Splunk
/
FredsHoneyPot


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
							{% import 'variables.include' as var %}

###################
# Splunk_Server Instance
resource "aws_instance" "splunk-hp" {
  ami = "${data.aws_ami.ubuntu.id}"
#  ami = "${data.aws_ami.centos7.id}"
  instance_type = "${var.Splunk-Instance-Type}"
  availability_zone = "${data.aws_availability_zones.available.names[0]}"
  subnet_id = "${aws_subnet.subnet_Splunk.id}"
  private_ip = "${var.Splunk-IP}"
  ebs_optimized = "${var.EBS-Optimized}"
  disable_api_termination = false
  associate_public_ip_address = true
  instance_initiated_shutdown_behavior = "terminate"
  key_name = "${var.AWS-Key-Pair-Name}"
  vpc_security_group_ids = ["${aws_security_group.sg_splunk_secured_access.id}"]
  depends_on    = ["aws_internet_gateway.gw_primary"]

  tags {
    Name = "splunk-hp"
  }

  root_block_device {
    volume_type = "${ var.Default-Volume-Type }"
    volume_size = "${ var.Splunk-Volume-Size }" # Gigabytes
    delete_on_termination = true
  }

  ebs_block_device {
    device_name = "/dev/sdd"
    volume_size = "${var.Swap-Volume-Size}"
    volume_type = "${var.Swap-Volume-Type}"
    delete_on_termination = true
  }

  user_data = <<EOF
#cloud-config
package_update: true
package_upgrade: true
packages:
  - git
  - vim
  - wget
  - curl
  - tcpdump
  - python
  - iptables-persistent
runcmd:
  - mkswap /dev/xvdd
  - swapon -a
  - git clone https://github.com/fdamstra/python_multithreaded_socket_logger.git /opt/multithreaded_socket_logger
  - bash /opt/multithreaded_socket_logger/splunkserver_init.sh
mounts:
  - [ xvdd, none, swap, sw, 0, 0 ]
growpart:
  mode: auto
  devices: ['/']
  ignore_growroot_disabled: false
power_state:
  mode: "reboot"
  message: "Rebooting after first init."
  condition: True
EOF
# To reboot, add the following above the EOF line:
# power_state:
#   delay: "+10"
#   mode: "reboot"
#   message: "Rebooting after first init."
#   condition: True

  # Fix issues with cached keys. Arguably less secure, but also way less annoying
  provisioner "local-exec" {
    command = "ssh-keygen -f ~/.ssh/known_hosts -R splunk-hp.lab.${var.Domain-Name}"
  }
}

# Give me the IP Addresses
output "splunk-hp_ip" {
    value = "${aws_instance.splunk-hp.public_ip}"
}

# Give me DNS entries
resource "aws_route53_record" "splunk-hp" {
  zone_id = "${var.Domain-Zone-ID}"
  name = "splunk-hp.lab.${var.Domain-Name}"
  type = "A"
  ttl = "300"
  records = ["${aws_instance.splunk-hp.public_ip}"]
}
resource "aws_route53_record" "splunk-hp_pvt" {
  zone_id = "${var.Domain-Zone-ID}"
  name = "splunk-hp_pvt.lab.${var.Domain-Name}"
  type = "A"
  ttl = "300"
  records = ["${aws_instance.splunk-hp.private_ip}"]
}
output "splunk-hp_dns" {
  value = "${aws_route53_record.splunk-hp.name}"
}