diff --git a/aws/templates/asg/autoscale.yaml b/aws/templates/asg/autoscale.yaml
index 04a1adbb..87720f66 100644
--- a/aws/templates/asg/autoscale.yaml
+++ b/aws/templates/asg/autoscale.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Create an Auto Scaling group of Check Point gateways (20240417)
+Description: Create an Auto Scaling group of Check Point gateways (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -303,6 +303,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/cluster/cluster-master.yaml b/aws/templates/cluster/cluster-master.yaml
index 87d54b56..61ba3b5c 100755
--- a/aws/templates/cluster/cluster-master.yaml
+++ b/aws/templates/cluster/cluster-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Check Point Cluster in a new VPC (20240204)
+Description: Deploy a Check Point Cluster in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -310,6 +310,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/cluster/cluster.yaml b/aws/templates/cluster/cluster.yaml
index 9bea983a..243234a7 100755
--- a/aws/templates/cluster/cluster.yaml
+++ b/aws/templates/cluster/cluster.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Cluster into an existing VPC (20240204)
+Description: Deploys a Check Point Cluster into an existing VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -305,6 +305,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml b/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml
index 9826d072..f53a0547 100644
--- a/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml
+++ b/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Check Point Cluster in a new VPC (20240204)
+Description: Deploy a Check Point Cluster in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -315,6 +315,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/cross-az-cluster/cross-az-cluster.yaml b/aws/templates/cross-az-cluster/cross-az-cluster.yaml
index 3c5f6ad8..b616d331 100644
--- a/aws/templates/cross-az-cluster/cross-az-cluster.yaml
+++ b/aws/templates/cross-az-cluster/cross-az-cluster.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Cluster into an existing VPC (20240204)
+Description: Deploys a Check Point Cluster into an existing VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -320,6 +320,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/geo-cluster/geo-cluster-master.yaml b/aws/templates/geo-cluster/geo-cluster-master.yaml
index b2d4e02f..61d20c0c 100644
--- a/aws/templates/geo-cluster/geo-cluster-master.yaml
+++ b/aws/templates/geo-cluster/geo-cluster-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Check Point cross AZ Cluster in a new VPC (20240204)
+Description: Deploy a Check Point cross AZ Cluster in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -327,6 +327,9 @@ Parameters:
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/geo-cluster/geo-cluster.yaml b/aws/templates/geo-cluster/geo-cluster.yaml
index c358dfba..77ac4de2 100644
--- a/aws/templates/geo-cluster/geo-cluster.yaml
+++ b/aws/templates/geo-cluster/geo-cluster.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point cross AZ Cluster into an existing VPC (20240204)
+Description: Deploys a Check Point cross AZ Cluster into an existing VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -321,6 +321,9 @@ Parameters:
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/gwlb-asg/gwlb-master.yaml b/aws/templates/gwlb-asg/gwlb-master.yaml
index 0e4eb4c7..3dd36c24 100644
--- a/aws/templates/gwlb-asg/gwlb-master.yaml
+++ b/aws/templates/gwlb-asg/gwlb-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (20240204)
+Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -433,6 +433,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
GatewayPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
@@ -607,6 +610,8 @@ Parameters:
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
+ - R82-BYOL
+ - R82-PAYG
ManagementPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
diff --git a/aws/templates/gwlb-asg/gwlb.yaml b/aws/templates/gwlb-asg/gwlb.yaml
index 50d8e335..bd6cdbbe 100644
--- a/aws/templates/gwlb-asg/gwlb.yaml
+++ b/aws/templates/gwlb-asg/gwlb.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (20240204)
+Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -383,6 +383,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
GatewayPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
@@ -557,6 +560,8 @@ Parameters:
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
+ - R82-BYOL
+ - R82-PAYG
ManagementPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
diff --git a/aws/templates/gwlb-asg/qs-gwlb-master.yaml b/aws/templates/gwlb-asg/qs-gwlb-master.yaml
index 4d7e56a7..942106cc 100644
--- a/aws/templates/gwlb-asg/qs-gwlb-master.yaml
+++ b/aws/templates/gwlb-asg/qs-gwlb-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (05072024)
+Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -542,6 +542,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
GatewayPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
@@ -711,6 +714,8 @@ Parameters:
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
+ - R82-BYOL
+ - R82-PAYG
ManagementPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
diff --git a/aws/templates/gwlb-asg/qs-gwlb.yaml b/aws/templates/gwlb-asg/qs-gwlb.yaml
index 1ff5555b..ebff2add 100644
--- a/aws/templates/gwlb-asg/qs-gwlb.yaml
+++ b/aws/templates/gwlb-asg/qs-gwlb.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: "Deploy a Quick-Start Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, optionally: Security Management Server and Application Server Autoscale in an existing VPC (05072024)"
+Description: "Deploy a Quick-Start Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, optionally: Security Management Server and Application Server Autoscale in an existing VPC (20241027)"
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -447,6 +447,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
GatewayPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
@@ -616,6 +619,8 @@ Parameters:
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
+ - R82-BYOL
+ - R82-PAYG
ManagementPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
diff --git a/aws/templates/gwlb-asg/tgw-gwlb-master.yaml b/aws/templates/gwlb-asg/tgw-gwlb-master.yaml
index 7fe4c750..c0598bf5 100644
--- a/aws/templates/gwlb-asg/tgw-gwlb-master.yaml
+++ b/aws/templates/gwlb-asg/tgw-gwlb-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in a new VPC for Transit Gateway (20240204)
+Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in a new VPC for Transit Gateway (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -526,6 +526,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
GatewayPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
@@ -700,6 +703,8 @@ Parameters:
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
+ - R82-BYOL
+ - R82-PAYG
ManagementPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
diff --git a/aws/templates/gwlb-asg/tgw-gwlb.yaml b/aws/templates/gwlb-asg/tgw-gwlb.yaml
index 89fbbc8b..58601a0a 100644
--- a/aws/templates/gwlb-asg/tgw-gwlb.yaml
+++ b/aws/templates/gwlb-asg/tgw-gwlb.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in an existing VPC for Transit Gateway (20240204)
+Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in an existing VPC for Transit Gateway (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -481,6 +481,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
GatewayPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
@@ -672,6 +675,8 @@ Parameters:
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
+ - R82-BYOL
+ - R82-PAYG
ManagementPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
diff --git a/aws/templates/management/management.yaml b/aws/templates/management/management.yaml
index 04e3d00e..4ae6c52c 100755
--- a/aws/templates/management/management.yaml
+++ b/aws/templates/management/management.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Management Server (20240417)
+Description: Deploys a Check Point Management Server (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -313,6 +313,8 @@ Parameters:
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
+ - R82-BYOL
+ - R82-PAYG
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/mds/mds.yaml b/aws/templates/mds/mds.yaml
index ec7913b2..3d2eeb7a 100644
--- a/aws/templates/mds/mds.yaml
+++ b/aws/templates/mds/mds.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: '2010-09-09'
-Description: Deploys a Check Point Multi-Domain Server (20240417)
+Description: Deploys a Check Point Multi-Domain Server (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -298,6 +298,7 @@ Parameters:
AllowedValues:
- R81.10-BYOL
- R81.20-BYOL
+ - R82-BYOL
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/single-gw/gateway.yaml b/aws/templates/single-gw/gateway.yaml
index 645eab2f..26865610 100644
--- a/aws/templates/single-gw/gateway.yaml
+++ b/aws/templates/single-gw/gateway.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Security Gateway into an existing VPC (20240204)
+Description: Deploys a Check Point Security Gateway into an existing VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -305,6 +305,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/standalone/standalone-master.yaml b/aws/templates/standalone/standalone-master.yaml
index 6c9847cc..28e8b447 100644
--- a/aws/templates/standalone/standalone-master.yaml
+++ b/aws/templates/standalone/standalone-master.yaml
@@ -1,6 +1,6 @@
AWSTemplateFormatVersion: 2010-09-09
Description: Deploys either a manually configurable or a Check Point CloudGuard IaaS
- Security Gateway & Management (Standalone) instance in a new VPC (20240204)
+ Security Gateway & Management (Standalone) instance in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -180,6 +180,8 @@ Parameters:
- R81.10-BYOL
- R81.20-PAYG-NGTP
- R81.20-BYOL
+ - R82-PAYG-NGTP
+ - R82-BYOL
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/standalone/standalone.yaml b/aws/templates/standalone/standalone.yaml
index a73e2d34..41876109 100644
--- a/aws/templates/standalone/standalone.yaml
+++ b/aws/templates/standalone/standalone.yaml
@@ -1,6 +1,6 @@
AWSTemplateFormatVersion: 2010-09-09
Description: Deploys either a manually configurable or a Check Point CloudGuard IaaS
- Security Gateway & Management (Standalone) instance into an existing VPC (20240204)
+ Security Gateway & Management (Standalone) instance into an existing VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -289,6 +289,8 @@ Parameters:
- R81.10-BYOL
- R81.20-PAYG-NGTP
- R81.20-BYOL
+ - R82-PAYG-NGTP
+ - R82-BYOL
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/tgw-asg/tgw-asg-master.yaml b/aws/templates/tgw-asg/tgw-asg-master.yaml
index 4ddf23df..339da4e9 100644
--- a/aws/templates/tgw-asg/tgw-asg-master.yaml
+++ b/aws/templates/tgw-asg/tgw-asg-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server in a new VPC (20240204)
+Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -372,6 +372,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
GatewayPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
@@ -538,6 +541,8 @@ Parameters:
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
+ - R82-BYOL
+ - R82-PAYG
ManagementPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
diff --git a/aws/templates/tgw-asg/tgw-asg.yaml b/aws/templates/tgw-asg/tgw-asg.yaml
index e1a5633f..bf7d2ab1 100644
--- a/aws/templates/tgw-asg/tgw-asg.yaml
+++ b/aws/templates/tgw-asg/tgw-asg.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: '2010-09-09'
-Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server into an existing VPC (20240204)
+Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server into an existing VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -326,6 +326,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
GatewayPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
@@ -492,6 +495,8 @@ Parameters:
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
+ - R82-BYOL
+ - R82-PAYG
ManagementPasswordHash:
Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
Type: String
diff --git a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml
index 4ab74737..232ca1b5 100644
--- a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml
+++ b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Check Point TGW Cross Availabilty Zone Cluster in a new VPC (20240204)
+Description: Deploy a Check Point TGW Cross Availabilty Zone Cluster in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -342,6 +342,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml
index 63062132..56d58083 100644
--- a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml
+++ b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point TGW Cross Availabilty Zone Cluster into an existing VPC (20240204)
+Description: Deploys a Check Point TGW Cross Availabilty Zone Cluster into an existing VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -338,6 +338,9 @@ Parameters:
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/tgw-ha/tgw-ha-master.yaml b/aws/templates/tgw-ha/tgw-ha-master.yaml
index 503a1b23..d8a734ea 100644
--- a/aws/templates/tgw-ha/tgw-ha-master.yaml
+++ b/aws/templates/tgw-ha/tgw-ha-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Check Point TGW HA cross AZ Cluster in a new VPC (20240204)
+Description: Deploy a Check Point TGW HA cross AZ Cluster in a new VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -343,6 +343,9 @@ Parameters:
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/aws/templates/tgw-ha/tgw-ha.yaml b/aws/templates/tgw-ha/tgw-ha.yaml
index 9a20ff99..c4f5426e 100644
--- a/aws/templates/tgw-ha/tgw-ha.yaml
+++ b/aws/templates/tgw-ha/tgw-ha.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point TGW HA Cluster into an existing VPC (20240204)
+Description: Deploys a Check Point TGW HA Cluster into an existing VPC (20241027)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -337,6 +337,9 @@ Parameters:
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
+ - R82-BYOL
+ - R82-PAYG-NGTP
+ - R82-PAYG-NGTX
Shell:
Description: Change the admin shell to enable advanced command line configuration.
Type: String
diff --git a/terraform/aws/autoscale-gwlb/README.md b/terraform/aws/autoscale-gwlb/README.md
index b6c58219..4d4115db 100755
--- a/terraform/aws/autoscale-gwlb/README.md
+++ b/terraform/aws/autoscale-gwlb/README.md
@@ -116,36 +116,36 @@ secret_key = "my-secret-key"
## Inputs
-| Name | Description | Type | Allowed values | Default | Required |
-|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|----------|
-| prefix | (Optional) Instances name prefix | string | n/a | "" | no |
-| asg_name | Autoscaling Group name | string | n/a | Check-Point-ASG-tf | no |
-| vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes |
-| subnet_ids | List of public subnet IDs to launch resources into. Recommended at least 2 | list(string) | n/a | n/a | yes |
-| gateways_provision_address_type | Determines if the gateways are provisioned using their private or public address. | string | - private
- public | private | no |
-| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
-| management_server | The name that represents the Security Management Server in the CME configuration | string | n/a | n/a | yes |
-| configuration_template | Name of the provisioning template in the CME configuration | string | n/a | n/a | yes |
-| gateway_name | The name tag of the Security Gateways instances | string | n/a | Check-Point-ASG-gateway-tf | no |
-| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
-| key_name | The EC2 Key Pair name to allow SSH access to the instances | string | n/a | n/a | yes |
-| volume_size | Root volume size (GB) - minimum 100 | number | n/a | 100 | no |
-| enable_volume_encryption | Encrypt Environment instances volume with default AWS KMS key | bool | true/false | true | no |
-| instances_tags | (Optional) A map of tags as key=value pairs. All tags will be added on all AutoScaling Group instances | map(string) | n/a | {} | no |
-| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
-| minimum_group_size | The minimum number of instances in the Auto Scaling group | number | n/a | 2 | no |
-| maximum_group_size | The maximum number of instances in the Auto Scaling group | number | n/a | 10 | no |
-| target_groups | (Optional) List of Target Group ARNs to associate with the Auto Scaling group | list(string) | n/a | [] | no |
-| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
-| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
-| gateway_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
-| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components (at least 8 alphanumeric characters) | string | n/a | "12345678" | yes |
-| enable_instance_connect | Enable SSH connection over AWS web console. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no |
-| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
-| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
-| gateway_bootstrap_script | (Optional) Semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no |
-| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
-| gateway_maintenance_mode_password_hash | (optional) Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here). | string | n/a | "" | no |
+| Name | Description | Type | Allowed values | Default | Required |
+|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------|-------------|
+| prefix | (Optional) Instances name prefix | string | n/a | "" | no |
+| asg_name | Autoscaling Group name | string | n/a | Check-Point-ASG-tf | no |
+| vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes |
+| subnet_ids | List of public subnet IDs to launch resources into. Recommended at least 2 | list(string) | n/a | n/a | yes |
+| gateways_provision_address_type | Determines if the gateways are provisioned using their private or public address. | string | - private
- public | private | no |
+| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
+| management_server | The name that represents the Security Management Server in the CME configuration | string | n/a | n/a | yes |
+| configuration_template | Name of the provisioning template in the CME configuration | string | n/a | n/a | yes |
+| gateway_name | The name tag of the Security Gateways instances | string | n/a | Check-Point-ASG-gateway-tf | no |
+| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
+| key_name | The EC2 Key Pair name to allow SSH access to the instances | string | n/a | n/a | yes |
+| volume_size | Root volume size (GB) - minimum 100 | number | n/a | 100 | no |
+| enable_volume_encryption | Encrypt Environment instances volume with default AWS KMS key | bool | true/false | true | no |
+| instances_tags | (Optional) A map of tags as key=value pairs. All tags will be added on all AutoScaling Group instances | map(string) | n/a | {} | no |
+| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
+| minimum_group_size | The minimum number of instances in the Auto Scaling group | number | n/a | 2 | no |
+| maximum_group_size | The maximum number of instances in the Auto Scaling group | number | n/a | 10 | no |
+| target_groups | (Optional) List of Target Group ARNs to associate with the Auto Scaling group | list(string) | n/a | [] | no |
+| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
+| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
+| gateway_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components (at least 8 alphanumeric characters) | string | n/a | "12345678" | yes |
+| enable_instance_connect | Enable SSH connection over AWS web console. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no |
+| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
+| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
+| gateway_bootstrap_script | (Optional) Semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no |
+| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
+| gateway_maintenance_mode_password_hash | (optional) Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here). | string | n/a | "" | no |
## Outputs
| Name | Description |
@@ -167,6 +167,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | - R80.40 version deprecation.
- R81 version deprecation |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20240417 | - Add support for Elastic Load Balancer Health Checks.
- EC2 Auto Scaling will start to detect and act on health checks performed by Elastic Load Balancing. |
diff --git a/terraform/aws/autoscale-gwlb/asg_userdata.yaml b/terraform/aws/autoscale-gwlb/asg_userdata.yaml
index bb095c01..8cc2a7a5 100755
--- a/terraform/aws/autoscale-gwlb/asg_userdata.yaml
+++ b/terraform/aws/autoscale-gwlb/asg_userdata.yaml
@@ -26,4 +26,4 @@ bootcmd:
- echo "cpprod_util CPPROD_SetValue \"fw1\" \"AwsGwlb\" 4 1 1" >> /etc/rc.local
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"autoscale_gwlb\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"autoscale_gwlb\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/autoscale/README.md b/terraform/aws/autoscale/README.md
index a46954ae..834e4618 100755
--- a/terraform/aws/autoscale/README.md
+++ b/terraform/aws/autoscale/README.md
@@ -126,7 +126,7 @@ secret_key = "my-secret-key"
## Inputs
| Name | Description | Type | Allowed values | Default | Required |
-|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|----------|
+|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|----------|
| prefix | (Optional) Instances name prefix | string | n/a | "" | no |
| asg_name | Autoscaling Group name | string | n/a | Check-Point-ASG-tf | no |
| vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes |
@@ -144,7 +144,7 @@ secret_key = "my-secret-key"
| minimum_group_size | The minimum number of instances in the Auto Scaling group | number | n/a | 2 | no |
| maximum_group_size | The maximum number of instances in the Auto Scaling group | number | n/a | 10 | no |
| target_groups | (Optional) List of Target Group ARNs to associate with the Auto Scaling group | list(string) | n/a | [] | no |
-| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components (at least 8 alphanumeric characters) | string | n/a | "12345678" | yes |
@@ -179,6 +179,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20240417 | - Add support for Elastic Load Balancer Health Checks.
- EC2 Auto Scaling will start to detect and act on health checks performed by Elastic Load Balancing. |
diff --git a/terraform/aws/autoscale/asg_userdata.yaml b/terraform/aws/autoscale/asg_userdata.yaml
index 4c6633c3..140f2d8d 100755
--- a/terraform/aws/autoscale/asg_userdata.yaml
+++ b/terraform/aws/autoscale/asg_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${BootstrapScript}\"
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" bootstrapScript64=\"${BootstrapScript}\"
diff --git a/terraform/aws/cluster-master/README.md b/terraform/aws/cluster-master/README.md
index 7354af59..680c3dfc 100755
--- a/terraform/aws/cluster-master/README.md
+++ b/terraform/aws/cluster-master/README.md
@@ -171,7 +171,7 @@ secret_key = "my-secret-key"
| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway EC2 Instances | map(string) | n/a | {} | no |
| predefined_role | (Optional) A predefined IAM role to attach to the cluster profile | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -203,6 +203,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
diff --git a/terraform/aws/cluster/README.md b/terraform/aws/cluster/README.md
index e1b48f4f..cbe60b62 100755
--- a/terraform/aws/cluster/README.md
+++ b/terraform/aws/cluster/README.md
@@ -133,7 +133,7 @@ secret_key = "my-secret-key"
## Inputs
| Name | Description | Type | Allowed values | Default | Required |
-|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------|
+|----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|-----------|
| vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes |
| public_subnet_id | The public subnet of the cluster. The cluster's public IPs will be generated from this subnet | string | n/a | n/a | yes |
| private_subnet_id | The private subnet of the cluster. The cluster's private IPs will be generated from this subnet | string | n/a | n/a | yes |
@@ -149,7 +149,7 @@ secret_key = "my-secret-key"
| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway EC2 Instances | map(string) | n/a | {} | no |
| predefined_role | (Optional) A predefined IAM role to attach to the cluster profile | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -181,6 +181,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20240304 | Add x-chkp-cluster-ips, x-chkp-member-ips tags to cluster members |
diff --git a/terraform/aws/cluster/cluster_member_a_userdata.yaml b/terraform/aws/cluster/cluster_member_a_userdata.yaml
index 1fa105c0..da66a948 100755
--- a/terraform/aws/cluster/cluster_member_a_userdata.yaml
+++ b/terraform/aws/cluster/cluster_member_a_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberAPublicAddress}\" templateVersion=\"20240704\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberAPublicAddress}\" templateVersion=\"20241027\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/cluster/cluster_member_b_userdata.yaml b/terraform/aws/cluster/cluster_member_b_userdata.yaml
index 36d29dc5..9109013c 100755
--- a/terraform/aws/cluster/cluster_member_b_userdata.yaml
+++ b/terraform/aws/cluster/cluster_member_b_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberBPublicAddress}\" templateVersion=\"20231012\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberBPublicAddress}\" templateVersion=\"20241027\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/cross-az-cluster-master/README.md b/terraform/aws/cross-az-cluster-master/README.md
index ce475b0d..f3d5ebb1 100755
--- a/terraform/aws/cross-az-cluster-master/README.md
+++ b/terraform/aws/cross-az-cluster-master/README.md
@@ -170,7 +170,7 @@ secret_key = "my-secret-key"
| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway EC2 Instances | map(string) | n/a | {} | no |
| predefined_role | (Optional) A predefined IAM role to attach to the cluster profile | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -202,6 +202,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
| 20230923 | Add support for C5d instance type |
diff --git a/terraform/aws/cross-az-cluster/README.md b/terraform/aws/cross-az-cluster/README.md
index ed0737da..34d9b77f 100755
--- a/terraform/aws/cross-az-cluster/README.md
+++ b/terraform/aws/cross-az-cluster/README.md
@@ -145,7 +145,7 @@ secret_key = "my-secret-key"
| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway EC2 Instances | map(string) | n/a | {} | no |
| predefined_role | (Optional) A predefined IAM role to attach to the cluster profile | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -178,6 +178,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20240304 | Add x-chkp-cluster-ips, x-chkp-member-ips tags to cluster members |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
diff --git a/terraform/aws/cross-az-cluster/cluster_member_a_userdata.yaml b/terraform/aws/cross-az-cluster/cluster_member_a_userdata.yaml
index f9a926c5..2d8ab4a0 100755
--- a/terraform/aws/cross-az-cluster/cluster_member_a_userdata.yaml
+++ b/terraform/aws/cross-az-cluster/cluster_member_a_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cross-az-cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240310\" templateName=\"cross_az_cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" elasticIp=\"${MemberAPublicAddress}\" otherMemberIp=\"${MemberBPrivateAddressCluster}\" clusterIp=\"${PublicAddressCluster}\" secondaryIp=\"${MemberAPrivateAddressSecondary}\" otherMemberPrivateClusterIp=\"${MemberBPrivateAddressSecondary}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cross-az-cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"cross_az_cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" elasticIp=\"${MemberAPublicAddress}\" otherMemberIp=\"${MemberBPrivateAddressCluster}\" clusterIp=\"${PublicAddressCluster}\" secondaryIp=\"${MemberAPrivateAddressSecondary}\" otherMemberPrivateClusterIp=\"${MemberBPrivateAddressSecondary}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/cross-az-cluster/cluster_member_b_userdata.yaml b/terraform/aws/cross-az-cluster/cluster_member_b_userdata.yaml
index a374aaa6..44e2eb70 100755
--- a/terraform/aws/cross-az-cluster/cluster_member_b_userdata.yaml
+++ b/terraform/aws/cross-az-cluster/cluster_member_b_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cross-az-cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240310\" templateName=\"cross_az_cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" elasticIp=\"${MemberBPublicAddress}\" otherMemberIp=\"${MemberAPrivateAddressCluster}\" clusterIp=\"${PublicAddressCluster}\" secondaryIp=\"${MemberBPrivateAddressSecondary}\" otherMemberPrivateClusterIp=\"${MemberAPrivateAddressSecondary}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cross-az-cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"cross_az_cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" elasticIp=\"${MemberBPublicAddress}\" otherMemberIp=\"${MemberAPrivateAddressCluster}\" clusterIp=\"${PublicAddressCluster}\" secondaryIp=\"${MemberBPrivateAddressSecondary}\" otherMemberPrivateClusterIp=\"${MemberAPrivateAddressSecondary}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/gateway-master/README.md b/terraform/aws/gateway-master/README.md
index 00594f44..15fd6892 100755
--- a/terraform/aws/gateway-master/README.md
+++ b/terraform/aws/gateway-master/README.md
@@ -161,7 +161,7 @@ secret_key = "my-secret-key"
| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Security Gateway EC2 Instance | map(string) | n/a | {} | no |
-| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -198,6 +198,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
diff --git a/terraform/aws/gateway/README.md b/terraform/aws/gateway/README.md
index 52c8ff8a..ea58cb3b 100755
--- a/terraform/aws/gateway/README.md
+++ b/terraform/aws/gateway/README.md
@@ -124,7 +124,7 @@ secret_key = "my-secret-key"
## Inputs
| Name | Description | Type | Allowed values | Default | Required |
-|------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|----------|
+|------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------|
| vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes |
| public_subnet_id | The public subnet of the security gateway | string | n/a | n/a | yes |
| private_subnet_id | The private subnet of the security gateway | string | n/a | n/a | yes |
@@ -139,7 +139,7 @@ secret_key = "my-secret-key"
| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Security Gateway EC2 Instance | map(string) | n/a | {} | no |
-| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX
| R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -173,6 +173,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
diff --git a/terraform/aws/gwlb-master/README.md b/terraform/aws/gwlb-master/README.md
index 2adb1f59..9bb7568c 100755
--- a/terraform/aws/gwlb-master/README.md
+++ b/terraform/aws/gwlb-master/README.md
@@ -157,47 +157,47 @@ secret_key = "my-secret-key"
```
## Inputs
-| Name | Description | Type | Allowed values | Default | Required |
-|-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
-| vpc_cidr | The CIDR block of the VPC | string | n/a | n/a | yes |
-| public_subnets_map | A map of pairs {availability-zone = subnet-suffix-number}. Each entry creates a subnet. Minimum 1 pair. (e.g. {\"us-east-1a\" = 1} ) | map | n/a | n/a | yes |
-| subnets_bit_length | Number of additional bits with which to extend the vpc cidr. For example, if given a vpc_cidr ending in /16 and a subnets_bit_length value of 4, the resulting subnet address will have length /20 | number | n/a | n/a | yes |
-| key_name | The EC2 Key Pair name to allow SSH access to the instances | string | n/a | n/a | yes |
-| enable_volume_encryption | Encrypt Environment instances volume with default AWS KMS key | bool | true/false | true | no |
-| enable_instance_connect | Enable SSH connection over AWS web console. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no |
-| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
-| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
-| volume_size | Instances volume size | number | n/a | 100 | no |
-| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
-| management_server | The name that represents the Security Management Server in the automatic provisioning configuration. | string | n/a | CP-Management-gwlb-tf | yes |
-| configuration_template | The tag is used by the Security Management Server to automatically provision the Security Gateways. Must be up to 12 alphanumeric characters and unique for each Quick Start deployment | string | n/a | gwlb-configuration | no |
-| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
-| gateway_load_balancer_name | Load Balancer name in AWS | string | n/a | gwlb1 | yes |
-| target_group_name | Target Group Name. This name must be unique within your AWS account and can have a maximum of 32 alphanumeric characters and hyphens. | string | n/a | tg1 | yes |
-| connection_acceptance_required | Indicate whether requests from service consumers to create an endpoint to your service must be accepted. Default is set to false(acceptance not required). | bool | true/false | false | yes |
-| enable_cross_zone_load_balancing | Select 'true' to enable cross-az load balancing. NOTE! this may cause a spike in cross-az charges. | bool | true/false | true | yes |
-| gateway_name | The name tag of the Security Gateway instances. (optional) | string | n/a | Check-Point-GW-tf | yes |
-| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
-| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
-| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
-| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
-| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
-| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
-| gateway_bootstrap_script | (Optional) An optional script with semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no |
-| gateways_provision_address_type | Determines if the gateways are provisioned using their private or public address. | string | - private
- public | private | no |
-| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
-| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
-| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
-| management_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
-| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
-| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no |
-| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
-| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
-| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
-| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| Name | Description | Type | Allowed values | Default | Required |
+|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
+| vpc_cidr | The CIDR block of the VPC | string | n/a | n/a | yes |
+| public_subnets_map | A map of pairs {availability-zone = subnet-suffix-number}. Each entry creates a subnet. Minimum 1 pair. (e.g. {\"us-east-1a\" = 1} ) | map | n/a | n/a | yes |
+| subnets_bit_length | Number of additional bits with which to extend the vpc cidr. For example, if given a vpc_cidr ending in /16 and a subnets_bit_length value of 4, the resulting subnet address will have length /20 | number | n/a | n/a | yes |
+| key_name | The EC2 Key Pair name to allow SSH access to the instances | string | n/a | n/a | yes |
+| enable_volume_encryption | Encrypt Environment instances volume with default AWS KMS key | bool | true/false | true | no |
+| enable_instance_connect | Enable SSH connection over AWS web console. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no |
+| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
+| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
+| volume_size | Instances volume size | number | n/a | 100 | no |
+| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
+| management_server | The name that represents the Security Management Server in the automatic provisioning configuration. | string | n/a | CP-Management-gwlb-tf | yes |
+| configuration_template | The tag is used by the Security Management Server to automatically provision the Security Gateways. Must be up to 12 alphanumeric characters and unique for each Quick Start deployment | string | n/a | gwlb-configuration | no |
+| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
+| gateway_load_balancer_name | Load Balancer name in AWS | string | n/a | gwlb1 | yes |
+| target_group_name | Target Group Name. This name must be unique within your AWS account and can have a maximum of 32 alphanumeric characters and hyphens. | string | n/a | tg1 | yes |
+| connection_acceptance_required | Indicate whether requests from service consumers to create an endpoint to your service must be accepted. Default is set to false(acceptance not required). | bool | true/false | false | yes |
+| enable_cross_zone_load_balancing | Select 'true' to enable cross-az load balancing. NOTE! this may cause a spike in cross-az charges. | bool | true/false | true | yes |
+| gateway_name | The name tag of the Security Gateway instances. (optional) | string | n/a | Check-Point-GW-tf | yes |
+| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
+| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
+| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
+| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
+| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
+| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
+| gateway_bootstrap_script | (Optional) An optional script with semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no |
+| gateways_provision_address_type | Determines if the gateways are provisioned using their private or public address. | string | - private
- public | private | no |
+| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
+| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
+| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
+| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
+| management_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
+| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no |
+| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
+| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
+| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
@@ -217,6 +217,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | R80.40 version deprecation |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
diff --git a/terraform/aws/gwlb/README.md b/terraform/aws/gwlb/README.md
index 46a142c0..465eef86 100755
--- a/terraform/aws/gwlb/README.md
+++ b/terraform/aws/gwlb/README.md
@@ -172,7 +172,7 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
@@ -208,6 +208,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | R80.40 version deprecation |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20240310 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
diff --git a/terraform/aws/management/README.md b/terraform/aws/management/README.md
index 8545ff85..9c3a0a2b 100755
--- a/terraform/aws/management/README.md
+++ b/terraform/aws/management/README.md
@@ -152,7 +152,7 @@ secret_key = "my-secret-key"
| iam_permissions | IAM role to attach to the instance profile | string | - None (configure later)
- Use existing (specify an existing IAM role name)
- Create with assume role permissions (specify an STS role ARN)
- Create with read permissions
- Create with read-write permissions | Create with read permissions | no |
| predefined_role | (Optional) A predefined IAM role to attach to the instance profile. Ignored if var.iam_permissions is not set to 'Use existing' | string | n/a | "" | no |
| sts_roles | (Optional) The IAM role will be able to assume these STS Roles (list of ARNs). Ignored if var.iam_permissions is set to 'None' or 'Use existing' | list(string) | n/a | [] | no |
-| management_version | Management version and license | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
+| management_version | Management version and license | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
- R82-BYOL
- R82-PAYG | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| management_password_hash | (Optional) Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash) | string | n/a | "" | no |
| management_hostname | (Optional) Security Management Server prompt hostname. The name must not contain reserved words. For details, refer to sk40179. | string | n/a | "" | no |
@@ -180,21 +180,22 @@ secret_key = "my-secret-key"
## Revision History
In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
-| Template Version | Description |
-|------------------|---------------------------------------------------------------------------------------------------------------|
-| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
-| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
-| 20240207 | Added Log Server installation support |
-| 20231012 | Update AWS Terraform provider version to 5.20.1 |
-| 20230923 | Add support for C5d instance type |
-| 20230914 | Add support for maintenance mode password |
-| 20230829 | Change default Check Point version to R81.20 |
-| 20230806 | Add support for c6in instance type |
-| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
-| 20221123 | R81.20 version support |
-| 20220606 | New instance type support |
-| 20210329 | Stability fixes |
-| 20210309 | First release of Check Point Security Management Server Terraform module for AWS |
+| Template Version | Description |
+|-------------------|---------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
+| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
+| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
+| 20240207 | Added Log Server installation support |
+| 20231012 | Update AWS Terraform provider version to 5.20.1 |
+| 20230923 | Add support for C5d instance type |
+| 20230914 | Add support for maintenance mode password |
+| 20230829 | Change default Check Point version to R81.20 |
+| 20230806 | Add support for c6in instance type |
+| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
+| 20221123 | R81.20 version support |
+| 20220606 | New instance type support |
+| 20210329 | Stability fixes |
+| 20210309 | First release of Check Point Security Management Server Terraform module for AWS |
## License
diff --git a/terraform/aws/management/management_userdata.yaml b/terraform/aws/management/management_userdata.yaml
index cfd9e5dc..1b87042a 100755
--- a/terraform/aws/management/management_userdata.yaml
+++ b/terraform/aws/management/management_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" "management_installation_type=\"${ManagementInstallationType}\"" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" overTheInternet=\"${PubMgmt}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" "management_installation_type=\"${ManagementInstallationType}\"" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" overTheInternet=\"${PubMgmt}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/mds/README.md b/terraform/aws/mds/README.md
index 156aad68..92186771 100755
--- a/terraform/aws/mds/README.md
+++ b/terraform/aws/mds/README.md
@@ -147,7 +147,7 @@ secret_key = "my-secret-key"
| iam_permissions | IAM role to attach to the instance profile | string | - None (configure later)
- Use existing (specify an existing IAM role name)
- Create with assume role permissions (specify an STS role ARN)
- Create with read permissions
- Create with read-write permissions | Create with read permissions | no |
| predefined_role | (Optional) A predefined IAM role to attach to the instance profile. Ignored if var.iam_permissions is not set to 'Use existing' | string | n/a | "" | no |
| sts_roles | (Optional) The IAM role will be able to assume these STS Roles (list of ARNs). Ignored if var.iam_permissions is set to 'None' or 'Use existing' | list(string) | n/a | [] | no |
-| mds_version | Multi-Domain Server version and license | string | - R81.10-BYOL
- R81.20-BYOL | R81.20-BYOL | no |
+| mds_version | Multi-Domain Server version and license | string | - R81.10-BYOL
- R81.20-BYOL
- R82-BYOL | R81.20-BYOL | no |
| mds_admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| mds_password_hash | (Optional) Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash) | string | n/a | "" | no |
| mds_hostname | (Optional) Multi-Domain Server prompt hostname. The name must not contain reserved words. For details, refer to sk40179. | string | n/a | "" | no |
@@ -174,6 +174,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20240310 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
diff --git a/terraform/aws/mds/mds_userdata.yaml b/terraform/aws/mds/mds_userdata.yaml
index cd0085c6..bf30aa1b 100755
--- a/terraform/aws/mds/mds_userdata.yaml
+++ b/terraform/aws/mds/mds_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"mds\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"mds\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" primary=\"${IsPrimary}\" secondary=\"${IsSecondary}\" adminSubnet=\"${AdminSubnet}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"mds\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"mds\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" primary=\"${IsPrimary}\" secondary=\"${IsSecondary}\" adminSubnet=\"${AdminSubnet}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/modules/common/version_license/main.tf b/terraform/aws/modules/common/version_license/main.tf
index c0aaca14..93515298 100755
--- a/terraform/aws/modules/common/version_license/main.tf
+++ b/terraform/aws/modules/common/version_license/main.tf
@@ -4,29 +4,40 @@ locals {
"R81.10-PAYG-NGTP",
"R81.10-PAYG-NGTX",
"R81.20-BYOL",
- "R81.20-PAYG-NGTP",
- "R81.20-PAYG-NGTX"
+ "R81.20-PAYG-NGTP",
+ "R81.20-PAYG-NGTX",
+ "R82-BYOL",
+ "R82-PAYG-NGTP",
+ "R82-PAYG-NGTX"
]
mgmt_versions = [
"R81.10-BYOL",
"R81.10-PAYG",
"R81.20-BYOL",
- "R81.20-PAYG"
+ "R81.20-PAYG",
+ "R82-BYOL",
+ "R82-PAYG"
]
mds_versions = [
"R81.10-BYOL",
- "R81.20-BYOL"
+ "R81.20-BYOL",
+ "R82-BYOL"
]
standalone_versions = [
"R81.10-BYOL",
"R81.10-PAYG-NGTP",
"R81.20-BYOL",
- "R81.20-PAYG-NGTP"
+ "R81.20-PAYG-NGTP",
+ "R82-BYOL",
+ "R82-PAYG-NGTP"
]
gwlb_gw_versions = [
- "R81.20-BYOL",
- "R81.20-PAYG-NGTP",
- "R81.20-PAYG-NGTX"
+ "R81.20-BYOL",
+ "R81.20-PAYG-NGTP",
+ "R81.20-PAYG-NGTX",
+ "R82-BYOL",
+ "R82-PAYG-NGTP",
+ "R82-PAYG-NGTX"
]
}
diff --git a/terraform/aws/qs-autoscale-master/README.md b/terraform/aws/qs-autoscale-master/README.md
index 0c998024..d42f1fa2 100755
--- a/terraform/aws/qs-autoscale-master/README.md
+++ b/terraform/aws/qs-autoscale-master/README.md
@@ -192,13 +192,13 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
- R82-BYOL
- R82-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateways_blades | Turn on the Intrusion Prevention System, Application Control, Anti-Virus and Anti-Bot Blades (additional Blades can be manually turned on later) | bool | true/false | true | no |
@@ -238,20 +238,21 @@ secret_key = "my-secret-key"
In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
-| Template Version | Description |
-|------------------|---------------------------------------------------------------------------------------|
-| 20240425 | Remove support for R81 and lower versions |
-| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
-| 20231127 | Add support for parameter admin shell |
-| 20231012 | Update AWS Terraform provider version to 5.20.1 |
-| 20230923 | Add support for C5d instance type |
-| 20230914 | Add support for maintenance mode password |
-| 20230829 | Change default Check Point version to R81.20 |
-| 20230806 | Add support for c6in instance type |
-| 20221226 | Support ASG Launch Template instead of Launch Configuration |
-| 20221123 | R81.20 version support |
-| 20220606 | New instance type support |
-| 20210309 | First release of Check Point Quick Start Auto Scaling Master Terraform module for AWS |
+| Template Version | Description |
+|------------------|-----------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
+| 20240425 | Remove support for R81 and lower versions |
+| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
+| 20231127 | Add support for parameter admin shell |
+| 20231012 | Update AWS Terraform provider version to 5.20.1 |
+| 20230923 | Add support for C5d instance type |
+| 20230914 | Add support for maintenance mode password |
+| 20230829 | Change default Check Point version to R81.20 |
+| 20230806 | Add support for c6in instance type |
+| 20221226 | Support ASG Launch Template instead of Launch Configuration |
+| 20221123 | R81.20 version support |
+| 20220606 | New instance type support |
+| 20210309 | First release of Check Point Quick Start Auto Scaling Master Terraform module for AWS |
## License
diff --git a/terraform/aws/qs-autoscale/README.md b/terraform/aws/qs-autoscale/README.md
index ee559913..fe0398e9 100755
--- a/terraform/aws/qs-autoscale/README.md
+++ b/terraform/aws/qs-autoscale/README.md
@@ -156,7 +156,7 @@ secret_key = "my-secret-key"
## Inputs
| Name | Description | Type | Allowed values | Default | Required |
-|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
+|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
| prefix | (Optional) Instances name prefix | string | n/a | "" | no |
| asg_name | Autoscaling Group name | string | n/a | Check-Point-ASG-tf | no |
| vpc_id | Select an existing VPC | string | n/a | n/a | yes |
@@ -176,13 +176,13 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
- R82-BYOL
- R82-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateways_blades | Turn on the Intrusion Prevention System, Application Control, Anti-Virus and Anti-Bot Blades (additional Blades can be manually turned on later) | bool | true/false | true | no |
@@ -218,6 +218,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|-------------------------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20240425 | Remove support for R81 and lower versions |
| 20240310 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
diff --git a/terraform/aws/standalone-master/README.md b/terraform/aws/standalone-master/README.md
index ef5219d9..78d42f12 100755
--- a/terraform/aws/standalone-master/README.md
+++ b/terraform/aws/standalone-master/README.md
@@ -152,7 +152,7 @@ secret_key = "my-secret-key"
| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Standalone EC2 Instance | map(string) | n/a | {} | no |
-| standalone_version | Security Gateway & Management (Standalone) version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.20-BYOL
- R81.20-PAYG-NGTP | R81.20-BYOL | no |
+| standalone_version | Security Gateway & Management (Standalone) version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R82-BYOL
- R82-PAYG-NGTP | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| standalone_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| resources_tag_name | (optional) | string | n/a | "" | no |
@@ -185,6 +185,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|-------------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231113 | Add support for BYOL license type for Standalone |
diff --git a/terraform/aws/standalone/README.md b/terraform/aws/standalone/README.md
index 1614c44d..619be496 100755
--- a/terraform/aws/standalone/README.md
+++ b/terraform/aws/standalone/README.md
@@ -114,7 +114,7 @@ secret_key = "my-secret-key"
## Inputs
| Name | Description | Type | Allowed values | Default | Required |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|----------|
+|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------|----------|
| vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes |
| public_subnet_id | The public subnet of the Security Gateway & Management (Standalone) | string | n/a | n/a | yes |
| private_subnet_id | The private subnet of the Security Gateway & Management (Standalone) | string | n/a | n/a | yes |
@@ -129,7 +129,7 @@ secret_key = "my-secret-key"
| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Standalone EC2 Instance | map(string) | n/a | {} | no |
-| standalone_version | Security Gateway & Management (Standalone) version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.20-BYOL
- R81.20-PAYG-NGTP | R81.20-BYOL | no |
+| standalone_version | Security Gateway & Management (Standalone) version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R82-BYOL
- R82-PAYG | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| standalone_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| resources_tag_name | (optional) | string | n/a | "" | no |
@@ -157,7 +157,8 @@ secret_key = "my-secret-key"
In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
| Template Version | Description |
-|--------------------|------------------------------------------------------------------------------------------------------------------|
+|------------------|------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20210309 | First release of Check Point Security Management Server & Security Gateway (Standalone) Terraform module for AWS |
## License
diff --git a/terraform/aws/standalone/standalone_userdata.yaml b/terraform/aws/standalone/standalone_userdata.yaml
index 0bf47ec4..205b5bc3 100755
--- a/terraform/aws/standalone/standalone_userdata.yaml
+++ b/terraform/aws/standalone/standalone_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" installationType=\"standalone\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20240704\" templateName=\"standalone\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" bootstrapScript64=\"${StandaloneBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" installationType=\"standalone\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20241027\" templateName=\"standalone\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" bootstrapScript64=\"${StandaloneBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/tgw-asg-master/README.md b/terraform/aws/tgw-asg-master/README.md
index 18940e6e..85b2aa3c 100755
--- a/terraform/aws/tgw-asg-master/README.md
+++ b/terraform/aws/tgw-asg-master/README.md
@@ -168,14 +168,14 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
| asn | The organization Autonomous System Number (ASN) that identifies the routing domain for the Security Gateways | string | n/a | 6500 | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
- R82-BYOL
- R82-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| management_permissions | IAM role to attach to the instance profile | string | - None (configure later)
- Use existing (specify an existing IAM role name)
- Create with assume role permissions (specify an STS role ARN)
- Create with read permissions
- Create with read-write permissions | Create with read-write permissions | no |
| management_predefined_role | ((Optional) A predefined IAM role to attach to the instance profile. Ignored if IAM role is not set to 'Use existing' | string | n/a | "" | no |
@@ -207,6 +207,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|-------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
diff --git a/terraform/aws/tgw-asg/README.md b/terraform/aws/tgw-asg/README.md
index 44e1c298..e32fa852 100755
--- a/terraform/aws/tgw-asg/README.md
+++ b/terraform/aws/tgw-asg/README.md
@@ -159,14 +159,14 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
| asn | The organization Autonomous System Number (ASN) that identifies the routing domain for the Security Gateways | string | n/a | 6500 | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
- R82-BYOL
- R82-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| management_permissions | IAM role to attach to the instance profile | string | - None (configure later)
- Use existing (specify an existing IAM role name)
- Create with assume role permissions (specify an STS role ARN)
- Create with read permissions
- Create with read-write permissions | Create with read-write permissions | no |
| management_predefined_role | ((Optional) A predefined IAM role to attach to the instance profile. Ignored if IAM role is not set to 'Use existing' | string | n/a | "" | no |
@@ -182,32 +182,33 @@ secret_key = "my-secret-key"
## Outputs
-| Name | Description |
-|--------------------------|--------------------------------------------------------------------------------------------------------|
-| management_instance_name | The deployed Security Management AWS instance name |
-| management_public_ip | The deployed Security Management Server AWS public ip |
-| management_url | URL to the portal of the deployed Security Management Server |
-| autoscaling_group_name | The name of the deployed AutoScaling Group |
+| Name | Description |
+|--------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| management_instance_name | The deployed Security Management AWS instance name |
+| management_public_ip | The deployed Security Management Server AWS public ip |
+| management_url | URL to the portal of the deployed Security Management Server |
+| autoscaling_group_name | The name of the deployed AutoScaling Group |
| configuration_template | The name that represents the configuration template. Configurations required to automatically provision the Gateways in the Auto Scaling Group, such as what Security Policy to install and which Blades to enable, will be placed under this template name |
-| controller_name | The name that represents the controller. Configurations required to connect to your AWS environment, such as credentials and regions, will be placed under this controller name |
+| controller_name | The name that represents the controller. Configurations required to connect to your AWS environment, such as credentials and regions, will be placed under this controller name |
## Revision History
In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
-| Template Version | Description |
-|------------------|------------------------------------------------------------------------------------------|
-| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
-| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
-| 20231012 | Update AWS Terraform provider version to 5.20.1 |
-| 20230923 | Add support for C5d instance type |
-| 20230914 | Add support for maintenance mode password |
-| 20230829 | Change default Check Point version to R81.20 |
-| 20230806 | Add support for c6in instance type |
-| 20230626 | Fixed missing x-chkp-* tags on Auto Scale Group |
-| 20221226 | Support ASG Launch Template instead of Launch Configuration |
-| 20221123 | R81.20 version support |
-| 20220606 | New instance type support |
-| 20210329 | First release of Check Point Transit Gateway Auto Scaling Group Terraform module for AWS |
+| Template Version | Description |
+|------------------|-----------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
+| 20240704 | - R80.40 version deprecation.
- R81 version deprecation. |
+| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
+| 20231012 | Update AWS Terraform provider version to 5.20.1 |
+| 20230923 | Add support for C5d instance type |
+| 20230914 | Add support for maintenance mode password |
+| 20230829 | Change default Check Point version to R81.20 |
+| 20230806 | Add support for c6in instance type |
+| 20230626 | Fixed missing x-chkp-* tags on Auto Scale Group |
+| 20221226 | Support ASG Launch Template instead of Launch Configuration |
+| 20221123 | R81.20 version support |
+| 20220606 | New instance type support |
+| 20210329 | First release of Check Point Transit Gateway Auto Scaling Group Terraform module for AWS |
## License
diff --git a/terraform/aws/tgw-cross-az-cluster-master/README.md b/terraform/aws/tgw-cross-az-cluster-master/README.md
index 6f488b2d..210d40b5 100755
--- a/terraform/aws/tgw-cross-az-cluster-master/README.md
+++ b/terraform/aws/tgw-cross-az-cluster-master/README.md
@@ -140,7 +140,7 @@ secret_key = "my-secret-key"
## Inputs
| Name | Description | Type | Allowed values | Default | Required |
-|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|----------|
+|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------|
| vpc_cidr | The CIDR block of the VPC | string | n/a | n/a | yes |
| public_subnets_map | A map of pairs {availability-zone = subnet-suffix-number}. Each entry creates a subnet. Minimum 2 pairs. (e.g. {\"us-east-1a\" = 1 \"us-east-1b\" = 2} ) | map | n/a | n/a | yes |
| private_subnets_map | A map of pairs {availability-zone = subnet-suffix-number}. Each entry creates a subnet. Minimum 2 pairs. (e.g. {\"us-east-1a\" = 3 \"us-east-1b\" = 4} ) | map | n/a | n/a | yes |
@@ -158,7 +158,7 @@ secret_key = "my-secret-key"
| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway EC2 Instances | map(string) | n/a | {} | no |
| predefined_role | (Optional) A predefined IAM role to attach to the cluster profile | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -190,6 +190,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
| 20230923 | Add support for C5d instance type |
diff --git a/terraform/aws/tgw-cross-az-cluster/README.md b/terraform/aws/tgw-cross-az-cluster/README.md
index de08521c..971ea70b 100755
--- a/terraform/aws/tgw-cross-az-cluster/README.md
+++ b/terraform/aws/tgw-cross-az-cluster/README.md
@@ -134,41 +134,41 @@ secret_key = "my-secret-key"
- In Smart Console: reset SIC with the re-deployed member and install policy
## Inputs
-| Name | Description | Type | Allowed values | Default | Required |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------|
-| vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes |
-| public_subnet_id | The public subnet of the cluster. The cluster's public IPs will be generated from this subnet | string | n/a | n/a | yes |
-| private_subnet_id | The private subnet of the cluster. The cluster's private IPs will be generated from this subnet | string | n/a | n/a | yes |
-| tgw_subnet_1_id | The TGW attachment subnet ID located in the 1st Availability Zone | string | n/a | n/a | yes |
-| tgw_subnet_2_id | The TGW attachment subnet ID located in the 2st Availability Zone | string | n/a | n/a | yes |
-| private_route_table | (Optional) Set 0.0.0.0/0 route to the Active Cluster member instance in this route table (e.g. rtb-12a34567). Route table cannot have an existing 0.0.0.0/0 route | string | n/a | "" | no |
-| gateway_name | (Optional) The name tag of the Security Gateway instances | string | n/a | Check-Point-Cluster-tf | no |
-| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
-| key_name | The EC2 Key Pair name to allow SSH access to the instance | string | n/a | n/a | yes |
-| allocate_and_associate_eip | If set to true, an elastic IP will be allocated and associated with each cluster member, in addition to the shared cluster Elastic IP | bool | true/false | true | no |
-| volume_size | Root volume size (GB) - minimum 100 | number | n/a | 100 | no |
-| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
-| volume_encryption | KMS or CMK key Identifier: Use key ID, alias or ARN. Key alias should be prefixed with 'alias/' (e.g. for KMS default alias 'aws/ebs' - insert 'alias/aws/ebs') | string | n/a | alias/aws/ebs | no |
-| enable_instance_connect | Enable AWS Instance Connect. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no |
-| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
-| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
-| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway EC2 Instances | map(string) | n/a | {} | no |
-| predefined_role | (Optional) A predefined IAM role to attach to the cluster profile | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
-| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
-| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
-| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
-| memberAToken | (Recommended) Quick connect to Smart-1 Cloud. Paste here the token copied from the Connect Gateway screen in Smart-1 Cloud portal. Follow the instructions in SK180501 to quickly connect this Gateway to Smart-1 Cloud. | string | n/a | "" | no |
-| memberBToken | (Recommended) Quick connect to Smart-1 Cloud. Paste here the token copied from the Connect Gateway screen in Smart-1 Cloud portal. Follow the instructions in SK180501 to quickly connect this Gateway to Smart-1 Cloud. | string | n/a | "" | no |
-| resources_tag_name | (Optional) Name tag prefix of the resources | string | n/a | "" | no |
-| gateway_hostname | (Optional) The host name will be appended with member-a/b accordingly. The name must not contain reserved words. For details, refer to sk40179. | string | n/a | "" | no |
-| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
-| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
-| gateway_bootstrap_script | (Optional) Semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no |
-| primary_ntp | (Optional) The IPv4 addresses of Network Time Protocol primary server | string | n/a | 169.254.169.123 | no |
-| secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no |
-| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| Name | Description | Type | Allowed values | Default | Required |
+|-------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------|
+| vpc_id | The VPC id in which to deploy | string | n/a | n/a | yes |
+| public_subnet_id | The public subnet of the cluster. The cluster's public IPs will be generated from this subnet | string | n/a | n/a | yes |
+| private_subnet_id | The private subnet of the cluster. The cluster's private IPs will be generated from this subnet | string | n/a | n/a | yes |
+| tgw_subnet_1_id | The TGW attachment subnet ID located in the 1st Availability Zone | string | n/a | n/a | yes |
+| tgw_subnet_2_id | The TGW attachment subnet ID located in the 2st Availability Zone | string | n/a | n/a | yes |
+| private_route_table | (Optional) Set 0.0.0.0/0 route to the Active Cluster member instance in this route table (e.g. rtb-12a34567). Route table cannot have an existing 0.0.0.0/0 route | string | n/a | "" | no |
+| gateway_name | (Optional) The name tag of the Security Gateway instances | string | n/a | Check-Point-Cluster-tf | no |
+| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
+| key_name | The EC2 Key Pair name to allow SSH access to the instance | string | n/a | n/a | yes |
+| allocate_and_associate_eip | If set to true, an elastic IP will be allocated and associated with each cluster member, in addition to the shared cluster Elastic IP | bool | true/false | true | no |
+| volume_size | Root volume size (GB) - minimum 100 | number | n/a | 100 | no |
+| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
+| volume_encryption | KMS or CMK key Identifier: Use key ID, alias or ARN. Key alias should be prefixed with 'alias/' (e.g. for KMS default alias 'aws/ebs' - insert 'alias/aws/ebs') | string | n/a | alias/aws/ebs | no |
+| enable_instance_connect | Enable AWS Instance Connect. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no |
+| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
+| metadata_imdsv2_required | Set true to deploy the instance with metadata v2 token required | bool | true/false | true | yes |
+| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway EC2 Instances | map(string) | n/a | {} | no |
+| predefined_role | (Optional) A predefined IAM role to attach to the cluster profile | string | n/a | "" | no |
+| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
+| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
+| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
+| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
+| memberAToken | (Recommended) Quick connect to Smart-1 Cloud. Paste here the token copied from the Connect Gateway screen in Smart-1 Cloud portal. Follow the instructions in SK180501 to quickly connect this Gateway to Smart-1 Cloud. | string | n/a | "" | no |
+| memberBToken | (Recommended) Quick connect to Smart-1 Cloud. Paste here the token copied from the Connect Gateway screen in Smart-1 Cloud portal. Follow the instructions in SK180501 to quickly connect this Gateway to Smart-1 Cloud. | string | n/a | "" | no |
+| resources_tag_name | (Optional) Name tag prefix of the resources | string | n/a | "" | no |
+| gateway_hostname | (Optional) The host name will be appended with member-a/b accordingly. The name must not contain reserved words. For details, refer to sk40179. | string | n/a | "" | no |
+| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
+| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
+| gateway_bootstrap_script | (Optional) Semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no |
+| primary_ntp | (Optional) The IPv4 addresses of Network Time Protocol primary server | string | n/a | 169.254.169.123 | no |
+| secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
@@ -187,6 +187,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
| 20230923 | Add support for C5d instance type |
diff --git a/terraform/aws/tgw-gwlb-master/README.md b/terraform/aws/tgw-gwlb-master/README.md
index 28d62d04..0ccc4165 100755
--- a/terraform/aws/tgw-gwlb-master/README.md
+++ b/terraform/aws/tgw-gwlb-master/README.md
@@ -176,7 +176,7 @@ secret_key = "my-secret-key"
## Inputs
| Name | Description | Type | Allowed values | Default | Required |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|-----------|
+|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
| vpc_cidr | The CIDR block of the VPC | string | n/a | n/a | yes |
| subnets_bit_length | Number of additional bits with which to extend the vpc cidr. For example, if given a vpc_cidr ending in /16 and a subnets_bit_length value of 4, the resulting subnet address will have length /20 | number | n/a | n/a | yes |
| public_subnets_map | A map of pairs {availability-zone = subnet-suffix-number}. Each entry creates a subnet. Minimum 1 pair. (e.g. {\"us-east-1a\" = 1} ) | map | n/a | n/a | yes |
@@ -209,7 +209,7 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
@@ -218,7 +218,7 @@ secret_key = "my-secret-key"
| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
- R82-BYOL
- R82-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no |
@@ -247,6 +247,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|----------------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | R80.40 version deprecation |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
diff --git a/terraform/aws/tgw-gwlb/README.md b/terraform/aws/tgw-gwlb/README.md
index d85546e3..89325fd5 100755
--- a/terraform/aws/tgw-gwlb/README.md
+++ b/terraform/aws/tgw-gwlb/README.md
@@ -172,7 +172,7 @@ secret_key = "my-secret-key"
## Inputs
| Name | Description | Type | Allowed values | Default | Required |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------|----------|
+|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|----------|
| vpc_id | Select an existing VPC | string | n/a | n/a | yes |
| internet_gateway_id | VPC's Internet Gateway Id | string | n/a | n/a | yes |
| availability_zones | The Availability Zones (AZs) to use for the subnets in the VPC. | string | n/a | n/a | yes |
@@ -208,7 +208,7 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX
- R82-BYOL
- R82-PAYG-NGTP
- R82-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
@@ -217,7 +217,7 @@ secret_key = "my-secret-key"
| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- c5d.large
- c5d.xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.12xlarge
- c5d.18xlarge
- c5d.24xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG
- R82-BYOL
- R82-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no |
@@ -246,6 +246,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| Template Version | Description |
|------------------|--------------------------------------------------------------------------------------------------------------------|
+| 20241027 | R82 version support |
| 20240704 | R80.40 version deprecation |
| 20240515 | Add support for requiring use instance metadata service version 2 (IMDSv2) only |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |