", 7 | "Resource": "*" 8 | }, 9 | { 10 | "Effect": "Allow", 11 | "Action": [ 12 | "iam:CreateRole", 13 | "iam:PutRolePolicy", 14 | "iam:DeleteRolePolicy", 15 | "iam:DeleteRole", 16 | "iam:DeletePolicy", 17 | "iam:GetRole", 18 | "iam:CreateInstanceProfile", 19 | "iam:DeleteInstanceProfile", 20 | "iam:AddRoleToInstanceProfile", 21 | "iam:RemoveRoleFromInstanceProfile", 22 | "iam:AttachRolePolicy", 23 | "iam:ListAttachRolePolicy", 24 | "iam:ListInstanceProfiles", 25 | "iam:ListInstanceProfilesForRole", 26 | "iam:ListAttachedRolePolicies", 27 | "iam:ListRolePolicies", 28 | "iam:ListRoles", 29 | "iam:PassRole", 30 | "iam:ListUsers" 31 | ], 32 | "Resource": "*" 33 | }, 34 | { 35 | "Action": "aws-marketplace:*", 36 | "Effect": "Allow", 37 | "Resource": "*" 38 | }, 39 | { 40 | "Action": "ec2:*", 41 | "Effect": "Allow", 42 | "Resource": "*" 43 | }, 44 | { 45 | "Effect": "Allow", 46 | "Action": "elasticloadbalancing:*", 47 | "Resource": "*" 48 | }, 49 | { 50 | "Effect": "Allow", 51 | "Action": "cloudwatch:*", 52 | "Resource": "*" 53 | }, 54 | { 55 | "Effect": "Allow", 56 | "Action": "autoscaling:*", 57 | "Resource": "*" 58 | }, 59 | { 60 | "Action": "sqs:*", 61 | "Effect": "Allow", 62 | "Resource": "*" 63 | }, 64 | { 65 | "Effect": "Allow", 66 | "Action": [ 67 | "events:*", 68 | "lambda:*", 69 | "logs:*" 70 | ], 71 | "Resource": "*" 72 | }, 73 | { 74 | "Effect": "Allow", 75 | "Action": "s3:*", 76 | "Resource": "*" 77 | }, 78 | { 79 | "Action": "sns:*", 80 | "Effect": "Allow", 81 | "Resource": "*" 82 | } 83 | ] 84 | } 85 | 86 | 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /Version-2.0/init-cfg.txt: -------------------------------------------------------------------------------- 1 | op-command-modes=mgmt-interface-swap 2 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/Makefile: -------------------------------------------------------------------------------- 1 | # Minimal makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | #SPHINXBUILD = sphinx-build 7 | SPHINXBUILD = python -msphinx 8 | SPHINXPROJ = PaloAltoNetworksAWSAutoscale 9 | SOURCEDIR = source 10 | BUILDDIR = build 11 | 12 | # Put it first so that "make" without argument is like "make help". 13 | help: 14 | @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) 15 | 16 | .PHONY: help Makefile 17 | 18 | # Catch-all target: route all unknown targets to Sphinx using the new 19 | # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). 20 | %: Makefile 21 | @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) 22 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/README.md: -------------------------------------------------------------------------------- 1 | # pan_aws_docs 2 | Documentation for the PAN AWS Auto Scale Solution 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.buildinfo: -------------------------------------------------------------------------------- 1 | # Sphinx build info version 1 2 | # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. 3 | config: 35ea0464ab134e38aba9fc8613a6b10d 4 | tags: 645f666f9bcd5a90fca523b33c5a78b7 5 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.doctrees/arch.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/.doctrees/arch.doctree -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.doctrees/cft_code.dnslib.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/.doctrees/cft_code.dnslib.doctree -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.doctrees/cft_code.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/.doctrees/cft_code.doctree -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.doctrees/cft_code.lib.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/.doctrees/cft_code.lib.doctree -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.doctrees/cft_code.lib.pan.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/.doctrees/cft_code.lib.pan.doctree -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.doctrees/environment.pickle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/.doctrees/environment.pickle -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.doctrees/index.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/.doctrees/index.doctree -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.doctrees/intro.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/.doctrees/intro.doctree -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/.doctrees/modules.doctree: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/.doctrees/modules.doctree -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/aws.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/aws.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-0143ea4bbf2cd9669c5b03b29f9bb753287b8401.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-0143ea4bbf2cd9669c5b03b29f9bb753287b8401.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-0143ea4bbf2cd9669c5b03b29f9bb753287b8401.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-1cf7d329756dd56506cc0e71d64071af01cc9670.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-1cf7d329756dd56506cc0e71d64071af01cc9670.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-1cf7d329756dd56506cc0e71d64071af01cc9670.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-24c04060d1fa981569ba702761142526c0144ad1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-24c04060d1fa981569ba702761142526c0144ad1.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-24c04060d1fa981569ba702761142526c0144ad1.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-2a296e5d080624062a6794ecfa6a2058fed13969.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-2a296e5d080624062a6794ecfa6a2058fed13969.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-2a296e5d080624062a6794ecfa6a2058fed13969.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-2afb37a1576b94b53c6b7a710542d4b74aa09255.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-2afb37a1576b94b53c6b7a710542d4b74aa09255.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-2afb37a1576b94b53c6b7a710542d4b74aa09255.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-31f85d04d8d238e3173eaa3781b9f329b5dc69e0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-31f85d04d8d238e3173eaa3781b9f329b5dc69e0.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-31f85d04d8d238e3173eaa3781b9f329b5dc69e0.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-5ee8f410d003194c51a302c9603cbe1a0bfea474.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-5ee8f410d003194c51a302c9603cbe1a0bfea474.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-5ee8f410d003194c51a302c9603cbe1a0bfea474.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-67bb755b48e1fced5bbcb152db25a25cd9c17d7a.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-67bb755b48e1fced5bbcb152db25a25cd9c17d7a.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-67bb755b48e1fced5bbcb152db25a25cd9c17d7a.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-79fe9d454910636a86978c7900314940ba98d50f.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-79fe9d454910636a86978c7900314940ba98d50f.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-79fe9d454910636a86978c7900314940ba98d50f.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-a9f2ae8b27d718865a221be10c5df80443de3cfb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-a9f2ae8b27d718865a221be10c5df80443de3cfb.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-a9f2ae8b27d718865a221be10c5df80443de3cfb.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-b0769ad1f725b2fd82532bde5559a6d71bd80f16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-b0769ad1f725b2fd82532bde5559a6d71bd80f16.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-b0769ad1f725b2fd82532bde5559a6d71bd80f16.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-c30b5f31226abd179f45b0575bd41a21d32603de.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-c30b5f31226abd179f45b0575bd41a21d32603de.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-c30b5f31226abd179f45b0575bd41a21d32603de.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-c7ccbaf3c58cf3a9c0414d21d6b927ccbfec0f63.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-c7ccbaf3c58cf3a9c0414d21d6b927ccbfec0f63.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-c7ccbaf3c58cf3a9c0414d21d6b927ccbfec0f63.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-e24554cd90c6e61490938b82c01abe6a3793a51f.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-e24554cd90c6e61490938b82c01abe6a3793a51f.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-e24554cd90c6e61490938b82c01abe6a3793a51f.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-e3fb370fdccbc3c00bb052066495841d8c92e8bb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-e3fb370fdccbc3c00bb052066495841d8c92e8bb.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-e3fb370fdccbc3c00bb052066495841d8c92e8bb.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-eb852a609a013959a5581cd67ceb17cb3be1e83a.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_images/graphviz-eb852a609a013959a5581cd67ceb17cb3be1e83a.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_images/graphviz-eb852a609a013959a5581cd67ceb17cb3be1e83a.png.map: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_sources/arch.rst.txt: -------------------------------------------------------------------------------- 1 | Architecture of the Palo Alto CFT Lambda Functions 2 | ================================================== 3 | .. image:: aws.png 4 | 5 | | 6 | | 7 | | 8 | 9 | .. graphviz:: 10 | 11 | digraph { 12 | subgraph fw_cft { 13 | size ="8.4"; 14 | label="Firewall CFT"; 15 | launch_fw_cft [shape=box]; 16 | launch_fw_cft -> init [weight=8, label="deploy init_lambda"]; 17 | init_lambda -> sched_evt1 [weight=8, label="deploy"]; 18 | launch_fw_cft -> fwInit [weight=8, label="deploy fw_init lambda"]; 19 | sched_evt1 -> fw_asg [weight=8, label="create fw asg"]; 20 | fw_asg -> firewall [weight=8, label="launch firewalls"] 21 | nlb_sqs -> sched_evt1 [weight=8, label="read nlb IP"]; 22 | sched_evt1 -> fw_nat_rule [weight=8, label="config fw nat rules"]; 23 | fw_nat_rule -> fw_table [weight=8, label="update fw state"]; 24 | sched_evt1 -> nlb_table [weight=8, label="update nlb table"]; 25 | fw_table -> sched_evt1 [weight=8, label="read fw table"]; 26 | firewall -> cloud_watch [weight=8, lable="register fw metrics"]; 27 | fw_init -> create_eni [weight=8, label="1. create eni"]; 28 | fw_init -> attach_eni_trust [weight=8, label="2. attach to instance"]; 29 | fw_init -> attach_eni_mgmt [weight=8, label="3. attach to instance"]; 30 | fw_init -> fw_table [weight=8, label="4. add/delete fw entries"]; 31 | } 32 | 33 | subgraph nlb_cft { 34 | size="8.4"; 35 | label="NLB CFT"; 36 | launch_nlb_cft [shape=box]; 37 | launch_nlb_cft -> nlb [weight=8, label="deploy nlb"]; 38 | launch_nlb_cft -> nlbLambda [weight=8, label="deploy nlb lambda"]; 39 | nlb_lambda -> nlb_sqs [weight=8, label="write nlb IP"]; 40 | } 41 | 42 | } 43 | 44 | 45 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_sources/cft_code.dnslib.rst.txt: -------------------------------------------------------------------------------- 1 | cft\_code\.dnslib package 2 | ========================= 3 | 4 | Submodules 5 | ---------- 6 | 7 | cft\_code\.dnslib\.bimap module 8 | ------------------------------- 9 | 10 | .. automodule:: cft_code.dnslib.bimap 11 | :members: 12 | :undoc-members: 13 | :show-inheritance: 14 | 15 | cft\_code\.dnslib\.bit module 16 | ----------------------------- 17 | 18 | .. automodule:: cft_code.dnslib.bit 19 | :members: 20 | :undoc-members: 21 | :show-inheritance: 22 | 23 | cft\_code\.dnslib\.buffer module 24 | -------------------------------- 25 | 26 | .. automodule:: cft_code.dnslib.buffer 27 | :members: 28 | :undoc-members: 29 | :show-inheritance: 30 | 31 | cft\_code\.dnslib\.client module 32 | -------------------------------- 33 | 34 | .. automodule:: cft_code.dnslib.client 35 | :members: 36 | :undoc-members: 37 | :show-inheritance: 38 | 39 | cft\_code\.dnslib\.digparser module 40 | ----------------------------------- 41 | 42 | .. automodule:: cft_code.dnslib.digparser 43 | :members: 44 | :undoc-members: 45 | :show-inheritance: 46 | 47 | cft\_code\.dnslib\.dns module 48 | ----------------------------- 49 | 50 | .. automodule:: cft_code.dnslib.dns 51 | :members: 52 | :undoc-members: 53 | :show-inheritance: 54 | 55 | cft\_code\.dnslib\.fixedresolver module 56 | --------------------------------------- 57 | 58 | .. automodule:: cft_code.dnslib.fixedresolver 59 | :members: 60 | :undoc-members: 61 | :show-inheritance: 62 | 63 | cft\_code\.dnslib\.intercept module 64 | ----------------------------------- 65 | 66 | .. automodule:: cft_code.dnslib.intercept 67 | :members: 68 | :undoc-members: 69 | :show-inheritance: 70 | 71 | cft\_code\.dnslib\.label module 72 | ------------------------------- 73 | 74 | .. automodule:: cft_code.dnslib.label 75 | :members: 76 | :undoc-members: 77 | :show-inheritance: 78 | 79 | cft\_code\.dnslib\.lex module 80 | ----------------------------- 81 | 82 | .. automodule:: cft_code.dnslib.lex 83 | :members: 84 | :undoc-members: 85 | :show-inheritance: 86 | 87 | cft\_code\.dnslib\.pan\_client module 88 | ------------------------------------- 89 | 90 | .. automodule:: cft_code.dnslib.pan_client 91 | :members: 92 | :undoc-members: 93 | :show-inheritance: 94 | 95 | cft\_code\.dnslib\.proxy module 96 | ------------------------------- 97 | 98 | .. automodule:: cft_code.dnslib.proxy 99 | :members: 100 | :undoc-members: 101 | :show-inheritance: 102 | 103 | cft\_code\.dnslib\.ranges module 104 | -------------------------------- 105 | 106 | .. automodule:: cft_code.dnslib.ranges 107 | :members: 108 | :undoc-members: 109 | :show-inheritance: 110 | 111 | cft\_code\.dnslib\.server module 112 | -------------------------------- 113 | 114 | .. automodule:: cft_code.dnslib.server 115 | :members: 116 | :undoc-members: 117 | :show-inheritance: 118 | 119 | cft\_code\.dnslib\.shellresolver module 120 | --------------------------------------- 121 | 122 | .. automodule:: cft_code.dnslib.shellresolver 123 | :members: 124 | :undoc-members: 125 | :show-inheritance: 126 | 127 | cft\_code\.dnslib\.test\_decode module 128 | -------------------------------------- 129 | 130 | .. automodule:: cft_code.dnslib.test_decode 131 | :members: 132 | :undoc-members: 133 | :show-inheritance: 134 | 135 | cft\_code\.dnslib\.zoneresolver module 136 | -------------------------------------- 137 | 138 | .. automodule:: cft_code.dnslib.zoneresolver 139 | :members: 140 | :undoc-members: 141 | :show-inheritance: 142 | 143 | 144 | Module contents 145 | --------------- 146 | 147 | .. automodule:: cft_code.dnslib 148 | :members: 149 | :undoc-members: 150 | :show-inheritance: 151 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_sources/cft_code.lib.pan.rst.txt: -------------------------------------------------------------------------------- 1 | cft\_code\.lib\.pan package 2 | =========================== 3 | 4 | Submodules 5 | ---------- 6 | 7 | cft\_code\.lib\.pan\.asglib module 8 | ---------------------------------- 9 | 10 | .. automodule:: cft_code.lib.pan.asglib 11 | :members: 12 | :undoc-members: 13 | :show-inheritance: 14 | 15 | 16 | Module contents 17 | --------------- 18 | 19 | .. automodule:: cft_code.lib.pan 20 | :members: 21 | :undoc-members: 22 | :show-inheritance: 23 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_sources/cft_code.lib.rst.txt: -------------------------------------------------------------------------------- 1 | cft\_code\.lib package 2 | ====================== 3 | 4 | Subpackages 5 | ----------- 6 | 7 | .. toctree:: 8 | 9 | cft_code.lib.pan 10 | 11 | Module contents 12 | --------------- 13 | 14 | .. automodule:: cft_code.lib 15 | :members: 16 | :undoc-members: 17 | :show-inheritance: 18 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_sources/cft_code.rst.txt: -------------------------------------------------------------------------------- 1 | cft\_code package 2 | ================= 3 | 4 | Subpackages 5 | ----------- 6 | 7 | .. toctree:: 8 | 9 | cft_code.dnslib 10 | cft_code.lib 11 | 12 | Submodules 13 | ---------- 14 | 15 | cft\_code\.dynamodb\_evt module 16 | ------------------------------- 17 | 18 | .. automodule:: cft_code.dynamodb_evt 19 | :members: 20 | :undoc-members: 21 | :show-inheritance: 22 | 23 | cft\_code\.fw\_init module 24 | -------------------------- 25 | 26 | .. automodule:: cft_code.fw_init 27 | :members: 28 | :undoc-members: 29 | :show-inheritance: 30 | 31 | cft\_code\.init module 32 | ---------------------- 33 | 34 | .. automodule:: cft_code.init 35 | :members: 36 | :undoc-members: 37 | :show-inheritance: 38 | 39 | cft\_code\.sched\_evt1 module 40 | ----------------------------- 41 | 42 | .. automodule:: cft_code.sched_evt1 43 | :members: 44 | :undoc-members: 45 | :show-inheritance: 46 | 47 | cft\_code\.sha module 48 | --------------------- 49 | 50 | .. automodule:: cft_code.sha 51 | :members: 52 | :undoc-members: 53 | :show-inheritance: 54 | 55 | 56 | Module contents 57 | --------------- 58 | 59 | .. automodule:: cft_code 60 | :members: 61 | :undoc-members: 62 | :show-inheritance: 63 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_sources/index.rst.txt: -------------------------------------------------------------------------------- 1 | .. Palo Alto Networks AWS Autoscale documentation master file, created by 2 | sphinx-quickstart on Mon Jan 1 15:33:48 2018. 3 | You can adapt this file completely to your liking, but it should at least 4 | contain the root `toctree` directive. 5 | 6 | Welcome to Palo Alto Networks AWS Autoscale's documentation! 7 | ============================================================ 8 | 9 | .. toctree:: 10 | :maxdepth: 2 11 | :caption: Contents: 12 | 13 | intro 14 | arch 15 | links 16 | 17 | 18 | 19 | 20 | Indices and tables 21 | ================== 22 | 23 | * :ref:`genindex` 24 | * :ref:`modindex` 25 | * :ref:`search` 26 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_sources/intro.rst.txt: -------------------------------------------------------------------------------- 1 | Palo Alto Networks Lambda Functions for ELB AutoScale Deployment 2 | ================================================================ 3 | 4 | The Lambda Functions implemented and published by Palo Alto Networks are 5 | meant to work in conjunction with the ELB Auto Scaling Deployment on AWS. 6 | 7 | At a high level, the goal of the lambda functions is to perform the initial 8 | setup and the plumbing necessary to allow traffic from the internet (untrust 9 | subnet) to the backend web tier (trust subnet) via the Palo Alto Networks 10 | Next Generation Firewall. The policies on the PAN NGFW determine the traffic 11 | that will be permitted to pass between the untrust and trust subnets. 12 | Additionally, the lambda functions also handle the various actions required 13 | when various events, such as autoscaling, occur which require the manipulation 14 | of the firewalls. 15 | 16 | 17 | Use Cases 18 | +++++++++ 19 | 20 | 1. Deploy Palo Alto Networks Next Generation Firewall in an auto scale 21 | configuration to handle unpredictable traffic patterns (spikes etc). 22 | 23 | 2. Deploy best practice architectures to secure multi-tier applications 24 | on AWS with Palo Alto Networks Next Generation Firewalls. 25 | 26 | 27 | AWS Specific Deployment Options 28 | +++++++++++++++++++++++++++++++ 29 | 30 | 1. Palo Alto supports the ELB architecture to be deployed 31 | with NAT Gateways fronting back end infrastructure. 32 | The advantage of this configuration is to not require publicly 33 | routable IP addresses for various instances in the absence of the NAT 34 | gateway. 35 | 36 | 37 | Lambda function objectives 38 | ++++++++++++++++++++++++++ 39 | 40 | - Deploy ASG's and Bootstrap the Firewalls. 41 | - Deploy Lambda Functions to monitor the private or public IPs on the NLB. 42 | - Program the NAT rules on the PAN FW 43 | - Handle Auto Scale Events and take the necessary actions. 44 | - Handle the de-licensing of Firewalls when they are deleted. 45 | - Handle de-registration of Firewalls from Panorama if Panorama is used. 46 | 47 | 48 | Theory of Operation 49 | +++++++++++++++++++ 50 | 51 | There are 3 main lambda functions that get deployed: 52 | 53 | - init 54 | - fw_init 55 | - sched_evt1 56 | 57 | The two lambda functions that get deployed by the CFT are the first two listed above. 58 | 59 | Init Lambda Function 60 | 61 | The InitLambda lambda function is responsible for the following functions: 62 | - deployment and configuration of the ```sched_evt1``` lambda function 63 | - handling creation, update and delete of the cloud formation template 64 | - validating the AMI-ID's of the PAN FW specified by the user 65 | 66 | When the init lambda function is triggered it validates that the AMI-ID of the PAN FW 67 | is valid and then proceeds to deploy the ```sched_evt1``` lambda function with all the 68 | required parameters. It should also be noted that the ```sched_evt1``` lambda function 69 | is configured to be triggered every minute. The rationale for the frequency is provided 70 | in the next section. 71 | 72 | Sched_evt1 Lambda Function 73 | 74 | The primary objective of this lambda function is to read messages of NLB IP addresses published 75 | by NLB template, and for each and every IP address added ensure that there is a corresponding NAT rule 76 | configured on all firewall instances deployed. Conversely, for each and every IP address removed due 77 | to the removal of NLB, the lambda function will delete the NAT rule from all firewall instances. 78 | 79 | Fw_init Lambda Function 80 | 81 | The ```fw_init``` lambda function gets invoked by a life-cycle hook trigger. The lambda function gets 82 | triggered when an instance in an ASG either launches or terminates. When handling an instance launch 83 | life-cycle hook action, the lambda function creates and attaches ENI's for the management and trust 84 | subnets. 85 | 86 | Availability Zones 87 | ++++++++++++++++++ 88 | 89 | The ELB Autoscale Deployments require two availability zones to be deployed into. Consequently, 90 | the lambda functions will spin up two auto scale groups in the specified availability zones. 91 | 92 | Auto Scaling Parameters 93 | +++++++++++++++++++++++ 94 | 95 | Autoscaling on AWS occurs by defining and advertising the parameters that will be used by the AWS framework to make 96 | auto scaling decisions. The parameters currently defined are: 97 | 98 | - DataPlaneCPUUtilizationPct 99 | - panSessionActive 100 | - panSessionUtilization 101 | - panSessionSslProxyUtilization 102 | - panGPGatewayUtilizationPct 103 | - panGPGWUtilizationActiveTunnels 104 | - DataPlanePacketBufferUtilization 105 | 106 | The AWS requires users to specify a ```high``` threshold and a ```low``` threshold for each parameters. When one of the 107 | parameters breaches the high threshold mark, a scale out event is triggered. Consequently, when one of the parameters 108 | breaches the low threshold mark, a scale in event is triggered. 109 | 110 | Panorama 111 | ++++++++ 112 | 113 | The use of a Panorama is optional along with the autoscaling deployment. However, it is possible to associate 114 | a firewall with the Panorama. Panorama configuration parameters such as the IP among others can be specified 115 | in the ```init-cfg``` file. 116 | 117 | Logging 118 | +++++++ 119 | 120 | The logs from the lambda functions are available as Cloud Watch Logs. Log groups are created on cloud watch, 121 | which are prepended with the stack name. Debug logging can be enabled through template parameter when creating 122 | stack or updating stack. 123 | 124 | 125 | Inputs to the Lambda Functions 126 | ++++++++++++++++++++++++++++++ 127 | 128 | Identify the various deployment artifacts such as: 129 | 130 | - "ServiceToken" 131 | - "StackName" 132 | - "Region" 133 | - "VpcId" 134 | - "SubnetIDMgmt" 135 | - "SubnetIDUntrust" 136 | - "SubnetIDTrust" 137 | - "MgmtSecurityGroup" 138 | - "UntrustSecurityGroup" 139 | - "TrustSecurityGroup" 140 | - "VPCSecurityGroup" 141 | - "KeyName" 142 | - "ELBName" 143 | - "ELBTargetGroupName" 144 | - "FWInstanceType" 145 | - "SSHLocation" 146 | - "MinInstancesASG" 147 | - "MaximumInstancesASG" 148 | - "ScaleUpThreshold" 149 | - "ScaleDownThreshold" 150 | - "ScalingParameter" 151 | - "ScalingPeriod" 152 | - "ImageID" 153 | - "LambdaENISNSTopic" 154 | - "FirewallBootstrapRole" 155 | - "LambdaExecutionRole" 156 | - "ASGNotifierRole" 157 | - "ASGNotifierRolePolicy" 158 | - "BootstrapS3Bucket" 159 | - "LambdaS3Bucket" 160 | - "PanS3KeyTpl" 161 | - "KeyPANWFirewall" 162 | - "KeyPANWPanorama" 163 | - "SubnetIDNATGW" 164 | - "SubnetIDLambda" 165 | - "FwInit" 166 | - "InitLambda" 167 | - "KeyDeLicense" 168 | - "LambdaENIQueue" 169 | - "Debug" 170 | - "NetworkLoadBalancerQueue" 171 | 172 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_sources/modules.rst.txt: -------------------------------------------------------------------------------- 1 | cft_code 2 | ======== 3 | 4 | .. toctree:: 5 | :maxdepth: 4 6 | 7 | cft_code 8 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/ajax-loader.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/ajax-loader.gif -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/comment-bright.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/comment-bright.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/comment-close.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/comment-close.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/comment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/comment.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/css/badge_only.css: -------------------------------------------------------------------------------- 1 | .fa:before{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-weight:normal;font-style:normal;src:url("../font/fontawesome_webfont.eot");src:url("../font/fontawesome_webfont.eot?#iefix") format("embedded-opentype"),url("../font/fontawesome_webfont.woff") format("woff"),url("../font/fontawesome_webfont.ttf") format("truetype"),url("../font/fontawesome_webfont.svg#FontAwesome") format("svg")}.fa:before{display:inline-block;font-family:FontAwesome;font-style:normal;font-weight:normal;line-height:1;text-decoration:inherit}a .fa{display:inline-block;text-decoration:inherit}li .fa{display:inline-block}li .fa-large:before,li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-0.8em}ul.fas li .fa{width:0.8em}ul.fas li .fa-large:before,ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before{content:""}.icon-book:before{content:""}.fa-caret-down:before{content:""}.icon-caret-down:before{content:""}.fa-caret-up:before{content:""}.icon-caret-up:before{content:""}.fa-caret-left:before{content:""}.icon-caret-left:before{content:""}.fa-caret-right:before{content:""}.icon-caret-right:before{content:""}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;border-top:solid 10px #343131;font-family:"Lato","proxima-nova","Helvetica Neue",Arial,sans-serif;z-index:400}.rst-versions a{color:#2980B9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27AE60;*zoom:1}.rst-versions .rst-current-version:before,.rst-versions .rst-current-version:after{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book{float:left}.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#E74C3C;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#F1C40F;color:#000}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:gray;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:solid 1px #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px}.rst-versions.rst-badge .icon-book{float:none}.rst-versions.rst-badge .fa-book{float:none}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book{float:left}.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge .rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width: 768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}} 2 | /*# sourceMappingURL=badge_only.css.map */ 3 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/down-pressed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/down-pressed.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/down.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/down.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/file.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/fonts/Inconsolata-Bold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/fonts/Inconsolata-Bold.ttf -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/fonts/Inconsolata-Regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/fonts/Inconsolata-Regular.ttf -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/fonts/Lato-Bold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/fonts/Lato-Bold.ttf -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/fonts/Lato-Regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/fonts/Lato-Regular.ttf -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/fonts/RobotoSlab-Bold.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/fonts/RobotoSlab-Bold.ttf -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/fonts/RobotoSlab-Regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/fonts/RobotoSlab-Regular.ttf -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/fonts/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/fonts/fontawesome-webfont.eot -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/fonts/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/fonts/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/fonts/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/fonts/fontawesome-webfont.woff -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/js/theme.js: -------------------------------------------------------------------------------- 1 | require=(function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o"); 80 | 81 | // Add expand links to all parents of nested ul 82 | $('.wy-menu-vertical ul').not('.simple').siblings('a').each(function () { 83 | var link = $(this); 84 | expand = $(''); 85 | expand.on('click', function (ev) { 86 | self.toggleCurrent(link); 87 | ev.stopPropagation(); 88 | return false; 89 | }); 90 | link.prepend(expand); 91 | }); 92 | }; 93 | 94 | nav.reset = function () { 95 | // Get anchor from URL and open up nested nav 96 | var anchor = encodeURI(window.location.hash); 97 | if (anchor) { 98 | try { 99 | var link = $('.wy-menu-vertical') 100 | .find('[href="' + anchor + '"]'); 101 | // If we didn't find a link, it may be because we clicked on 102 | // something that is not in the sidebar (eg: when using 103 | // sphinxcontrib.httpdomain it generates headerlinks but those 104 | // aren't picked up and placed in the toctree). So let's find 105 | // the closest header in the document and try with that one. 106 | if (link.length === 0) { 107 | var doc_link = $('.document a[href="' + anchor + '"]'); 108 | var closest_section = doc_link.closest('div.section'); 109 | // Try again with the closest section entry. 110 | link = $('.wy-menu-vertical') 111 | .find('[href="#' + closest_section.attr("id") + '"]'); 112 | 113 | } 114 | $('.wy-menu-vertical li.toctree-l1 li.current') 115 | .removeClass('current'); 116 | link.closest('li.toctree-l2').addClass('current'); 117 | link.closest('li.toctree-l3').addClass('current'); 118 | link.closest('li.toctree-l4').addClass('current'); 119 | } 120 | catch (err) { 121 | console.log("Error expanding nav for anchor", err); 122 | } 123 | } 124 | }; 125 | 126 | nav.onScroll = function () { 127 | this.winScroll = false; 128 | var newWinPosition = this.win.scrollTop(), 129 | winBottom = newWinPosition + this.winHeight, 130 | navPosition = this.navBar.scrollTop(), 131 | newNavPosition = navPosition + (newWinPosition - this.winPosition); 132 | if (newWinPosition < 0 || winBottom > this.docHeight) { 133 | return; 134 | } 135 | this.navBar.scrollTop(newNavPosition); 136 | this.winPosition = newWinPosition; 137 | }; 138 | 139 | nav.onResize = function () { 140 | this.winResize = false; 141 | this.winHeight = this.win.height(); 142 | this.docHeight = $(document).height(); 143 | }; 144 | 145 | nav.hashChange = function () { 146 | this.linkScroll = true; 147 | this.win.one('hashchange', function () { 148 | this.linkScroll = false; 149 | }); 150 | }; 151 | 152 | nav.toggleCurrent = function (elem) { 153 | var parent_li = elem.closest('li'); 154 | parent_li.siblings('li.current').removeClass('current'); 155 | parent_li.siblings().find('li.current').removeClass('current'); 156 | parent_li.find('> ul li.current').removeClass('current'); 157 | parent_li.toggleClass('current'); 158 | } 159 | 160 | return nav; 161 | }; 162 | 163 | module.exports.ThemeNav = ThemeNav(); 164 | 165 | if (typeof(window) != 'undefined') { 166 | window.SphinxRtdTheme = { StickyNav: module.exports.ThemeNav }; 167 | } 168 | 169 | },{"jquery":"jquery"}]},{},["sphinx-rtd-theme"]); 170 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/minus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/minus.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/plus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/plus.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/pygments.css: -------------------------------------------------------------------------------- 1 | .highlight .hll { background-color: #ffffcc } 2 | .highlight { background: #eeffcc; } 3 | .highlight .c { color: #408090; font-style: italic } /* Comment */ 4 | .highlight .err { border: 1px solid #FF0000 } /* Error */ 5 | .highlight .k { color: #007020; font-weight: bold } /* Keyword */ 6 | .highlight .o { color: #666666 } /* Operator */ 7 | .highlight .ch { color: #408090; font-style: italic } /* Comment.Hashbang */ 8 | .highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */ 9 | .highlight .cp { color: #007020 } /* Comment.Preproc */ 10 | .highlight .cpf { color: #408090; font-style: italic } /* Comment.PreprocFile */ 11 | .highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */ 12 | .highlight .cs { color: #408090; background-color: #fff0f0 } /* Comment.Special */ 13 | .highlight .gd { color: #A00000 } /* Generic.Deleted */ 14 | .highlight .ge { font-style: italic } /* Generic.Emph */ 15 | .highlight .gr { color: #FF0000 } /* Generic.Error */ 16 | .highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */ 17 | .highlight .gi { color: #00A000 } /* Generic.Inserted */ 18 | .highlight .go { color: #333333 } /* Generic.Output */ 19 | .highlight .gp { color: #c65d09; font-weight: bold } /* Generic.Prompt */ 20 | .highlight .gs { font-weight: bold } /* Generic.Strong */ 21 | .highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */ 22 | .highlight .gt { color: #0044DD } /* Generic.Traceback */ 23 | .highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */ 24 | .highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */ 25 | .highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */ 26 | .highlight .kp { color: #007020 } /* Keyword.Pseudo */ 27 | .highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */ 28 | .highlight .kt { color: #902000 } /* Keyword.Type */ 29 | .highlight .m { color: #208050 } /* Literal.Number */ 30 | .highlight .s { color: #4070a0 } /* Literal.String */ 31 | .highlight .na { color: #4070a0 } /* Name.Attribute */ 32 | .highlight .nb { color: #007020 } /* Name.Builtin */ 33 | .highlight .nc { color: #0e84b5; font-weight: bold } /* Name.Class */ 34 | .highlight .no { color: #60add5 } /* Name.Constant */ 35 | .highlight .nd { color: #555555; font-weight: bold } /* Name.Decorator */ 36 | .highlight .ni { color: #d55537; font-weight: bold } /* Name.Entity */ 37 | .highlight .ne { color: #007020 } /* Name.Exception */ 38 | .highlight .nf { color: #06287e } /* Name.Function */ 39 | .highlight .nl { color: #002070; font-weight: bold } /* Name.Label */ 40 | .highlight .nn { color: #0e84b5; font-weight: bold } /* Name.Namespace */ 41 | .highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */ 42 | .highlight .nv { color: #bb60d5 } /* Name.Variable */ 43 | .highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */ 44 | .highlight .w { color: #bbbbbb } /* Text.Whitespace */ 45 | .highlight .mb { color: #208050 } /* Literal.Number.Bin */ 46 | .highlight .mf { color: #208050 } /* Literal.Number.Float */ 47 | .highlight .mh { color: #208050 } /* Literal.Number.Hex */ 48 | .highlight .mi { color: #208050 } /* Literal.Number.Integer */ 49 | .highlight .mo { color: #208050 } /* Literal.Number.Oct */ 50 | .highlight .sa { color: #4070a0 } /* Literal.String.Affix */ 51 | .highlight .sb { color: #4070a0 } /* Literal.String.Backtick */ 52 | .highlight .sc { color: #4070a0 } /* Literal.String.Char */ 53 | .highlight .dl { color: #4070a0 } /* Literal.String.Delimiter */ 54 | .highlight .sd { color: #4070a0; font-style: italic } /* Literal.String.Doc */ 55 | .highlight .s2 { color: #4070a0 } /* Literal.String.Double */ 56 | .highlight .se { color: #4070a0; font-weight: bold } /* Literal.String.Escape */ 57 | .highlight .sh { color: #4070a0 } /* Literal.String.Heredoc */ 58 | .highlight .si { color: #70a0d0; font-style: italic } /* Literal.String.Interpol */ 59 | .highlight .sx { color: #c65d09 } /* Literal.String.Other */ 60 | .highlight .sr { color: #235388 } /* Literal.String.Regex */ 61 | .highlight .s1 { color: #4070a0 } /* Literal.String.Single */ 62 | .highlight .ss { color: #517918 } /* Literal.String.Symbol */ 63 | .highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */ 64 | .highlight .fm { color: #06287e } /* Name.Function.Magic */ 65 | .highlight .vc { color: #bb60d5 } /* Name.Variable.Class */ 66 | .highlight .vg { color: #bb60d5 } /* Name.Variable.Global */ 67 | .highlight .vi { color: #bb60d5 } /* Name.Variable.Instance */ 68 | .highlight .vm { color: #bb60d5 } /* Name.Variable.Magic */ 69 | .highlight .il { color: #208050 } /* Literal.Number.Integer.Long */ -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/up-pressed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/up-pressed.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/_static/up.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/_static/up.png -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/cft_code.lib.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | cft_code.lib package — Palo Alto Networks AWS Autoscale 2.0 documentation 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 |
49 | 50 | 51 | 102 | 103 |
104 | 105 | 106 | 112 | 113 | 114 | 115 |
116 |
117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 |
134 | 135 |
    136 | 137 |
  • Docs »
    • 138 | 139 |
  • cft_code.lib package
    • 140 | 141 | 142 |
  • 143 | 144 | 145 | View page source 146 | 147 | 148 |
    • 149 | 150 |
151 | 152 | 153 |
154 |
155 |
156 |
157 | 158 |
159 |

cft_code.lib package

160 |
161 |

Subpackages

162 |
163 | 171 |
172 |
173 |
174 |

Module contents

175 |
176 |
177 | 178 | 179 |
180 |
181 | 182 |
183 |
184 |
185 | 186 | 187 |
188 | 189 |
190 |

191 | © Copyright 2018, Palo Alto Networks. 192 | 193 |

194 |
195 | Built with Sphinx using a theme provided by Read the Docs. 196 | 197 |
198 | 199 |
200 |
201 | 202 |
203 | 204 |
205 | 206 | 207 | 208 | 209 | 210 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 238 | 239 | 240 | 241 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/objects.inv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/build/objects.inv -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/build/search.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Search — Palo Alto Networks AWS Autoscale 2.0 documentation 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 |
49 | 50 | 51 | 102 | 103 |
104 | 105 | 106 | 112 | 113 | 114 | 115 |
116 |
117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 |
134 | 135 |
    136 | 137 |
  • Docs »
    • 138 | 139 |
  • Search
    • 140 | 141 | 142 |
  • 143 | 144 |
    • 145 | 146 |
147 | 148 | 149 |
150 |
151 |
152 |
153 | 154 | 162 | 163 | 164 |
165 | 166 |
167 | 168 |
169 |
170 | 171 |
172 |
173 |
174 | 175 | 176 |
177 | 178 |
179 |

180 | © Copyright 2018, Palo Alto Networks. 181 | 182 |

183 |
184 | Built with Sphinx using a theme provided by Read the Docs. 185 | 186 |
187 | 188 |
189 |
190 | 191 |
192 | 193 |
194 | 195 | 196 | 197 | 198 | 199 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 228 | 229 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/cft_code/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PaloAltoNetworks/aws-elb-autoscaling/6aa6bbfdcd1eed31ed44a165c17e6c6cee38b82d/Version-2.0/lambda-docs/cft_code/__init__.py -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/cft_code/dnslib/bimap.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | Bimap - bidirectional mapping between code/value 5 | """ 6 | 7 | class BimapError(Exception): 8 | pass 9 | 10 | class Bimap(object): 11 | 12 | """ 13 | Bi-directional mapping between code/text. 14 | 15 | Initialised using: 16 | 17 | name: Used for exceptions 18 | dict: Dict mapping from code (numeric) to text 19 | error: Error type to raise if key not found 20 | 21 | The class provides: 22 | 23 | * A 'forward' map (code->text) which is accessed through 24 | __getitem__ (bimap[code]) 25 | * A 'reverse' map (code>value) which is accessed through 26 | __getattr__ (bimap.text) 27 | * A 'get' method which does a forward lookup (code->text) 28 | and returns a textual version of code if there is no 29 | explicit mapping (or default provided) 30 | 31 | >>> class TestError(Exception): 32 | ... pass 33 | 34 | >>> TEST = Bimap('TEST',{1:'A', 2:'B', 3:'C'},TestError) 35 | >>> TEST[1] 36 | 'A' 37 | >>> TEST.A 38 | 1 39 | >>> TEST.X 40 | Traceback (most recent call last): 41 | ... 42 | TestError: TEST: Invalid reverse lookup: [X] 43 | >>> TEST[99] 44 | Traceback (most recent call last): 45 | ... 46 | TestError: TEST: Invalid forward lookup: [99] 47 | >>> TEST.get(99) 48 | '99' 49 | 50 | """ 51 | 52 | def __init__(self,name,forward,error=KeyError): 53 | self.name = name 54 | self.error = error 55 | self.forward = forward.copy() 56 | self.reverse = dict([(v,k) for (k,v) in list(forward.items())]) 57 | 58 | def get(self,k,default=None): 59 | try: 60 | return self.forward[k] 61 | except KeyError as e: 62 | return default or str(k) 63 | 64 | def __getitem__(self,k): 65 | try: 66 | return self.forward[k] 67 | except KeyError as e: 68 | raise self.error("%s: Invalid forward lookup: [%s]" % (self.name,k)) 69 | 70 | def __getattr__(self,k): 71 | try: 72 | return self.reverse[k] 73 | except KeyError as e: 74 | raise self.error("%s: Invalid reverse lookup: [%s]" % (self.name,k)) 75 | 76 | if __name__ == '__main__': 77 | import doctest 78 | doctest.testmod() 79 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/cft_code/dnslib/bit.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | Some basic bit mainpulation utilities 5 | """ 6 | from __future__ import print_function 7 | 8 | FILTER = bytearray([ (i < 32 or i > 127) and 46 or i for i in range(256) ]) 9 | 10 | def hexdump(src, length=16, prefix=''): 11 | """ 12 | Print hexdump of string 13 | 14 | >>> print(hexdump(b"abcd" * 4)) 15 | 0000 61 62 63 64 61 62 63 64 61 62 63 64 61 62 63 64 abcdabcd abcdabcd 16 | 17 | >>> print(hexdump(bytearray(range(48)))) 18 | 0000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ........ ........ 19 | 0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ........ ........ 20 | 0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&' ()*+,-./ 21 | 22 | """ 23 | n = 0 24 | left = length // 2 25 | right = length - left 26 | result= [] 27 | src = bytearray(src) 28 | while src: 29 | s,src = src[:length],src[length:] 30 | l,r = s[:left],s[left:] 31 | hexa = "%-*s" % (left*3,' '.join(["%02x"%x for x in l])) 32 | hexb = "%-*s" % (right*3,' '.join(["%02x"%x for x in r])) 33 | lf = l.translate(FILTER) 34 | rf = r.translate(FILTER) 35 | result.append("%s%04x %s %s %s %s" % (prefix, n, hexa, hexb, 36 | lf.decode(), rf.decode())) 37 | n += length 38 | return "\n".join(result) 39 | 40 | def get_bits(data,offset,bits=1): 41 | """ 42 | Get specified bits from integer 43 | 44 | >>> bin(get_bits(0b0011100,2)) 45 | '0b1' 46 | >>> bin(get_bits(0b0011100,0,4)) 47 | '0b1100' 48 | 49 | """ 50 | mask = ((1 << bits) - 1) << offset 51 | return (data & mask) >> offset 52 | 53 | def set_bits(data,value,offset,bits=1): 54 | """ 55 | Set specified bits in integer 56 | 57 | >>> bin(set_bits(0,0b1010,0,4)) 58 | '0b1010' 59 | >>> bin(set_bits(0,0b1010,3,4)) 60 | '0b1010000' 61 | """ 62 | mask = ((1 << bits) - 1) << offset 63 | clear = 0xffff ^ mask 64 | data = (data & clear) | ((value << offset) & mask) 65 | return data 66 | 67 | def binary(n,count=16,reverse=False): 68 | """ 69 | Display n in binary (only difference from built-in `bin` is 70 | that this function returns a fixed width string and can 71 | optionally be reversed 72 | 73 | >>> binary(6789) 74 | '0001101010000101' 75 | >>> binary(6789,8) 76 | '10000101' 77 | >>> binary(6789,reverse=True) 78 | '1010000101011000' 79 | 80 | """ 81 | bits = [str((n >> y) & 1) for y in range(count-1, -1, -1)] 82 | if reverse: 83 | bits.reverse() 84 | return "".join(bits) 85 | 86 | if __name__ == '__main__': 87 | import doctest 88 | doctest.testmod() 89 | 90 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/cft_code/dnslib/buffer.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | Buffer - simple data buffer 5 | """ 6 | 7 | import binascii,struct 8 | 9 | class BufferError(Exception): 10 | pass 11 | 12 | class Buffer(object): 13 | 14 | """ 15 | A simple data buffer - supports packing/unpacking in struct format 16 | 17 | # Needed for Python 2/3 doctest compatibility 18 | >>> def p(s): 19 | ... if not isinstance(s,str): 20 | ... return s.decode() 21 | ... return s 22 | 23 | >>> b = Buffer() 24 | >>> b.pack("!BHI",1,2,3) 25 | >>> b.offset 26 | 7 27 | >>> b.append(b"0123456789") 28 | >>> b.offset 29 | 17 30 | >>> p(b.hex()) 31 | '0100020000000330313233343536373839' 32 | >>> b.offset = 0 33 | >>> b.unpack("!BHI") 34 | (1, 2, 3) 35 | >>> bytearray(b.get(5)) 36 | bytearray(b'01234') 37 | >>> bytearray(b.get(5)) 38 | bytearray(b'56789') 39 | >>> b.update(7,"2s",b"xx") 40 | >>> b.offset = 7 41 | >>> bytearray(b.get(5)) 42 | bytearray(b'xx234') 43 | """ 44 | 45 | def __init__(self,data=b''): 46 | """ 47 | Initialise Buffer from data 48 | """ 49 | self.data = bytearray(data) 50 | self.offset = 0 51 | 52 | def remaining(self): 53 | """ 54 | Return bytes remaining 55 | """ 56 | return len(self.data) - self.offset 57 | 58 | def get(self,length): 59 | """ 60 | Gen len bytes at current offset (& increment offset) 61 | """ 62 | if length > self.remaining(): 63 | raise BufferError("Not enough bytes [offset=%d,remaining=%d,requested=%d]" % 64 | (self.offset,self.remaining(),length)) 65 | start = self.offset 66 | end = self.offset + length 67 | self.offset += length 68 | return bytes(self.data[start:end]) 69 | 70 | def hex(self): 71 | """ 72 | Return data as hex string 73 | """ 74 | return binascii.hexlify(self.data) 75 | 76 | def pack(self,fmt,*args): 77 | """ 78 | Pack data at end of data according to fmt (from struct) & increment 79 | offset 80 | """ 81 | self.offset += struct.calcsize(fmt) 82 | self.data += struct.pack(fmt,*args) 83 | 84 | def append(self,s): 85 | """ 86 | Append s to end of data & increment offset 87 | """ 88 | self.offset += len(s) 89 | self.data += s 90 | 91 | def update(self,ptr,fmt,*args): 92 | """ 93 | Modify data at offset `ptr` 94 | """ 95 | s = struct.pack(fmt,*args) 96 | self.data[ptr:ptr+len(s)] = s 97 | 98 | def unpack(self,fmt): 99 | """ 100 | Unpack data at current offset according to fmt (from struct) 101 | """ 102 | try: 103 | data = self.get(struct.calcsize(fmt)) 104 | return struct.unpack(fmt,data) 105 | except struct.error as e: 106 | raise BufferError("Error unpacking struct '%s' <%s>" % 107 | (fmt,binascii.hexlify(data).decode())) 108 | 109 | def __len__(self): 110 | return len(self.data) 111 | 112 | if __name__ == '__main__': 113 | import doctest 114 | doctest.testmod() 115 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/cft_code/dnslib/client.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | DNS Client - DiG-like CLI utility. 5 | 6 | Mostly useful for testing. Can optionally compare results from two 7 | nameservers (--diff) or compare results against DiG (--dig). 8 | 9 | Usage: python -m dnslib.client [options|--help] 10 | 11 | See --help for usage. 12 | """ 13 | 14 | from __future__ import print_function 15 | 16 | try: 17 | from subprocess import getoutput 18 | except ImportError: 19 | from commands import getoutput 20 | 21 | import binascii,code,pprint 22 | 23 | from dnslib.dns import DNSRecord,DNSHeader,DNSQuestion,QTYPE 24 | from dnslib.digparser import DigParser 25 | 26 | if __name__ == '__main__': 27 | 28 | import argparse,sys,time 29 | 30 | p = argparse.ArgumentParser(description="DNS Client") 31 | p.add_argument("--server","-s",default="8.8.8.8", 32 | metavar="", 33 | help="Server address:port (default:8.8.8.8:53) (port is optional)") 34 | p.add_argument("--query",action='store_true',default=False, 35 | help="Show query (default: False)") 36 | p.add_argument("--hex",action='store_true',default=False, 37 | help="Dump packet in hex (default: False)") 38 | p.add_argument("--tcp",action='store_true',default=False, 39 | help="Use TCP (default: UDP)") 40 | p.add_argument("--noretry",action='store_true',default=False, 41 | help="Don't retry query using TCP if truncated (default: false)") 42 | p.add_argument("--diff",default="", 43 | help="Compare response from alternate nameserver (format: address:port / default: false)") 44 | p.add_argument("--dig",action='store_true',default=False, 45 | help="Compare result with DiG - if ---diff also specified use alternative nameserver for DiG request (default: false)") 46 | p.add_argument("--short",action='store_true',default=False, 47 | help="Short output - rdata only (default: false)") 48 | p.add_argument("--debug",action='store_true',default=False, 49 | help="Drop into CLI after request (default: false)") 50 | p.add_argument("domain",metavar="", 51 | help="Query domain") 52 | p.add_argument("qtype",metavar="",default="A",nargs="?", 53 | help="Query type (default: A)") 54 | args = p.parse_args() 55 | 56 | # Construct request 57 | q = DNSRecord(q=DNSQuestion(args.domain,getattr(QTYPE,args.qtype))) 58 | 59 | address,_,port = args.server.partition(':') 60 | port = int(port or 53) 61 | 62 | if args.query: 63 | print(";; Sending%s:" % (" (TCP)" if args.tcp else "")) 64 | if args.hex: 65 | print(";; QUERY:",binascii.hexlify(q.pack()).decode()) 66 | print(q) 67 | print() 68 | 69 | a_pkt = q.send(address,port,tcp=args.tcp) 70 | a = DNSRecord.parse(a_pkt) 71 | 72 | if a.header.tc and args.noretry == False: 73 | # Truncated - retry in TCP mode 74 | a_pkt = q.send(address,port,tcp=True) 75 | a = DNSRecord.parse(a_pkt) 76 | 77 | if args.dig or args.diff: 78 | if args.diff: 79 | address,_,port = args.diff.partition(':') 80 | port = int(port or 53) 81 | 82 | if args.dig: 83 | dig = getoutput("dig +qr -p %d %s %s @%s" % ( 84 | port, args.domain, args.qtype, address)) 85 | dig_reply = list(iter(DigParser(dig))) 86 | # DiG might have retried in TCP mode so get last q/a 87 | q_diff = dig_reply[-2] 88 | a_diff = dig_reply[-1] 89 | else: 90 | q_diff = DNSRecord(header=DNSHeader(id=q.header.id), 91 | q=DNSQuestion(args.domain, 92 | getattr(QTYPE,args.qtype))) 93 | q_diff = q 94 | diff = q_diff.send(address,port,tcp=args.tcp) 95 | a_diff = DNSRecord.parse(diff) 96 | if a_diff.header.tc and args.noretry == False: 97 | diff = q_diff.send(address,port,tcp=True) 98 | a_diff = DNSRecord.parse(diff) 99 | 100 | if args.short: 101 | print(a.short()) 102 | else: 103 | print(";; Got answer:") 104 | if args.hex: 105 | print(";; RESPONSE:",binascii.hexlify(a_pkt).decode()) 106 | if args.diff and not args.dig: 107 | print(";; DIFF :",binascii.hexlify(diff).decode()) 108 | print(a) 109 | print() 110 | 111 | if args.dig or args.diff: 112 | if q != q_diff: 113 | print(";;; ERROR: Diff Question differs") 114 | for (d1,d2) in q.diff(q_diff): 115 | if d1: 116 | print(";; - %s" % d1) 117 | if d2: 118 | print(";; + %s" % d2) 119 | if a != a_diff: 120 | print(";;; ERROR: Diff Response differs") 121 | for (d1,d2) in a.diff(a_diff): 122 | if d1: 123 | print(";; - %s" % d1) 124 | if d2: 125 | print(";; + %s" % d2) 126 | 127 | if args.debug: 128 | code.interact(local=locals()) 129 | 130 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/cft_code/dnslib/fixedresolver.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | FixedResolver - example resolver which responds with fixed response 5 | to all requests 6 | """ 7 | 8 | from __future__ import print_function 9 | 10 | import copy 11 | 12 | from dnslib import RR 13 | from dnslib.server import DNSServer,DNSHandler,BaseResolver,DNSLogger 14 | 15 | class FixedResolver(BaseResolver): 16 | """ 17 | Respond with fixed response to all requests 18 | """ 19 | def __init__(self,zone): 20 | # Parse RRs 21 | self.rrs = RR.fromZone(zone) 22 | 23 | def resolve(self,request,handler): 24 | reply = request.reply() 25 | qname = request.q.qname 26 | # Replace labels with request label 27 | for rr in self.rrs: 28 | a = copy.copy(rr) 29 | a.rname = qname 30 | reply.add_answer(a) 31 | return reply 32 | 33 | if __name__ == '__main__': 34 | 35 | import argparse,sys,time 36 | 37 | p = argparse.ArgumentParser(description="Fixed DNS Resolver") 38 | p.add_argument("--response","-r",default=". 60 IN A 127.0.0.1", 39 | metavar="", 40 | help="DNS response (zone format) (default: 127.0.0.1)") 41 | p.add_argument("--zonefile","-f", 42 | metavar="", 43 | help="DNS response (zone file, '-' for stdin)") 44 | p.add_argument("--port","-p",type=int,default=53, 45 | metavar="", 46 | help="Server port (default:53)") 47 | p.add_argument("--address","-a",default="", 48 | metavar="
", 49 | help="Listen address (default:all)") 50 | p.add_argument("--udplen","-u",type=int,default=0, 51 | metavar="", 52 | help="Max UDP packet length (default:0)") 53 | p.add_argument("--tcp",action='store_true',default=False, 54 | help="TCP server (default: UDP only)") 55 | p.add_argument("--log",default="request,reply,truncated,error", 56 | help="Log hooks to enable (default: +request,+reply,+truncated,+error,-recv,-send,-data)") 57 | p.add_argument("--log-prefix",action='store_true',default=False, 58 | help="Log prefix (timestamp/handler/resolver) (default: False)") 59 | args = p.parse_args() 60 | 61 | if args.zonefile: 62 | if args.zonefile == '-': 63 | args.response = sys.stdin 64 | else: 65 | args.response = open(args.zonefile) 66 | 67 | resolver = FixedResolver(args.response) 68 | logger = DNSLogger(args.log,args.log_prefix) 69 | 70 | print("Starting Fixed Resolver (%s:%d) [%s]" % ( 71 | args.address or "*", 72 | args.port, 73 | "UDP/TCP" if args.tcp else "UDP")) 74 | 75 | for rr in resolver.rrs: 76 | print(" | ",rr.toZone().strip(),sep="") 77 | print() 78 | 79 | if args.udplen: 80 | DNSHandler.udplen = args.udplen 81 | 82 | udp_server = DNSServer(resolver, 83 | port=args.port, 84 | address=args.address, 85 | logger=logger) 86 | udp_server.start_thread() 87 | 88 | if args.tcp: 89 | tcp_server = DNSServer(resolver, 90 | port=args.port, 91 | address=args.address, 92 | tcp=True, 93 | logger=logger) 94 | tcp_server.start_thread() 95 | 96 | while udp_server.isAlive(): 97 | time.sleep(1) 98 | 99 | -------------------------------------------------------------------------------- /Version-2.0/lambda-docs/cft_code/dnslib/intercept.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | InterceptResolver - proxy requests to upstream server 5 | (optionally intercepting) 6 | 7 | """ 8 | from __future__ import print_function 9 | 10 | import binascii,copy,socket,struct,sys 11 | 12 | from dnslib import DNSRecord,RR,QTYPE,RCODE,parse_time 13 | from dnslib.server import DNSServer,DNSHandler,BaseResolver,DNSLogger 14 | from dnslib.label import DNSLabel 15 | 16 | class InterceptResolver(BaseResolver): 17 | 18 | """ 19 | Intercepting resolver 20 | 21 | Proxy requests to upstream server optionally intercepting requests 22 | matching local records 23 | """ 24 | 25 | def __init__(self,address,port,ttl,intercept,skip,nxdomain,timeout=0): 26 | """ 27 | address/port - upstream server 28 | ttl - default ttl for intercept records 29 | intercept - list of wildcard RRs to respond to (zone format) 30 | skip - list of wildcard labels to skip 31 | nxdomain - list of wildcard labels to retudn NXDOMAIN 32 | timeout - timeout for upstream server 33 | """ 34 | self.address = address 35 | self.port = port 36 | self.ttl = parse_time(ttl) 37 | self.skip = skip 38 | self.nxdomain = nxdomain 39 | self.timeout = timeout 40 | self.zone = [] 41 | for i in intercept: 42 | if i == '-': 43 | i = sys.stdin.read() 44 | for rr in RR.fromZone(i,ttl=self.ttl): 45 | self.zone.append((rr.rname,QTYPE[rr.rtype],rr)) 46 | 47 | def resolve(self,request,handler): 48 | reply = request.reply() 49 | qname = request.q.qname 50 | qtype = QTYPE[request.q.qtype] 51 | # Try to resolve locally unless on skip list 52 | if not any([qname.matchGlob(s) for s in self.skip]): 53 | for name,rtype,rr in self.zone: 54 | if qname.matchGlob(name) and (qtype in (rtype,'ANY','CNAME')): 55 | a = copy.copy(rr) 56 | a.rname = qname 57 | reply.add_answer(a) 58 | # Check for NXDOMAIN 59 | if any([qname.matchGlob(s) for s in self.nxdomain]): 60 | reply.header.rcode = getattr(RCODE,'NXDOMAIN') 61 | return reply 62 | # Otherwise proxy 63 | if not reply.rr: 64 | try: 65 | if handler.protocol == 'udp': 66 | proxy_r = request.send(self.address,self.port, 67 | timeout=self.timeout) 68 | else: 69 | proxy_r = request.send(self.address,self.port, 70 | tcp=True,timeout=self.timeout) 71 | reply = DNSRecord.parse(proxy_r) 72 | except socket.timeout: 73 | reply.header.rcode = getattr(RCODE,'NXDOMAIN') 74 | 75 | return reply 76 | 77 | if __name__ == '__main__': 78 | 79 | import argparse,sys,time 80 | 81 | p = argparse.ArgumentParser(description="DNS Intercept Proxy") 82 | p.add_argument("--port","-p",type=int,default=53, 83 | metavar="", 84 | help="Local proxy port (default:53)") 85 | p.add_argument("--address","-a",default="", 86 | metavar="
", 87 | help="Local proxy listen address (default:all)") 88 | p.add_argument("--upstream","-u",default="8.8.8.8:53", 89 | metavar="", 90 | help="Upstream DNS server:port (default:8.8.8.8:53)") 91 | p.add_argument("--tcp",action='store_true',default=False, 92 | help="TCP proxy (default: UDP only)") 93 | p.add_argument("--intercept","-i",action="append", 94 | metavar="", 95 | help="Intercept requests matching zone record (glob) ('-' for stdin)") 96 | p.add_argument("--skip","-s",action="append", 97 | metavar="