Merge pull request #319 from chkp-yizhako/yo-bootsrap-provider

Update AWS terraform provider to 5.20.1 and add  support for bootstrap script execution

terraform/aws/autoscale-gwlb/README.md

@@ -97,7 +97,7 @@ secret_key = "my-secret-key"
     enable_instance_connect = false
     allow_upload_download = true
     enable_cloudwatch = false
-    gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
+    gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
 
 
 
@@ -171,8 +171,9 @@ In order to check the template version, please refer to [sk116585](https://suppo
 | 20221226         | Support ASG Launch Template instead of Launch Configuration                                                   |
 | 20230521         | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
 | 20230806         | Add support for c6in instance type                                                                            |
-| 20230830         | Change default Check Point version to R81.20                                   |
-| 20230923         | Add support for C5d instance type                               |
+| 20230829         | Change default Check Point version to R81.20                                                                  |
+| 20230923         | Add support for C5d instance type                                                                             |
+| 20231012         | Update AWS Terraform provider version to 5.20.1                                                               |
 
 ## License
 

terraform/aws/autoscale-gwlb/asg_userdata.yaml

@@ -26,4 +26,4 @@ bootcmd:
     - echo "cpprod_util CPPROD_SetValue \"fw1\" \"AwsGwlb\" 4 1 1" >> /etc/rc.local
 runcmd:
   - |
-    python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230923\" templateName=\"autoscale_gwlb\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"
+    python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"autoscale_gwlb\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"

terraform/aws/autoscale-gwlb/main.tf

@@ -85,31 +85,38 @@ resource "aws_autoscaling_group" "asg" {
   vpc_zone_identifier = var.subnet_ids
   health_check_grace_period = 0
 
-  tags = concat(
-  [
-    {
+  tag {
       key = "Name"
       value = format("%s%s", var.prefix != "" ? format("%s-", var.prefix) : "", var.gateway_name)
       propagate_at_launch = true
-    },
-    {
+  }
+
+  tag {
       key = "x-chkp-tags"
       value = format("management=%s:template=%s:ip-address=%s", var.management_server, var.configuration_template, var.gateways_provision_address_type)
       propagate_at_launch = true
-    },
-    {
+  }
+
+  tag {
       key = "x-chkp-topology"
       value = "internal"
       propagate_at_launch = true
-    },
-    {
+  }
+
+  tag {
       key = "x-chkp-solution"
       value = "autoscale_gwlb"
       propagate_at_launch = true
     }
-  ],
-  local.tags_asg_format
-  )
+
+  dynamic "tag" {
+    for_each = var.instances_tags
+    content {
+      key = tag.key
+      value = tag.value
+      propagate_at_launch = true
+    }
+  }
 }
 
 data "aws_iam_policy_document" "assume_role_policy_document" {

terraform/aws/autoscale-gwlb/terraform.tfvars

@@ -36,5 +36,5 @@ gateway_SICKey = "12345678"
 enable_instance_connect = false
 allow_upload_download = true
 enable_cloudwatch = false
-gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
+gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
 

terraform/aws/autoscale-gwlb/versions.tf

@@ -3,13 +3,13 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.24.1"
+      version = "~> 5.20.0"
     }
     http = {
-      version = "~> 2.0.0"
+      version = "~> 3.4.0"
     }
     random = {
-      version = "~> 3.0.1"
+      version = "~> 3.5.1"
     }
   }
 }

terraform/aws/autoscale/README.md

@@ -98,7 +98,7 @@ secret_key = "my-secret-key"
     enable_instance_connect = false
     allow_upload_download = true
     enable_cloudwatch = false
-    gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
+    gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
 
     // --- Outbound Proxy Configuration (optional) ---
     proxy_elb_type = "internet-facing"
@@ -184,8 +184,9 @@ In order to check the template version, please refer to [sk116585](https://suppo
 | 20221226         | Support ASG Launch Template instead of Launch Configuration        |
 | 20230521         | Change default shell for the admin user to /etc/cli.sh             |
 | 20230806         | Add support for c6in instance type                                 | 
-| 20230830         | Change default Check Point version to R81.20                                   |
-| 20230923         | Add support for C5d instance type                               |
+| 20230829         | Change default Check Point version to R81.20                       |
+| 20230923         | Add support for C5d instance type                                  |
+| 20231012         | Update AWS Terraform provider version to 5.20.1                    |
 
 ## License
 

terraform/aws/autoscale/asg_userdata.yaml

@@ -1,4 +1,4 @@
 #cloud-config
 runcmd:
   - |
-    python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230923\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"
+    python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"

terraform/aws/autoscale/main.tf

@@ -84,21 +84,26 @@ resource "aws_autoscaling_group" "asg" {
   vpc_zone_identifier = var.subnet_ids
   health_check_grace_period = 0
 
-  tags = concat(
-  [
-    {
+  tag {
       key = "Name"
       value = format("%s%s", var.prefix != "" ? format("%s-", var.prefix) : "", var.gateway_name)
       propagate_at_launch = true
-    },
-    {
+  }
+
+  tag {
       key = "x-chkp-tags"
       value = format("management=%s:template=%s:ip-address=%s", var.management_server, var.configuration_template, var.gateways_provision_address_type)
       propagate_at_launch = true
     }
-  ],
-  local.tags_asg_format
-  )
+
+  dynamic "tag" {
+    for_each = var.instances_tags
+    content {
+      key = tag.key
+      value = tag.value
+      propagate_at_launch = true
+    }
+  }
 }
 
 data "aws_iam_policy_document" "assume_role_policy_document" {

terraform/aws/autoscale/terraform.tfvars

@@ -35,7 +35,7 @@ gateway_SICKey = "12345678"
 enable_instance_connect = false
 allow_upload_download = true
 enable_cloudwatch = false
-gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
+gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
 
 // --- Outbound Proxy Configuration (optional) ---
 proxy_elb_type = "internet-facing"

terraform/aws/autoscale/versions.tf

@@ -3,13 +3,13 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.24.1"
+      version = "~> 5.20.0"
     }
     http = {
-      version = "~> 2.0.0"
+      version = "~> 3.4.0"
     }
     random = {
-      version = "~> 3.0.1"
+      version = "~> 3.5.1"
     }
   }
 }

terraform/aws/cluster-master/README.md

@@ -126,7 +126,7 @@ secret_key = "my-secret-key"
     gateway_hostname = "gw-hostname"
     allow_upload_download = true
     enable_cloudwatch = false
-    gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
+    gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
     primary_ntp = ""
     secondary_ntp = ""
   ```
@@ -208,9 +208,9 @@ In order to check the template version, please refer to [sk116585](https://suppo
 | 20230503         | Smart-1 Cloud token validation                                                                                |
 | 20230521         | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
 | 20230806         | Add support for c6in instance type                                                                            |
-| 20230830         | Change default Check Point version to R81.20                                   |
-| 20230923         | Add support for C5d instance type                               |
-
+| 20230829         | Change default Check Point version to R81.20                                                                  |
+| 20230923         | Add support for C5d instance type                                                                             |
+| 20231012         | Update AWS Terraform provider version to 5.20.1                                                               |
 
 ## License
 

terraform/aws/cluster-master/terraform.tfvars

@@ -40,6 +40,6 @@ resources_tag_name = "tag-name"
 gateway_hostname = "gw-hostname"
 allow_upload_download = true
 enable_cloudwatch = false
-gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
+gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
 primary_ntp = ""
 secondary_ntp = ""

terraform/aws/cluster-master/versions.tf

@@ -3,10 +3,10 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.24.1"
+      version = "~> 5.20.0"
     }
     http = {
-      version = "~> 2.0.0"
+      version = "~> 3.4.0"
     }
   }
 }

terraform/aws/cluster/README.md

@@ -100,7 +100,7 @@ secret_key = "my-secret-key"
     gateway_hostname = "gw-hostname"
     allow_upload_download = true
     enable_cloudwatch = false
-    gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
+    gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
     primary_ntp = ""
     secondary_ntp = ""
   ```
@@ -186,8 +186,9 @@ In order to check the template version, please refer to [sk116585](https://suppo
 | 20230503         | Smart-1 Cloud token validation                                                                                |
 | 20230521         | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
 | 20230806         | Add support for c6in instance type                                                                            |
-| 20230830         | Change default Check Point version to R81.20                                   |
-| 20230923         | Add support for C5d instance type                               |
+| 20230829         | Change default Check Point version to R81.20                                                                  |
+| 20230923         | Add support for C5d instance type                                                                             |
+| 20231012         | Update AWS Terraform provider version to 5.20.1                                                               |
 
 
 ## License

terraform/aws/cluster/cluster_member_a_userdata.yaml

@@ -1,4 +1,4 @@
 #cloud-config
 runcmd:
   - |
-    python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberAPublicAddress}\" templateVersion=\"20230923\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
+    python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberAPublicAddress}\" templateVersion=\"20231012\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"

terraform/aws/cluster/cluster_member_b_userdata.yaml

@@ -1,4 +1,4 @@
 #cloud-config
 runcmd:
   - |
-    python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberBPublicAddress}\" templateVersion=\"20230923\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
+    python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberBPublicAddress}\" templateVersion=\"20231012\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"

terraform/aws/cluster/main.tf

@@ -207,15 +207,14 @@ resource "aws_instance" "member-b-instance" {
 }
 
 resource "aws_eip" "cluster_eip" {
-  vpc = true
 }
+
 resource "aws_eip" "member_a_eip" {
   count = var.allocate_and_associate_eip ? 1 : 0
-  vpc = true
 }
+
 resource "aws_eip" "member_b_eip" {
   count = var.allocate_and_associate_eip ? 1 : 0
-  vpc = true
 }
 
 resource "aws_eip_association" "cluster_address_assoc" {

terraform/aws/cluster/terraform.tfvars

@@ -36,6 +36,6 @@ resources_tag_name = "tag-name"
 gateway_hostname = "gw-hostname"
 allow_upload_download = true
 enable_cloudwatch = false
-gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
+gateway_bootstrap_script = "echo 'this is bootstrap script' > /home/admin/bootstrap.txt"
 primary_ntp = ""
 secondary_ntp = ""

terraform/aws/cluster/versions.tf

@@ -3,10 +3,10 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.24.1"
+      version = "~> 5.20.0"
     }
     http = {
-      version = "~> 2.0.0"
+      version = "~> 3.4.0"
     }
   }
 }

terraform/aws/cme-iam-role-gwlb/README.md

@@ -92,7 +92,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
 | Template Version | Description                                                        |
 |------------------|--------------------------------------------------------------------|
 | 20230926         | CME instance profile for IAM Role                                  |
-
+| 20231012         | Update AWS Terraform provider version to 5.20.1                    |
 
 
 ## License

terraform/aws/cme-iam-role-gwlb/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.24.1"
+      version = "~> 5.20.0"
     }
   }
 }

terraform/aws/cme-iam-role/README.md

@@ -92,7 +92,8 @@ In order to check the template version, please refer to [sk116585](https://suppo
 | Template Version | Description                                                        |
 |------------------|--------------------------------------------------------------------|
 | 20210309         | First release of Check Point CME IAM Role Terraform module for AWS |
-| 20230529         | CME instance profile for IAM Role                                  | 
+| 20230514         | CME instance profile for IAM Role                                  |
+| 20231012         | Update AWS Terraform provider version to 5.20.1                    |
 
 
 

terraform/aws/cme-iam-role/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.24.1"
+      version = "~> 5.20.0"
     }
   }
 }