{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Create AlertLogic IDS security infrastructure inside a VPC. The artifacts created are: Security Group, Launch Configuration for IDS security appliances that uses the Security Group and an Autoscaling Group that uses the Launch Configuration.", "Parameters": { "AccountId": { "Description": "Enter your AlertLogic account ID.", "Type": "String", "AllowedPattern": "^[1-9][0-9]*$", "ConstraintDescription": "must be a valid AlertLogic account ID" }, "DeploymentId": { "Description": "Enter your AlertLogic deployment ID.", "Type": "String", "AllowedPattern": "^[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}$", "ConstraintDescription": "must be a valid UUID" }, "VpcId": { "Description": "Select a target VPC to deploy security infrastructure.", "Type": "AWS::EC2::VPC::Id", "ConstraintDescription": "must be a valid VPC ID" }, "VpcCidr": { "Description": "Enter CIDR of the selected VPC", "Type": "String", "AllowedPattern": "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/[0-9]{1,2}$", "ConstraintDescription": "must be a valid CIDR" }, "SubnetId": { "Description": "Select the target subnet ID", "Type": "AWS::EC2::Subnet::Id", "ConstraintDescription": "must be a valid existing subnet ID" }, "AvailabilityZoneName": { "Description": "Select target AZ matching select subnet ID.", "Type": "AWS::EC2::AvailabilityZone::Name", "ConstraintDescription": "must be a valid Availability Zone matching selected subnet ID" }, "AssignPublicIp": { "Type": "String", "Description": "Enable to assign public IP addresses to IDS security appliances", "Default": "true", "AllowedValues": [ "true", "false" ] }, "InstanceType": { "Description": "Select the instance type to launch IDS security appliances", "Type": "String", "Default": "c5.xlarge", "AllowedValues": [ "m4.large", "m4.xlarge", "m4.2xlarge", "m5.large", "m5.xlarge", "m5.2xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c5.large", "c5.xlarge", "c5.2xlarge" ], "ConstraintDescription": "must be a valid EC2 instance type" }, "NumAppliances": { "Description": "Enter a desired number of security appliances", "Type": "Number", "Default": "1", "MaxValue": "10", "ConstraintDescription": "must be an integer between 1 and 10" } }, "Conditions": { "AssignPublicIp": { "Fn::Equals": [ "true", { "Ref": "AssignPublicIp" } ] } }, "Metadata": { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Alert Logic configuration" }, "Parameters": [ "AccountId", "DeploymentId" ] }, { "Label": { "default": "Network Configuration" }, "Parameters": [ "VpcId", "VpcCidr", "SubnetId", "AvailabilityZoneName" ] }, { "Label": { "default": "IDS Security Appliances configuration" }, "Parameters": [ "InstanceType", "NumAppliances", "AssignPublicIp" ] } ], "ParameterLabels": { "AccountId": { "default": "Alert Logic Account ID" }, "DeploymentId": { "default": "Alert Logic Deployment ID" }, "VpcId": { "default": "Target VPC" }, "SubnetId": { "default": "Target Subnet ID" }, "InstanceType": { "default": "AWS instance type" }, "NumAppliances": { "default": "Number of instances to deploy" }, "AssignPublicIp": { "default": "Assign Public IP" } } } }, "Mappings": { "Internal": { "Tags": { "Version": "v1.0.23" } }, "RegionSettings": { "af-south-1": { "ImageId": "ami-09d8ae18fd9476943" }, "ap-east-1": { "ImageId": "ami-0b9f781c078c2bb96" }, "ap-northeast-1": { "ImageId": "ami-02f58faca668c94be" }, "ap-northeast-2": { "ImageId": "ami-06ba7f4d7cb1a40b0" }, "ap-northeast-3": { "ImageId": "ami-0d2d1c31f99770410" }, "ap-south-1": { "ImageId": "ami-0f0f2c10573854e73" }, "ap-southeast-1": { "ImageId": "ami-0feddb0c6dffb4dbb" }, "ap-southeast-2": { "ImageId": "ami-059b5f8e11db86595" }, "ap-southeast-3": { "ImageId": "ami-04ace3ec9879885eb" }, "ap-southeast-4": { "ImageId": "ami-0a72d224fe13ece7e" }, "ca-central-1": { "ImageId": "ami-0f47133df1300b88a" }, "eu-central-1": { "ImageId": "ami-0a337de49c7e8caab" }, "eu-central-2": { "ImageId": "ami-083639a5df843922a" }, "eu-north-1": { "ImageId": "ami-079e7eb0df4f17a2f" }, "eu-south-1": { "ImageId": "ami-0fa3392bec43a2749" }, "eu-south-2": { "ImageId": "ami-00a8cdc73359f9dc5" }, "eu-west-1": { "ImageId": "ami-07dada231e617e70e" }, "eu-west-2": { "ImageId": "ami-0f0d8db0584b81dc9" }, "eu-west-3": { "ImageId": "ami-0f9bc8db76f626c3e" }, "il-central-1": { "ImageId": "ami-0249e012c09627ca0" }, "me-central-1": { "ImageId": "ami-031894a3d7c85e843" }, "me-south-1": { "ImageId": "ami-0a03a45f8665c8642" }, "sa-east-1": { "ImageId": "ami-0b5c9b59460471297" }, "us-east-1": { "ImageId": "ami-06e37f930d7212ff4" }, "us-east-2": { "ImageId": "ami-02817266095676d85" }, "us-west-1": { "ImageId": "ami-005b03cb4a5de6210" }, "us-west-2": { "ImageId": "ami-02aefdaa7e0441957" }, "us-gov-east-1": { "ImageId": "ami-0f9c81dc1da6c15d7" }, "us-gov-west-1": { "ImageId": "ami-0a03d3558bc0f1778" } } }, "Resources": { "AutoScalingGroup": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { "AutoScalingGroupName": { "Fn::Join": [ "", [ "AlertLogic IDS Security Autoscaling Group ", { "Ref": "AccountId" }, "/", { "Ref": "DeploymentId" }, "/", { "Ref": "AvailabilityZoneName" }, "/", { "Ref": "VpcId" } ] ] }, "AvailabilityZones": [], "VPCZoneIdentifier": [ { "Ref": "SubnetId" } ], "LaunchConfigurationName": { "Ref": "LaunchConfiguration" }, "MinSize": { "Ref": "NumAppliances" }, "MaxSize": { "Ref": "NumAppliances" }, "DesiredCapacity": { "Ref": "NumAppliances" }, "Tags": [ { "Key": "Name", "Value": "AlertLogic IDS Security Appliance", "PropagateAtLaunch": "true" }, { "Key": "AlertLogic-AccountID", "Value": { "Ref": "AccountId" }, "PropagateAtLaunch": "true" }, { "Key": "AlertLogic-EnvironmentID", "Value": { "Ref": "DeploymentId" }, "PropagateAtLaunch": "true" }, { "Key": "AlertLogic", "Value": "Security", "PropagateAtLaunch": "true" }, { "Key": "AlertLogic IDS Manual Mode Template Version", "Value": { "Fn::FindInMap": [ "Internal", "Tags", "Version" ] }, "PropagateAtLaunch": "true" } ] } }, "LaunchConfiguration": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "LaunchConfigurationName": { "Fn::Join": [ "", [ "AlertLogic IDS Security Launch Configuration ", { "Ref": "AccountId" }, "/", { "Ref": "DeploymentId" }, "/", { "Ref": "AvailabilityZoneName" }, "/", { "Ref": "VpcId" } ] ] }, "ImageId": { "Fn::FindInMap": [ "RegionSettings", { "Ref": "AWS::Region" }, "ImageId" ] }, "SecurityGroups": [ { "Ref": "SecurityGroup" } ], "InstanceType": { "Ref": "InstanceType" }, "AssociatePublicIpAddress": { "Fn::If": [ "AssignPublicIp", "true", "false" ] } } }, "SecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VpcId" }, "GroupName": { "Fn::Join": [ "", [ "AlertLogic IDS Security Group ", { "Ref": "AccountId" }, "/", { "Ref": "DeploymentId" }, "/", { "Ref": "AvailabilityZoneName" }, "/", { "Ref": "VpcId" } ] ] }, "GroupDescription": "AlertLogic IDS Security Group", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": { "Ref": "VpcCidr" } }, { "IpProtocol": "tcp", "FromPort": "7777", "ToPort": "7777", "CidrIp": { "Ref": "VpcCidr" } } ], "SecurityGroupEgress": [ { "IpProtocol": "tcp", "FromPort": "53", "ToPort": "53", "CidrIp": "8.8.4.4/32" }, { "IpProtocol": "tcp", "FromPort": "53", "ToPort": "53", "CidrIp": "8.8.8.8/32" }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "185.54.124.0/24" }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "204.110.218.96/27" }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "204.110.219.96/27" }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "208.71.209.32/27" }, { "IpProtocol": "tcp", "FromPort": "4138", "ToPort": "4138", "CidrIp": "185.54.124.0/24" }, { "IpProtocol": "tcp", "FromPort": "4138", "ToPort": "4138", "CidrIp": "204.110.218.96/27" }, { "IpProtocol": "tcp", "FromPort": "4138", "ToPort": "4138", "CidrIp": "204.110.219.96/27" }, { "IpProtocol": "tcp", "FromPort": "4138", "ToPort": "4138", "CidrIp": "208.71.209.32/27" }, { "IpProtocol": "udp", "FromPort": "53", "ToPort": "53", "CidrIp": "8.8.4.4/32" }, { "IpProtocol": "udp", "FromPort": "53", "ToPort": "53", "CidrIp": "8.8.8.8/32" } ], "Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "", [ "AlertLogic IDS Security Group ", { "Ref": "AccountId" }, "/", { "Ref": "DeploymentId" }, "/", { "Ref": "AvailabilityZoneName" }, "/", { "Ref": "VpcId" } ] ] } }, { "Key": "AlertLogic-AccountID", "Value": { "Ref": "AccountId" } }, { "Key": "AlertLogic-EnvironmentID", "Value": { "Ref": "DeploymentId" } }, { "Key": "AlertLogic", "Value": "Security" }, { "Key": "AlertLogic IDS Manual Mode Template Version", "Value": { "Fn::FindInMap": [ "Internal", "Tags", "Version" ] } } ] } } }, "Outputs": { "AccountId": { "Description": "AlertLogic account ID", "Value": { "Ref": "AccountId" } }, "DeploymentId": { "Description": "AlertLogic deployment ID", "Value": { "Ref": "DeploymentId" } }, "VpcId": { "Description": "ID of the protected VPC", "Value": { "Ref": "VpcId" } }, "NumAppliances": { "Description": "The number of created IDS security appliances", "Value": { "Ref": "NumAppliances" } }, "SecurityGroupId": { "Description": "ID of the security group assigned to the IDS security appliances", "Value": { "Fn::GetAtt": [ "SecurityGroup", "GroupId" ] } } } }