This repository provides a structured set of Terraform modules for deploying Check Point CloudGuard Network Security in Amazon Web Services (AWS). These modules automate the creation of Virtual Private Clouds (VPCs), Security Gateways, High-Availability architectures, and more, enabling secure and scalable cloud deployments.
Submodules: Contains modular, reusable, production-grade Terraform components, each with its own documentation.
Examples: Demonstrates how to use the modules.
Submodules:
autoscale_gwlb- Deploys Auto Scaling Group of CloudGuard Security Gateways into an existing VPC.cme_iam_role- Creates AWS IAM Role for Cloud Management Extension (CME) on Security Management Server.cme_iam_role_gwlb- Creates AWS IAM Role for Cloud Management Extension (CME) manages Gateway Load Balancer Auto Scale Group on Security Management Server.gateway- Deploys Check Point CloudGuard Network Security Gateway into an existing VPC.gateway_master-Check Point CloudGuard Network Security Gateway into a new VPC.gwlb- Deploys AWS Auto Scaling group configured for Gateway Load Balancer into an existing VPC.gwlb_master- Deploys AWS Auto Scaling group configured for Gateway Load Balancer into a new VPC.management- Deploys CloudGuard Network Security Management Server into an existing VPC.
Internal Submodules:
amiscloudwatch_policyelastic_ipgateway_instanceinstance_typeinternal_default_routeload_balancerpermissive_sgversion_licensevpc
Each submodule in this repository includes preconfigured security group rules designed to ensure the solution works properly out of the box. These rules are tailored for the default deployment scenarios but may require adjustments to meet your specific security and compliance requirements.
Example: To restrict inbound\outbound traffic, update the security_rules attribute in the submodule configuration:
security_rules = [
{
direction = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["10.0.0.0/30"]
}
]Add the required module in your Terraform configuration file (main.tf) to deploy resources. For example:
provider "aws" { }
module "example_module" {
source = "CheckPointSW/cloudguard-network-security/aws//modules/{module_name}"
version = "{chosen_version}"
# Add the required inputs
}Ensure you have the AWS CLI installed and navigate to the directory containing your main.tf file: is located, using the appropriate terminal:
- Linux/macOS: Terminal.
- Windows: PowerShell or Command Prompt.
Set up your AWS credentials and configure the default region by setting environment variables:
export AWS_ACCESS_KEY_ID="{your-access-key-id}"
export AWS_SECRET_ACCESS_KEY="{your-secret-access-key}"
export AWS_DEFAULT_REGION="{your-region}"
aws configure
$env:AWS_ACCESS_KEY_ID="{your-access-key-id}"
$env:AWS_SECRET_ACCESS_KEY="{your-secret-access-key}"
$env:AWS_DEFAULT_REGION="{your-region}"
aws configureset AWS_ACCESS_KEY_ID="{your-access-key-id}"
set AWS_SECRET_ACCESS_KEY="{your-secret-access-key}"
set AWS_DEFAULT_REGION="{your-region}"
aws configureUse Terraform commands to deploy resources securely.
Prepare the working directory and download required provider plugins:
terraform initPreview the changes Terraform will make:
terraform planApply the planned changes and deploy the resources:
terraform applyNote: The terraform apply command might vary slightly depending on the submodule configurations. Pay close attention to any additional instructions provided in the submodules' documentation to ensure correct usage and handling of the resources.