Skip to content
This repository was archived by the owner on Oct 15, 2025. It is now read-only.

Commit 092f3ad

Browse files
424D57424D57
committed
Parameterize s3 bucket url throughout stack; merge GC RHEL quickstart into master
1 parent 4b4ccd4 commit 092f3ad

14 files changed

Lines changed: 578 additions & 71 deletions

DeepSecurity/Common/DB/DSDBAbstract.template

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -115,14 +115,26 @@
115115
"Description" : "Choose private subnets in the same VPC for this RDS instance",
116116
"Type" : "AWS::EC2::Subnet::Id",
117117
"ConstraintDescription" : "RDS Subnet Groups must be comprised of 2 subnets in seperate availability zones with the specified VPC for deploying this template"
118-
}
118+
},
119+
"CfnUrlPrefix" : {
120+
"Type" : "String",
121+
"Default" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/"
122+
}
119123
},
120124
"Resources" : {
121125
"DSOracleRDS" : {
122126
"Type" : "AWS::CloudFormation::Stack",
123127
"Condition" : "DBTypeIsOracle",
124128
"Properties" : {
125-
"TemplateURL" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/DB/DSDBOracleRDS.template",
129+
"TemplateURL" : {
130+
"Fn::Join" : [
131+
"",
132+
[
133+
{ "Ref" : "CfnUrlPrefix" },
134+
"Common/DB/DSDBOracleRDS.template"
135+
]
136+
]
137+
},
126138
"TimeoutInMinutes" : "10",
127139
"Parameters" : {
128140
"DBIRDSInstanceSize" : {
@@ -156,7 +168,15 @@
156168
"Type" : "AWS::CloudFormation::Stack",
157169
"Condition" : "DBTypeIsSQL",
158170
"Properties" : {
159-
"TemplateURL" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/DB/DSDBSQLRDS.template",
171+
"TemplateURL" : {
172+
"Fn::Join" : [
173+
"",
174+
[
175+
{ "Ref" : "CfnUrlPrefix" },
176+
"Common/DB/DSDBSQLRDS.template"
177+
]
178+
]
179+
},
160180
"TimeoutInMinutes" : "10",
161181
"Parameters" : {
162182
"DBIRDSInstanceSize" : {

DeepSecurity/Common/DSM96ELB.template

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,13 +32,25 @@
3232
"MaxLength" : "255",
3333
"AllowedPattern" : "[-_a-zA-Z0-9]*",
3434
"ConstraintDescription" : "Subnet ID must exist in the chosen VPC"
35-
}
35+
},
36+
"CfnUrlPrefix" : {
37+
"Type" : "String",
38+
"Default" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/"
39+
}
3640
},
3741
"Resources" : {
3842
"ELBSG" : {
3943
"Type" : "AWS::CloudFormation::Stack",
4044
"Properties" : {
41-
"TemplateURL" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/SecurityGroups/DSELBSG.template",
45+
"TemplateURL" : {
46+
"Fn::Join" : [
47+
"",
48+
[
49+
{ "Ref" : "CfnUrlPrefix" },
50+
"Common/SecurityGroups/DSELBSG.template"
51+
]
52+
]
53+
},
4254
"Parameters" : {
4355
"AWSIVPC" : {
4456
"Ref" : "AWSIVPC"

DeepSecurity/Common/Scripts/create-console-listener

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
if [ $5 -eq 1 ]; then
55
openssl req -nodes -new -sha256 -newkey rsa:2048 -subj '/CN='DeepSecurityManager'/O=Trend Micro/OU=Deep Security Manager' -keyout /etc/cfn/privatekey -out /etc/cfn/csr;
66
openssl x509 -req -days 3650 -in /etc/cfn/csr -signkey /etc/cfn/privatekey -out /etc/cfn/certificatebody;
7-
aws iam upload-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --certificate-body file:///etc/cfn/certificatebody --private-key file:///etc/cfn/privatekey
7+
aws iam upload-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --certificate-body file:///etc/cfn/certificatebody --private-key file:///etc/cfn/privatekey --region $6
88
fi
99

1010
loop=1
@@ -15,7 +15,7 @@ do
1515
if [ $loop -eq 1 ]; then echo 'checking for cert availability in iam'; else echo 'cert not yet available in iam'; fi
1616
loop=$((loop+1))
1717
sleep 10
18-
certid=$(aws iam get-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --query ServerCertificate.ServerCertificateMetadata.Arn --output text)
18+
certid=$(aws iam get-server-certificate --server-certificate-name DeepSecurityElbCertificate-$4 --query ServerCertificate.ServerCertificateMetadata.Arn --output text --region $6)
1919
done
2020

2121
loadbalancer=" "

DeepSecurity/Common/Scripts/createCloudAccountGc

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
#!/bin/bash
2+
# createcloudaccount dsmuser dsmpass connectorName guiPort accesskey secretkey
3+
username=$1
4+
password=$2
5+
accesskey=$5
6+
secretkey=$6
7+
8+
# replace this with your DSM IP or FQDN
9+
DSMURL="localhost:$4"
10+
11+
# Remove regions you don't want from this list
12+
#REGIONS=(useast1 uswest1 uswest2 euwest1 apsoutheast1 apsoutheast2 apnortheast1 saeast1 eucentral1 apnortheast2)
13+
14+
# map aws regions to dsm region keys
15+
#useast1=amazon.cloud.region.key.1
16+
#uswest2=amazon.cloud.region.key.2
17+
#uswest1=amazon.cloud.region.key.3
18+
#euwest1=amazon.cloud.region.key.4
19+
#apsoutheast1=amazon.cloud.region.key.5
20+
#apnortheast1=amazon.cloud.region.key.6
21+
#saeast1=amazon.cloud.region.key.7
22+
#apsoutheast2=amazon.cloud.region.key.8
23+
#eucentral1=amazon.cloud.region.key.9
24+
#apnortheast2=amazon.cloud.region.key.12
25+
26+
# map aws regions to ec2 endpoints
27+
#useast1ep=ec2.us-east-1.amazonaws.com
28+
#uswest2ep=ec2.us-west-2.amazonaws.com
29+
#uswest1ep=ec2.us-west-1.amazonaws.com
30+
#euwest1ep=ec2.eu-west-1.amazonaws.com
31+
#apsoutheast1ep=ec2.ap-southeast-1.amazonaws.com
32+
#apnortheast1ep=ec2.ap-northeast-1.amazonaws.com
33+
#saeast1ep=ec2.sa-east-1.amazonaws.com
34+
#apsoutheast2ep=ec2.ap-southeast-2.amazonaws.com
35+
#eucentral1ep=ec2.eu-central-1.amazonaws.com
36+
#apnortheast2ep=ec2.ap-northeast-2.amazonaws.com
37+
38+
39+
echo "#####Login to DSM"
40+
tempDSSID=$(curl -k -H "Content-Type: application/json" -X POST "https://$DSMURL/rest/authentication/login/primary" -d "{"dsCredentials":{"userName":"$username","password":"$password"}}")
41+
42+
echo "#####Looping through regions to create connectors"
43+
#for region in "${REGIONS[@]}"
44+
#do
45+
# endpoint="${region}ep"
46+
# echo "##### creating connector for $region region with endpoint ${!endpoint}"
47+
# curl -ks -H "Content-Type: application/json" "Accept: application/json" -X POST "https://$DSMURL/rest/cloudaccounts" -d '{"createCloudAccountRequest":{"cloudAccountElement":{"accessKey":"'${accesskey}'","cloudRegion":"'${!region}'","cloudType":"AMAZON","name":"'$3'","secretKey":"'${secretkey}'","endpoint":"'${!endpoint}'","azureCertificate":"-"},"sessionId":"'$tempDSSID'"}}'
48+
#done
49+
50+
curl -ks -H "Content-Type: application/json" "Accept: application/json" -X POST "https://$DSMURL/rest/cloudaccounts" -d '{"createCloudAccountRequest":{"cloudAccountElement":{"accessKey":"'${accesskey}'","cloudRegion":"'amazon.cloud.region.key.10'","cloudType":"AMAZON","name":"'$3'","secretKey":"'${secretkey}'","endpoint":"'ec2.us-gov-west-1.amazonaws.com'","azureCertificate":"-"},"sessionId":"'$tempDSSID'"}}'
51+
52+
curl -k -X DELETE https://$DSMURL/rest/authentication/logout?sID=$tempDSSID
53+
54+
unset accesskey
55+
unset secretkey
56+
unset tempDSSID
57+
unset username
58+
unset password
59+

DeepSecurity/DeepSecurity.cfproj

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,9 @@
9292
<Content Include="Common\Scripts\createCloudAccount">
9393
<SubType>Content</SubType>
9494
</Content>
95+
<Content Include="Common\Scripts\createCloudAccountGc">
96+
<SubType>Content</SubType>
97+
</Content>
9598
<Content Include="Common\Scripts\dsm_s.service">
9699
<SubType>Content</SubType>
97100
</Content>

DeepSecurity/Marketplace/DSM96MP.template

Lines changed: 77 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -204,7 +204,11 @@
204204
"Internal"
205205
],
206206
"Default" : "External"
207-
}
207+
},
208+
"CfnUrlPrefix" : {
209+
"Type" : "String",
210+
"Default" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/"
211+
}
208212
},
209213
"Mappings" : {
210214
"DSMAMI" : {
@@ -875,22 +879,54 @@
875879
"addCloudAccount" : {
876880
"files" : {
877881
"/etc/cfn/set-aiaSettings" : {
878-
"source" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/Scripts/set-aiaSettings",
882+
"source" : {
883+
"Fn::Join" : [
884+
"",
885+
[
886+
{ "Ref" : "CfnUrlPrefix" },
887+
"Common/Scripts/set-aiaSettings"
888+
]
889+
]
890+
},
879891
"owner" : "root",
880892
"mode" : "000700"
881893
},
882894
"/etc/cfn/createCloudAccount" : {
883-
"source" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/Scripts/createCloudAccount",
895+
"source" : {
896+
"Fn::Join" : [
897+
"",
898+
[
899+
{ "Ref" : "CfnUrlPrefix" },
900+
"Common/Scripts/createCloudAccount"
901+
]
902+
]
903+
},
884904
"owner" : "root",
885905
"mode" : "000700"
886906
},
887907
"/etc/cfn/wait-for-relay-and-stop-manager" : {
888-
"source" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/Scripts/wait-for-relay-and-stop-manager",
908+
"source" : {
909+
"Fn::Join" : [
910+
"",
911+
[
912+
{ "Ref" : "CfnUrlPrefix" },
913+
"Common/Scripts/wait-for-relay-and-stop-manager"
914+
]
915+
]
916+
},
889917
"owner" : "root",
890918
"mode" : "000700"
891919
},
892920
"/etc/cfn/kill-mp-web-installer" : {
893-
"source" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/Scripts/kill-mp-web-installer",
921+
"source" : {
922+
"Fn::Join" : [
923+
"",
924+
[
925+
{ "Ref" : "CfnUrlPrefix" },
926+
"Common/Scripts/kill-mp-web-installer"
927+
]
928+
]
929+
},
894930
"owner" : "root",
895931
"mode" : "000700"
896932
}
@@ -988,7 +1024,15 @@
9881024
"sqlSetup" : {
9891025
"commands" : {
9901026
"1-get-create-script" : {
991-
"command" : "cd /etc/cfn/rhel-scripts; curl -O https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/Scripts/create-DSM-SqlDB.py; chmod 755 create-DSM-SqlDB.py",
1027+
"command" : {
1028+
"Fn::Join" : [
1029+
"",
1030+
[ "cd /etc/cfn/rhel-scripts; curl -O ",
1031+
{ "Ref" : "CfnUrlPrefix" },
1032+
"Common/Scripts/create-DSM-SqlDB.py; chmod 755 create-DSM-SqlDB.py"
1033+
]
1034+
]
1035+
},
9921036
"ignoreErrors" : "false"
9931037
},
9941038
"2-create-db" : {
@@ -1062,12 +1106,28 @@
10621106
"fixManagerLoadBalancerSettings" : {
10631107
"files" : {
10641108
"/etc/cfn/create-console-listener" : {
1065-
"source" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/Scripts/create-console-listener",
1109+
"source" : {
1110+
"Fn::Join" : [
1111+
"",
1112+
[
1113+
{ "Ref" : "CfnUrlPrefix" },
1114+
"Common/Scripts/create-console-listener"
1115+
]
1116+
]
1117+
},
10661118
"owner" : "root",
10671119
"mode" : "000700"
10681120
},
10691121
"/etc/cfn/set-lbSettings" : {
1070-
"source" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/Scripts/set-lbSettings",
1122+
"source" : {
1123+
"Fn::Join" : [
1124+
"",
1125+
[
1126+
{ "Ref" : "CfnUrlPrefix" },
1127+
"Common/Scripts/set-lbSettings"
1128+
]
1129+
]
1130+
},
10711131
"owner" : "root",
10721132
"mode" : "000700"
10731133
}
@@ -1196,7 +1256,15 @@
11961256
"fixManagerHostObject" : {
11971257
"files" : {
11981258
"/etc/cfn/reactivate-manager" : {
1199-
"source" : "https://s3.amazonaws.com/trend-micro-quick-start/v3.4/Common/Scripts/reactivate-manager",
1259+
"source" : {
1260+
"Fn::Join" : [
1261+
"",
1262+
[
1263+
{ "Ref" : "CfnUrlPrefix" },
1264+
"Common/Scripts/reactivate-manager"
1265+
]
1266+
]
1267+
},
12001268
"owner" : "root",
12011269
"mode" : "000700"
12021270
}

0 commit comments

Comments
 (0)