AWSTemplateFormatVersion: "2010-09-09" Description: Deploys Nubeva SKI & Open-Source Tools in a new VPC (qs-1qsdipn35). Metadata: QuickStartDocumentation: EntrypointName: "Parameters for launching into a new VPC" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: VPC network configuration Parameters: - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - RemoteAccessCIDR - BastionAMIOS - BastionInstanceType - Label: default: Nubeva configuration Parameters: - APIKey - ArkimeInstall - WiresharkInstall - SuricataInstall - ZeekInstall - ClientInstall - ToolAdmin - ToolPassword - AddESRole - Label: default: Auto Scaling group configuration Parameters: - KeyPairName - NodeInstanceType - NumberOfNodes - MaximumNodes - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: ArkimeInstall: default: Install Arkime ASG WiresharkInstall: default: Install Wireshark ASG SuricataInstall: default: Install Suricata ASG ZeekInstall: default: Install Zeek ASG ClientInstall: default: Install TLS generation clients AddESRole: default: Install Elasticsearch Service Linked Role ToolAdmin: default: Administrator name ToolPassword: default: Administrator password AvailabilityZones: default: Availability Zones APIKey: default: Nubeva token KeyPairName: default: SSH key name PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket Region QSS3KeyPrefix: default: Quick Start S3 key prefix RemoteAccessCIDR: default: Allowed external access CIDR BastionAMIOS: default: Bastion AMI operating system BastionInstanceType: default: Bastion instance type VPCCIDR: default: VPC CIDR NodeInstanceType: default: Tool instance type NumberOfNodes: default: Desired nodes per tool MaximumNodes: default: Maximum nodes per tool Parameters: ArkimeInstall: Default: true AllowedValues: - true - false Description: Choose to install Arkime. Type: String WiresharkInstall: Default: true AllowedValues: - true - false Description: Choose to install Wireshark. Type: String SuricataInstall: Default: true AllowedValues: - true - false Description: Choose to install Suricata. Type: String ZeekInstall: Default: true AllowedValues: - true - false Description: Choose to install Zeek. Type: String ClientInstall: Default: true AllowedValues: - true - false Description: Choose to install TLS generation clients. Type: String AddESRole: Default: false AllowedValues: - true - false Description: Choose to install Elasticsearch Service linked role. Type: String ToolAdmin: Description: User name associated with the administrator account for the created tools. Type: String Default: tooladmin MinLength: 4 MaxLength: 16 AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" ConstraintDescription: Name must begin with a letter and contain only 4-16 alphanumeric characters. ToolPassword: Description: Password contains 8-32 alphanumeric characters. NoEcho: true Type: String MinLength: 8 MaxLength: 32 AllowedPattern: "[a-zA-Z0-9]*" ConstraintDescription: Password must contain between 8 and 32 alphanumeric characters. BastionAMIOS: AllowedValues: - Amazon-Linux2-HVM #restricting choice to fix bug # - CentOS-7-HVM # - Ubuntu-Server-14.04-LTS-HVM # - Ubuntu-Server-16.04-LTS-HVM Default: Amazon-Linux2-HVM Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. Type: String BastionInstanceType: AllowedValues: - t3.nano - t3.micro - t3.small - t3.medium - t3.large - m5.large - m5.xlarge - m5.2xlarge Default: t3.small Description: Amazon EC2 instance type for the bastion instances. Type: String AvailabilityZones: Description: List of Availability Zones to use for the subnets in the VPC. Two Availability Zones are used for this deployment. Type: List KeyPairName: Description: Name of an existing key pair, which allows you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.16.0/20 Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.32.0/20 Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.48.0/20 Description: CIDR block for the public (DMZ) subnet 1 located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.64.0/20 Description: CIDR block for the public (DMZ) subnet 2 located in Availability Zone 2. Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.' Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). The prefix should end with a forward slash (/). Default: quickstart-nubeva-tlsdecrypt/ Description: S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String RemoteAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x. Description: CIDR IP range that is permitted to access the instances. Set this value to a trusted IP range. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String NodeInstanceType: Default: m5.large AllowedValues: - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5.12xlarge - m5.24xlarge - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge - c5.9xlarge - i3.large - i3.xlarge - i3.2xlarge - i3.4xlarge - i3.8xlarge - i3.16xlarge - r5.large - r5.xlarge - r5.2xlarge - r5.4xlarge - r5.12xlarge - r5.24xlarge ConstraintDescription: Value must be a valid EC2 instance type. Description: Type of EC2 instance for the node instances. Type: String NumberOfNodes: Default: 1 Description: Number of EC2 instance nodes in each Auto Scaling group. Type: Number MaximumNodes: Default: 6 Description: Maximum number of EC2 instance nodes in each Auto Scaling group. Type: String APIKey: Description: Token for your Nubeva account. Type: String Conditions: UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join - ',' - !Ref AvailabilityZones NumberOfAZs: '2' PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR VPCCIDR: !Ref VPCCIDR BastionStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: BastionAMIOS: Ref: BastionAMIOS BastionInstanceType: Ref: BastionInstanceType KeyPairName: Ref: KeyPairName PublicSubnet1ID: Fn::GetAtt: - VPCStack - Outputs.PublicSubnet1ID PublicSubnet2ID: Fn::GetAtt: - VPCStack - Outputs.PublicSubnet2ID QSS3BucketName: Ref: QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: Fn::Sub: ${QSS3KeyPrefix}submodules/quickstart-linux-bastion/ RemoteAccessCIDR: Ref: RemoteAccessCIDR VPCID: Fn::GetAtt: - VPCStack - Outputs.VPCID NubevaStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/nubeva-existing-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: KeyPairName: !Ref KeyPairName PrivateSubnet1ID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID PrivateSubnet2ID: !GetAtt VPCStack.Outputs.PrivateSubnet2AID NumberOfNodes: !Ref NumberOfNodes MaximumNodes: !Ref MaximumNodes NodeInstanceType: !Ref NodeInstanceType RemoteAccessCIDR: !Ref RemoteAccessCIDR VPCID: !GetAtt VPCStack.Outputs.VPCID VPCCIDR: !Ref VPCCIDR APIKey: !Ref APIKey ArkimeInstall: !Ref ArkimeInstall WiresharkInstall: !Ref WiresharkInstall SuricataInstall: !Ref SuricataInstall ZeekInstall: !Ref ZeekInstall QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref QSS3KeyPrefix ToolAdmin: !Ref ToolAdmin ToolPassword: !Ref ToolPassword ClientInstall: !Ref ClientInstall AddESRole: !Ref AddESRole