Splunk
/
FredsHoneyPot


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
							{% import 'variables.include' as var %}

###################
# Splunk_Server Instance
resource "aws_instance" "splunk-hp" {
  ami = data.aws_ami.ubuntu.id
#  ami = data.aws_ami.centos7.id
  instance_type = var.Splunk-Instance-Type
  availability_zone = data.aws_availability_zones.available.names[0]
  subnet_id = aws_subnet.subnet_Splunk.id
  private_ip = var.Splunk-IP
  ebs_optimized = var.EBS-Optimized
  disable_api_termination = false
  associate_public_ip_address = true
  instance_initiated_shutdown_behavior = "terminate"
  key_name = var.AWS-Key-Pair-Name
  vpc_security_group_ids = [aws_security_group.sg_splunk_secured_access.id]
  depends_on    = [aws_internet_gateway.gw_primary]

  tags = {
    Name = "splunk-hp"
  }

  root_block_device {
    volume_type =  var.Default-Volume-Type
    volume_size =  var.Splunk-Volume-Size # Gigabytes
    delete_on_termination = true
  }

  ebs_block_device {
    device_name = "/dev/sdd"
    volume_size = var.Swap-Volume-Size
    volume_type = var.Swap-Volume-Type
    delete_on_termination = true
  }

  user_data = <<EOF
#cloud-config
package_update: true
package_upgrade: true
packages:
  - git
  - vim
  - wget
  - curl
  - tcpdump
  - python
  - iptables-persistent
runcmd:
  - mkswap /dev/xvdd
  - swapon -a
  - git clone https://github.com/fdamstra/python_multithreaded_socket_logger.git /opt/multithreaded_socket_logger
  - bash /opt/multithreaded_socket_logger/splunkserver_init.sh
mounts:
  - [ xvdd, none, swap, sw, 0, 0 ]
growpart:
  mode: auto
  devices: ['/']
  ignore_growroot_disabled: false
power_state:
  mode: "reboot"
  message: "Rebooting after first init."
  condition: True
EOF
# To reboot, add the following above the EOF line:
# power_state:
#   delay: "+10"
#   mode: "reboot"
#   message: "Rebooting after first init."
#   condition: True

  # Fix issues with cached keys. Arguably less secure, but also way less annoying
  provisioner "local-exec" {
    command = "ssh-keygen -f ~/.ssh/known_hosts -R splunk-hp.lab.${var.Domain-Name}"
  }
}

# Give me the IP Addresses
output "splunk-hp_ip" {
    value = aws_instance.splunk-hp.public_ip
}

# Give me DNS entries
resource "aws_route53_record" "splunk-hp" {
  zone_id = var.Domain-Zone-ID
  name = "splunk-hp.lab.${var.Domain-Name}"
  type = "A"
  ttl = "300"
  records = [aws_instance.splunk-hp.public_ip]
}
resource "aws_route53_record" "splunk-hp_pvt" {
  zone_id = var.Domain-Zone-ID
  name = "splunk-hp_pvt.lab.${var.Domain-Name}"
  type = "A"
  ttl = "300"
  records = [aws_instance.splunk-hp.private_ip]
}
output "splunk-hp_dns" {
  value = aws_route53_record.splunk-hp.name
}