Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS | CFT & TF | Add support for Elastic Load Balancer Health Checks #359

Merged
merged 2 commits into from
Apr 25, 2024
Merged

AWS | CFT & TF | Add support for Elastic Load Balancer Health Checks #359

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2e1778c
add port and update health check
chkp-meravbe Apr 17, 2024
ecfaac8
TF | add port and update health check
chkp-meravbe Apr 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion aws/templates/asg/autoscale.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
Description: Create an Auto Scaling group of Check Point gateways (20240204)
Description: Create an Auto Scaling group of Check Point gateways (20240417)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
Expand Down Expand Up @@ -479,6 +479,8 @@ Resources:
MaxSize: !Ref GatewaysMaxSize
LoadBalancerNames: !If [CreateELB, [!Ref ElasticLoadBalancer], !Ref 'AWS::NoValue']
TargetGroupARNs: !If [ProvidedTargetGroups, !Split [',', !Ref GatewaysTargetGroups], !Ref 'AWS::NoValue']
HealthCheckGracePeriod: 3600
HealthCheckType: ELB
NotificationConfiguration: !If
- ProvidedAdminEmail
- TopicARN: !Ref NotificationTopic
Expand Down
6 changes: 5 additions & 1 deletion aws/templates/management/management.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
Description: Deploys a Check Point Management Server (20240204)
Description: Deploys a Check Point Management Server (20240417)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
Expand Down Expand Up @@ -446,6 +446,10 @@ Resources:
IpProtocol: tcp
FromPort: 18192
ToPort: 18192
- CidrIp: !Ref GatewaysAddresses
IpProtocol: tcp
FromPort: 18208
ToPort: 18208
- CidrIp: !Ref GatewaysAddresses
IpProtocol: tcp
FromPort: 18210
Expand Down
6 changes: 5 additions & 1 deletion aws/templates/mds/mds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: Deploys a Check Point Multi-Domain Server (20240204)
Description: Deploys a Check Point Multi-Domain Server (20240417)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
Expand Down Expand Up @@ -414,6 +414,10 @@ Resources:
IpProtocol: tcp
FromPort: 18192
ToPort: 18192
- CidrIp: !Ref GatewaysAddresses
IpProtocol: tcp
FromPort: 18208
ToPort: 18208
- CidrIp: !Ref GatewaysAddresses
IpProtocol: tcp
FromPort: 18210
Expand Down
25 changes: 13 additions & 12 deletions terraform/aws/autoscale-gwlb/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,18 +164,19 @@ secret_key = "my-secret-key"
## Revision History
In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)

| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------------------|
| 20220414 | First release of Check Point Auto Scaling GWLB Terraform module for AWS |
| 20220606 | New instance type support |
| 20221123 | R81.20 version support |
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
| 20230829 | Change default Check Point version to R81.20 |
| 20230914 | Add support for maintenance mode password |
| 20230923 | Add support for C5d instance type |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
| Template Version | Description |
|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 20220414 | First release of Check Point Auto Scaling GWLB Terraform module for AWS |
| 20220606 | New instance type support |
| 20221123 | R81.20 version support |
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
| 20230829 | Change default Check Point version to R81.20 |
| 20230914 | Add support for maintenance mode password |
| 20230923 | Add support for C5d instance type |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
| 20240414 | - Add support for Elastic Load Balancer Health Checks.<br/>- EC2 Auto Scaling will start to detect and act on health checks performed by Elastic Load Balancing. |

## License

Expand Down
3 changes: 2 additions & 1 deletion terraform/aws/autoscale-gwlb/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,8 @@ resource "aws_autoscaling_group" "asg" {
max_size = var.maximum_group_size
target_group_arns = var.target_groups
vpc_zone_identifier = var.subnet_ids
health_check_grace_period = 0
health_check_grace_period = 3600
health_check_type = "ELB"

tag {
key = "Name"
Expand Down
29 changes: 15 additions & 14 deletions terraform/aws/autoscale/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,20 +176,21 @@ secret_key = "my-secret-key"
## Revision History
In order to check the template version, please refer to [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)

| Template Version | Description |
|------------------|--------------------------------------------------------------------|
| 20200318 | First release of Check Point Auto Scaling Terraform module for AWS |
| 20210309 | AWS Terraform modules refactor |
| 20210329 | Stability fixes |
| 20220606 | New instance type support |
| 20221123 | R81.20 version support |
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230521 | Change default shell for the admin user to /etc/cli.sh |
| 20230806 | Add support for c6in instance type |
| 20230829 | Change default Check Point version to R81.20 |
| 20230914 | Add support for maintenance mode password |
| 20230923 | Add support for C5d instance type |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
| Template Version | Description |
|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 20200318 | First release of Check Point Auto Scaling Terraform module for AWS |
| 20210309 | AWS Terraform modules refactor |
| 20210329 | Stability fixes |
| 20220606 | New instance type support |
| 20221123 | R81.20 version support |
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230521 | Change default shell for the admin user to /etc/cli.sh |
| 20230806 | Add support for c6in instance type |
| 20230829 | Change default Check Point version to R81.20 |
| 20230914 | Add support for maintenance mode password |
| 20230923 | Add support for C5d instance type |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
| 20240414 | - Add support for Elastic Load Balancer Health Checks.<br/>- EC2 Auto Scaling will start to detect and act on health checks performed by Elastic Load Balancing. |

## License

Expand Down
3 changes: 2 additions & 1 deletion terraform/aws/autoscale/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,8 @@ resource "aws_autoscaling_group" "asg" {
load_balancers = aws_elb.proxy_elb.*.name
target_group_arns = var.target_groups
vpc_zone_identifier = var.subnet_ids
health_check_grace_period = 0
health_check_grace_period = 3600
health_check_type = "ELB"

tag {
key = "Name"
Expand Down
6 changes: 6 additions & 0 deletions terraform/aws/management/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ resource "aws_security_group" "management_sg" {
protocol = "tcp"
cidr_blocks = [var.gateway_addresses]
}
ingress {
from_port = 18208
to_port = 18208
protocol = "tcp"
cidr_blocks = [var.gateway_addresses]
}
ingress {
from_port = 18210
to_port = 18210
Expand Down
6 changes: 6 additions & 0 deletions terraform/aws/mds/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,12 @@ resource "aws_security_group" "mds_sg" {
protocol = "tcp"
cidr_blocks = [var.gateway_addresses]
}
ingress {
from_port = 18208
to_port = 18208
protocol = "tcp"
cidr_blocks = [var.gateway_addresses]
}
ingress {
from_port = 18210
to_port = 18210
Expand Down
Loading