Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -642,6 +642,14 @@ The following table lists the _latest_ DSF Kit releases, their release date and
<br/>2. Added optional DNS CNAME support for AWS POC examples (dsf_deployment, sonar_basic_deployment, sonar_hadr_deployment). When configured, creates friendly DNS names for public-facing instances via Route53 cross-account. Set the 'dns_zone_domain' and optionally 'dns_route53_role_arn' and 'dns_route53_zone_id' variables to enable it. Disabled by default.
</td>
</tr>
<tr>
<td>TBD
</td>
<td>1.7.36</td>
<td>
AWS EBS volumes are now encrypted by default. To opt out, set 'encrypted = false' in the relevant '*_ebs_details' / 'ebs' variable.
</td>
</tr>

</table>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -302,12 +302,14 @@ variable "hub_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "DSF Hub compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 250
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand All @@ -316,12 +318,14 @@ variable "agentless_gw_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "DSF Agentless Gateway compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 150
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand Down Expand Up @@ -492,23 +496,27 @@ variable "mx_ebs_details" {
type = object({
volume_size = number
volume_type = string
encrypted = optional(bool, true)
})
description = "MX compute instance volume attributes"
default = {
volume_size = 160
volume_type = "gp2"
encrypted = true
}
}

variable "agent_gw_ebs_details" {
type = object({
volume_size = number
volume_type = string
encrypted = optional(bool, true)
})
description = "Agent Gateway compute instance volume attributes"
default = {
volume_size = 160
volume_type = "gp2"
encrypted = true
}
}

Expand Down Expand Up @@ -584,23 +592,27 @@ variable "dra_admin_ebs_details" {
type = object({
volume_size = number
volume_type = string
encrypted = optional(bool, true)
})
description = "DRA Admin compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.11-data-risk-analytics-installation-guide/page/69846.htm"
default = {
volume_size = 260
volume_type = "gp3"
encrypted = true
}
}

variable "dra_analytics_ebs_details" {
type = object({
volume_size = number
volume_type = string
encrypted = optional(bool, true)
})
description = "DRA Analytics compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.11-data-risk-analytics-installation-guide/page/69846.htm"
default = {
volume_size = 1010
volume_type = "gp3"
encrypted = true
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,12 +172,14 @@ variable "hub_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "DSF Hub compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 500
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand All @@ -186,12 +188,14 @@ variable "agentless_gw_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "Agentless Gateway compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 150
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -119,12 +119,14 @@ variable "hub_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "DSF Hub compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 500
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand All @@ -133,12 +135,14 @@ variable "agentless_gw_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "Agentless Gateway compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 150
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand Down
4 changes: 2 additions & 2 deletions examples/aws/poc/dsf_deployment/cm.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ locals {
}

module "ciphertrust_manager" {
source = "imperva/dsf-ciphertrust-manager/aws"
version = "1.7.35" # latest release tag
source = "imperva/dsf-ciphertrust-manager/aws"
version = "1.7.35" # latest release tag
count = local.ciphertrust_manager_count
ciphertrust_manager_version = var.ciphertrust_manager_version
ami = var.ciphertrust_manager_ami_id == null ? null : {
Expand Down
16 changes: 16 additions & 0 deletions examples/aws/poc/dsf_deployment/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -199,23 +199,27 @@ variable "mx_ebs_details" {
type = object({
volume_size = number
volume_type = string
encrypted = optional(bool, true)
})
description = "MX compute instance volume attributes"
default = {
volume_size = 160
volume_type = "gp2"
encrypted = true
}
}

variable "agent_gw_ebs_details" {
type = object({
volume_size = number
volume_type = string
encrypted = optional(bool, true)
})
description = "Agent Gateway compute instance volume attributes"
default = {
volume_size = 160
volume_type = "gp2"
encrypted = true
}
}

Expand Down Expand Up @@ -300,11 +304,13 @@ variable "hub_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
default = {
disk_size = 250
provisioned_iops = 0
throughput = 125
encrypted = true
}
description = "DSF Hub compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
}
Expand All @@ -314,11 +320,13 @@ variable "agentless_gw_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
default = {
disk_size = 150
provisioned_iops = 0
throughput = 125
encrypted = true
}
description = "DSF Agentless Gateway compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
}
Expand Down Expand Up @@ -358,23 +366,27 @@ variable "dra_admin_ebs_details" {
type = object({
volume_size = number
volume_type = string
encrypted = optional(bool, true)
})
description = "DRA Admin compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.11-data-risk-analytics-installation-guide/page/69846.htm"
default = {
volume_size = 260
volume_type = "gp3"
encrypted = true
}
}

variable "dra_analytics_ebs_details" {
type = object({
volume_size = number
volume_type = string
encrypted = optional(bool, true)
})
description = "DRA Analytics compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.11-data-risk-analytics-installation-guide/page/69846.htm"
default = {
volume_size = 1010
volume_type = "gp3"
encrypted = true
}
}

Expand Down Expand Up @@ -407,12 +419,14 @@ variable "ciphertrust_manager_ebs_details" {
volume_size = number
volume_type = string
iops = number
encrypted = optional(bool, true)
})
description = "CipherTrust Manager compute instance volume attributes"
default = {
volume_size = 300
volume_type = "gp3"
iops = 3000
encrypted = true
}
}

Expand All @@ -421,12 +435,14 @@ variable "cte_ddc_agent_ebs_details" {
volume_size = number
volume_type = string
iops = number
encrypted = optional(bool, true)
})
description = "CTE and/or DDC agent compute instance volume attributes"
default = {
volume_size = 30
volume_type = "gp3"
iops = 3000
encrypted = true
}
}

Expand Down
4 changes: 4 additions & 0 deletions examples/aws/poc/sonar_basic_deployment/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -109,12 +109,14 @@ variable "hub_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "DSF Hub compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 250
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand All @@ -123,12 +125,14 @@ variable "agentless_gw_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "DSF Agentless Gateway compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 150
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand Down
4 changes: 4 additions & 0 deletions examples/aws/poc/sonar_hadr_deployment/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -147,12 +147,14 @@ variable "hub_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "DSF Hub compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 500
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand All @@ -161,12 +163,14 @@ variable "agentless_gw_ebs_details" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "DSF Agentless Gateway compute instance volume attributes. More info in sizing doc - https://docs.imperva.com/bundle/v4.10-sonar-installation-and-setup-guide/page/78729.htm"
default = {
disk_size = 150
provisioned_iops = 0
throughput = 125
encrypted = true
}
}

Expand Down
4 changes: 3 additions & 1 deletion modules/aws/agent-gw/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -90,11 +90,13 @@ variable "ebs" {
type = object({
volume_size = number
volume_type = string
encrypted = optional(bool, true)
})
description = "Compute instance volume attributes for the Agentless Gateway"
description = "Compute instance volume attributes for the Agent Gateway. The root EBS volume is encrypted by default (using the account default EBS KMS key). Set 'encrypted' to false to opt out."
default = {
volume_size = 160
volume_type = "gp2"
encrypted = true
}
}

Expand Down
3 changes: 2 additions & 1 deletion modules/aws/agentless-gw/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ The following input variables are **required**:
* `subnet_id`: The ID of the subnet in which to launch the Agentless Gateway instance
* `ssh_key_pair`: AWS key pair name and path for ssh connectivity
* `password`: Initial password for all users
* `ebs`: AWS EBS details
* `ebs`: AWS EBS details. Includes an optional `encrypted` field (defaults to `true`); the root and external EBS volumes are encrypted by default using the account default EBS KMS key. Set to `false` to opt out
* `binaries_location`: S3 DSF installation location
* `hub_sonarw_public_key`: Public key of the sonarw user taken from the main DSF Hub output
* `allowed_hub_cidrs`: List of ingress CIDR patterns allowing other hubs to access the DSF hub instance
Expand Down Expand Up @@ -78,6 +78,7 @@ module "dsf_agentless_gw" {
disk_size = 150
provisioned_iops = 0
throughput = 125
encrypted = true # set to false to opt out of encrypting root + external EBS volumes
}
binaries_location = {
s3_bucket = "my_S3_bucket"
Expand Down
3 changes: 2 additions & 1 deletion modules/aws/agentless-gw/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 +116,9 @@ variable "ebs" {
disk_size = number
provisioned_iops = number
throughput = number
encrypted = optional(bool, true)
})
description = "Compute instance volume attributes"
description = "Compute instance volume attributes. Both the root and external EBS volumes are encrypted by default (using the account default EBS KMS key). Set 'encrypted' to false to opt out."
}

variable "ingress_communication_via_proxy" {
Expand Down
Loading
Loading