Add support for choosing internal or external ELB for DS LB settings in Master templates; remove original internal external stubs from ELB template since it builds both now.

Author: 424D57

DeepSecurity/Common/DSM96ELB.template

@@ -25,15 +25,6 @@
             "Default"     : "4119",
             "ConstraintDescription" : "Must be a valid TCP port."
         },
-        "DSELBPosture"      : {
-            "Description" : "Internal or External ELB",
-            "Type"        : "String",
-            "AllowedValues" : [
-                "External",
-                "Internal"
-            ],
-            "Default"       : "External"
-        },
         "DSISubnetID"       : {
             "Description" : "Existing Subnet for Deep Seucurity Manager. Must be a public subnet contained the in VPC chosen above.",
             "Type"        : "String",
@@ -78,13 +69,7 @@
                         ]
                     }
                 ],
-                "Scheme"         : {
-                    "Fn::If" : [
-                        "InternetFacingELB",
-                        "internet-facing",
-                        "internal"
-                    ]
-                },
+                "Scheme"         : "internet-facing",
                 "Listeners"      : [
                     {
                         "LoadBalancerPort" : {
@@ -176,16 +161,6 @@
             }
         }
     },
-    "Conditions"               : {
-        "InternetFacingELB" : {
-            "Fn::Equals" : [
-                {
-                    "Ref" : "DSELBPosture"
-                },
-                "External"
-            ]
-        }
-    },
     "Outputs"                  : {
         "ELBFQDN" : {
             "Value" : {

DeepSecurity/Marketplace/DSM96MP.template

@@ -195,7 +195,16 @@
         "PrivateDSIELB"          : {
             "Type" : "String",
             "Default" : ""
-        }
+        },
+		"DSELBPosture" : {
+			"Description" : "Use internal or external ELB",
+			"Type" : "String",
+			"AllowedValues" : [
+				"External",
+				"Internal"
+				],
+			"Default" : "External"
+			}
     },
     "Mappings"                 : {
         "DSMAMI" : {
@@ -1140,7 +1149,13 @@
 											" ",
 											{ "Ref" : "DSCAdminPassword" },
 											" ",
-											{ "Ref" : "DSIELBFQDN" },
+											{
+												"Fn::If" : [
+													"InternetFacingELB",
+													{ "Ref" : "DSIELBFQDN" },
+													{ "Ref" : "PrivateDSIELBFQDN" }
+													]
+											},
 											" ",
 											{ "Ref" : "DSIPGUIPort" },
 											" ",
@@ -1494,6 +1509,14 @@
                     "Condition" : "PPUNotSelected"
                 }
             ]
+        },
+		"InternetFacingELB" : {
+            "Fn::Equals" : [
+                {
+                    "Ref" : "DSELBPosture"
+                },
+                "External"
+            ]
         }
     },
     "Outputs"                  : {

DeepSecurity/Marketplace/MasterMP96.template

@@ -280,7 +280,16 @@
                 "false"
                 ],
             "Default" : "false"
-            }
+            },
+		"DSELBPosture" : {
+			"Description" : "Use internal or external ELB",
+			"Type" : "String",
+			"AllowedValues" : [
+				"External",
+				"Internal"
+				],
+			"Default" : "External"
+			}
     },
     "Mappings"                 : {
         "DSMNodeDependency" : {
@@ -391,6 +400,9 @@
 							"DSIELB",
 							"Outputs.PrivateELBFQDN"
 							]
+					},
+					"DSELBPosture" : {
+						"Ref" : "DSELBPosture"
 					}
                 }
             }
@@ -570,6 +582,9 @@
 							"DSIELB",
 							"Outputs.PrivateELBFQDN"
 							]
+					},
+					"DSELBPosture" : {
+						"Ref" : "DSELBPosture"
 					}
                 }
             }
@@ -755,7 +770,6 @@
                     "DSIPGUIPort"       : {
                         "Ref" : "DSIPGUIPort"
                     },
-                    "DSELBPosture"      : "External",
                     "DSISubnetID"       : {
                         "Ref" : "DSISubnetID"
                     }
@@ -885,7 +899,15 @@
 				{ "Condition" : "RegionIsWest2" },
 				{ "Condition" : "RegionIsEast1" }
 			]
-		}
+		},
+		"InternetFacingELB" : {
+            "Fn::Equals" : [
+                {
+                    "Ref" : "DSELBPosture"
+                },
+                "External"
+            ]
+        }
     },
     "Outputs"                  : {
         "DeepSecurityConsole" : {
@@ -907,6 +929,38 @@
                     ]
                 ]
             }
-        }
+        },
+		"DeepSecurityHeartbeat" : {
+			"Value" : {
+				"Fn::Join" : [
+					"",
+					[
+					"dsm://",
+						{ 
+							"Fn::If" : [
+								"InternetFacingELB",
+									{
+										"Fn::GetAtt" : [
+										"DSIELB",
+										"Outputs.ELBFQDN"
+										]
+									},
+									{
+										"Fn::GetAtt" : [
+										"DSIELB",
+										"Outputs.PrivateELBFQDN"
+										]
+									}
+								]
+						},
+						":",
+						{
+							"Ref" : "DSIPHeartbeatPort"
+						},
+						"/"
+					]
+				]
+			}
+		}
     }
 }

DeepSecurity/RHEL/DSM96RH.template

@@ -183,6 +183,15 @@
 		"PrivateDSIELB" : {
 			"Type" : "String",
 			"Default" : ""
+			},
+		"DSELBPosture" : {
+			"Description" : "Use internal or external ELB",
+			"Type" : "String",
+			"AllowedValues" : [
+				"External",
+				"Internal"
+				],
+			"Default" : "External"
 			}
     },
     "Mappings"                 : {
@@ -999,7 +1008,13 @@
 											" ",
 											{ "Ref" : "DSCAdminPassword" },
 											" ",
-											{ "Ref" : "DSIELBFQDN" },
+											{
+												"Fn::If" : [
+													"InternetFacingELB",
+													{ "Ref" : "DSIELBFQDN" },
+													{ "Ref" : "PrivateDSIELBFQDN" }
+													]
+											},
 											" ",
 											{ "Ref" : "DSIPGUIPort" },
 											" ",
@@ -1285,7 +1300,15 @@
 				{ "Condition" : "IsFirstNode" },
 				{ "Condition" : "AddToELB" }
 			]
-		}
+		},
+		"InternetFacingELB" : {
+            "Fn::Equals" : [
+                {
+                    "Ref" : "DSELBPosture"
+                },
+                "External"
+            ]
+        }
     },
     "Outputs"                  : {
         "DSMFQDN" : {

DeepSecurity/RHEL/MasterRH96.template

@@ -10,7 +10,7 @@
 				},
 				{
 					"Label" : { "default" : "Network Configuration" },
-					"Parameters" : [ "AWSIVPC", "DSISubnetID", "DBISubnet1", "DBISubnet2" ]
+					"Parameters" : [ "AWSIVPC", "DSISubnetID", "DBISubnet1", "DBISubnet2", "DSELBPosture" ]
 				},
 				{
 					"Label" : { "default" : "Database Configuration" },
@@ -41,7 +41,8 @@
 				"DBISubnet1" : { "default" : "Primary private subnet for RDS" },
 				"DBISubnet2" : { "default" : "Secondary private subnet for RDS" },
 				"DBIInstanceIdentifier" : { "default" : "Unique RDS Instance ID" },
-				"DBPMultiAZ" : { "default" : "Single- or Multi- AZ RDS instance" }
+				"DBPMultiAZ" : { "default" : "Single- or Multi- AZ RDS instance" },
+				"DSELBPosture" : { "default" : "Use internal or external ELB" }
 			}
 		}
 	},
@@ -263,7 +264,16 @@
                 "false"
                 ],
             "Default" : "false"
-            }
+            },
+		"DSELBPosture" : {
+			"Description" : "Use internal or external ELB",
+			"Type" : "String",
+			"AllowedValues" : [
+				"External",
+				"Internal"
+				],
+			"Default" : "External"
+			}
     },
     "Resources"                : {
         "DSM96Node1" : {
@@ -355,6 +365,9 @@
 							"DSIELB",
 							"Outputs.PrivateELBFQDN"
 							]
+					},
+					"DSELBPosture" : {
+						"Ref" : "DSELBPosture"
 					}
                 }
             }
@@ -528,6 +541,9 @@
 							"DSIELB",
 							"Outputs.PrivateELBFQDN"
 							]
+					},
+					"DSELBPosture" : {
+						"Ref" : "DSELBPosture"
 					}
                 }
             }
@@ -710,7 +726,6 @@
                     "DSIPGUIPort"       : {
                         "Ref" : "DSIPGUIPort"
                     },
-                    "DSELBPosture"      : "External",
                     "DSISubnetID"       : {
                         "Ref" : "DSISubnetID"
                     }
@@ -822,6 +837,14 @@
                     "Condition" : "DoNotLaunchRDSInstance"
                 }
             ]
+        },
+		"InternetFacingELB" : {
+            "Fn::Equals" : [
+                {
+                    "Ref" : "DSELBPosture"
+                },
+                "External"
+            ]
         }
     },
     "Outputs"                  : {
@@ -848,13 +871,25 @@
 		"DeepSecurityHeartbeat" : {
 			"Value" : {
 				"Fn::Join" : [
-					"",[
-						"dsm://",
-						{
-							"Fn::GetAtt" : [
-								"DSIELB",
-								"Outputs.ELBFQDN"
-							]
+					"",
+					[
+					"dsm://",
+						{ 
+							"Fn::If" : [
+								"InternetFacingELB",
+									{
+										"Fn::GetAtt" : [
+										"DSIELB",
+										"Outputs.ELBFQDN"
+										]
+									},
+									{
+										"Fn::GetAtt" : [
+										"DSIELB",
+										"Outputs.PrivateELBFQDN"
+										]
+									}
+								]
 						},
 						":",
 						{