Minor updates for Ubuntu

base/proxy_server/main.tf

@@ -103,7 +103,7 @@ resource "aws_instance" "instance" {
   ebs_block_device {
     # /var/log
     device_name = "/dev/xvdq"
-    # volume_size = xx
+    volume_size = 30
     delete_on_termination = true
     encrypted = true
     kms_key_id = data.aws_kms_key.ebs-key.arn

base/vmray_instances/cloud-init/cloud-init.tpl

@@ -93,6 +93,9 @@ runcmd:
  - /usr/share/ubuntu-scap-security-guides/cis-hardening/Canonical_Ubuntu_20.04_CIS-harden.sh lvl2_server
  - apt update 
  - apt upgrade -y
+ - apt install -y firewalld
+ - /bin/systemctl start firewalld
+ - /bin/systemctl enable firewalld
  - /bin/systemctl restart salt-minion
  - /bin/systemctl enable salt-minion
  - /bin/systemctl start snap.amazon-ssm-agent.amazon-ssm-agent.service

base/vmray_instances/security-groups.tf

@@ -20,24 +20,24 @@ resource "aws_security_group_rule" "vmray_server_https_in" {
   security_group_id = aws_security_group.vmray_server_sg.id
 }
 
-# Proxy? Ubuntu doesn't have it configured yet
-resource "aws_security_group_rule" "vmray_server_http_out" {
-  type              = "egress"
-  from_port         = 80
-  to_port           = 80
-  protocol          = "tcp"
-  cidr_blocks       = [ "0.0.0.0/0" ]
-  security_group_id = aws_security_group.vmray_server_sg.id
-}
-
-resource "aws_security_group_rule" "vmray_server_https_out" {
-  type              = "egress"
-  from_port         = 443
-  to_port           = 443
-  protocol          = "tcp"
-  cidr_blocks       = [ "0.0.0.0/0" ]
-  security_group_id = aws_security_group.vmray_server_sg.id
-}
+## Proxy - Ubuntu Advantage doesn't appear to respect it
+#resource "aws_security_group_rule" "vmray_server_http_out" {
+#  type              = "egress"
+#  from_port         = 80
+#  to_port           = 80
+#  protocol          = "tcp"
+#  cidr_blocks       = [ "0.0.0.0/0" ]
+#  security_group_id = aws_security_group.vmray_server_sg.id
+#}
+#
+#resource "aws_security_group_rule" "vmray_server_https_out" {
+#  type              = "egress"
+#  from_port         = 443
+#  to_port           = 443
+#  protocol          = "tcp"
+#  cidr_blocks       = [ "0.0.0.0/0" ]
+#  security_group_id = aws_security_group.vmray_server_sg.id
+#}
 
 resource "aws_security_group_rule" "vmray_server_vnc_to_workers" {
   type              = "egress"