bootstrap updates and Instance Sizes

nidpande · Mar 26, 2020 · 5c0649d · 5c0649d
1 parent 98ea586
commit 5c0649d
Show file tree

Hide file tree

Showing 5 changed files with 217 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 
 .DS_Store
+globalprotect-asg/gp-asg.yml
diff --git a/globalprotect-asg/bootstrap-gateway.zip b/globalprotect-asg/bootstrap-gateway.zip
diff --git a/globalprotect-asg/bootstrap-portal.zip b/globalprotect-asg/bootstrap-portal.zip
diff --git a/globalprotect-asg/gp-asg.json b/globalprotect-asg/gp-asg.json
@@ -25,6 +25,114 @@
         "FirewallAMI": {
             "Description": "Input the firewall AMI ID. https://docs.paloaltonetworks.com/compatibility-matrix/vm-series-firewalls/aws-cft-amazon-machine-images-ami-list",
             "Type": "AWS::EC2::Image::Id"
+        },
+        "InstanceTypePortal": {
+            "Description": "EC2 instance type for the Portal, C5/M5 requires v9.x",
+            "Type": "String",
+            "Default": "c5.2xlarge",
+            "AllowedValues": [
+                "c5.xlarge",
+                "c5.2xlarge",
+                "c5.4xlarge",
+                "c5.9xlarge",
+                "c5.18xlarge",
+                "c5n.xlarge",
+                "c5n.2xlarge",
+                "c5n.4xlarge",
+                "c5n.9xlarge",
+                "c5n.18xlarge",
+                "m5.xlarge",
+                "m5.2xlarge",
+                "m5.4xlarge",
+                "m5.12xlarge",
+                "m5.24xlarge",
+                "m5n.xlarge",
+                "m5n.2xlarge",
+                "m5n.4xlarge",
+                "m5n.8xlarge",
+                "c4.xlarge",
+                "c4.2xlarge",
+                "c4.4xlarge",
+                "c4.8xlarge",
+                "m4.xlarge",
+                "m4.2xlarge",
+                "m4.4xlarge",
+                "c3.xlarge",
+                "c3.2xlarge",
+                "c3.4xlarge",
+                "c3.8xlarge",
+                "m3.xlarge",
+                "m3.2xlarge"
+            ],
+            "ConstraintDescription": "must be a valid EC2 instance type."
+        },
+        "InstanceTypeGateway": {
+            "Description": "EC2 instance type for the Gateways, C5/M5 requires v9.x",
+            "Type": "String",
+            "Default": "c5.2xlarge",
+            "AllowedValues": [
+                "c5.xlarge",
+                "c5.2xlarge",
+                "c5.4xlarge",
+                "c5.9xlarge",
+                "c5.18xlarge",
+                "c5n.xlarge",
+                "c5n.2xlarge",
+                "c5n.4xlarge",
+                "c5n.9xlarge",
+                "c5n.18xlarge",
+                "m5.xlarge",
+                "m5.2xlarge",
+                "m5.4xlarge",
+                "m5.12xlarge",
+                "m5.24xlarge",
+                "m5n.xlarge",
+                "m5n.2xlarge",
+                "m5n.4xlarge",
+                "m5n.8xlarge",
+                "c4.xlarge",
+                "c4.2xlarge",
+                "c4.4xlarge",
+                "c4.8xlarge",
+                "m4.xlarge",
+                "m4.2xlarge",
+                "m4.4xlarge",
+                "c3.xlarge",
+                "c3.2xlarge",
+                "c3.4xlarge",
+                "c3.8xlarge",
+                "m3.xlarge",
+                "m3.2xlarge"
+            ],
+            "ConstraintDescription": "must be a valid EC2 instance type."
+        }
+    },
+    "Metadata": {
+        "AWS::CloudFormation::Interface": {
+            "ParameterGroups": [
+                {
+                    "Label": {
+                        "default": "Firewall Parameters"
+                    },
+                    "Parameters": [
+                        "ServerKeyName",
+                        "AZchoice",
+                        "FirewallAMI",
+                        "InstanceTypePortal",
+                        "InstanceTypeGateway"
+                    ]
+                },
+                {
+                    "Label": {
+                        "default": "Amazon Configuration"
+                    },
+                    "Parameters": [
+                        "PortalBootstrapBucketName",
+                        "GatewayBootstrapBucketName",
+                        "LambdaBucketName"
+                    ]
+                }
+            ]
         }
     },
     "Resources": {
@@ -710,7 +818,9 @@
                 "ImageId": {
                     "Ref": "FirewallAMI"
                 },
-                "InstanceType": "c5.xlarge",
+                "InstanceType": {
+                    "Ref": "InstanceTypePortal"
+                },
                 "KeyName": {
                     "Ref": "ServerKeyName"
                 },
@@ -801,7 +911,9 @@
                     "Ref": "ServerKeyName"
                 },
                 "AssociatePublicIpAddress": true,
-                "InstanceType": "c5.xlarge",
+                "InstanceType": {
+                    "Ref": "InstanceTypeGateway"
+                },
                 "BlockDeviceMappings": [
                     {
                         "DeviceName": "/dev/xvda",

diff --git a/globalprotect-asg/gp-asg.yml b/globalprotect-asg/gp-asg.yml
@@ -17,8 +17,105 @@ Parameters:
     Description: Choose your region
     Type: 'AWS::EC2::AvailabilityZone::Name'
   FirewallAMI:
-    Description: Input the firewall AMI ID. https://docs.paloaltonetworks.com/compatibility-matrix/vm-series-firewalls/aws-cft-amazon-machine-images-ami-list
+    Description: >-
+      Input the firewall AMI ID.
+      https://docs.paloaltonetworks.com/compatibility-matrix/vm-series-firewalls/aws-cft-amazon-machine-images-ami-list
     Type: 'AWS::EC2::Image::Id'
+  InstanceTypePortal:
+    Description: 'EC2 instance type for the Portal, C5/M5 requires v9.x'
+    Type: String
+    Default: c5.2xlarge
+    AllowedValues:
+      - c5.xlarge
+      - c5.2xlarge
+      - c5.4xlarge
+      - c5.9xlarge
+      - c5.18xlarge
+      - c5n.xlarge
+      - c5n.2xlarge
+      - c5n.4xlarge
+      - c5n.9xlarge
+      - c5n.18xlarge
+      - m5.xlarge
+      - m5.2xlarge
+      - m5.4xlarge
+      - m5.12xlarge
+      - m5.24xlarge
+      - m5n.xlarge
+      - m5n.2xlarge
+      - m5n.4xlarge
+      - m5n.8xlarge
+      - c4.xlarge
+      - c4.2xlarge
+      - c4.4xlarge
+      - c4.8xlarge
+      - m4.xlarge
+      - m4.2xlarge
+      - m4.4xlarge
+      - c3.xlarge
+      - c3.2xlarge
+      - c3.4xlarge
+      - c3.8xlarge
+      - m3.xlarge
+      - m3.2xlarge
+    ConstraintDescription: must be a valid EC2 instance type.
+  InstanceTypeGateway:
+    Description: 'EC2 instance type for the Gateways, C5/M5 requires v9.x'
+    Type: String
+    Default: c5.2xlarge
+    AllowedValues:
+      - c5.xlarge
+      - c5.2xlarge
+      - c5.4xlarge
+      - c5.9xlarge
+      - c5.18xlarge
+      - c5n.xlarge
+      - c5n.2xlarge
+      - c5n.4xlarge
+      - c5n.9xlarge
+      - c5n.18xlarge
+      - m5.xlarge
+      - m5.2xlarge
+      - m5.4xlarge
+      - m5.12xlarge
+      - m5.24xlarge
+      - m5n.xlarge
+      - m5n.2xlarge
+      - m5n.4xlarge
+      - m5n.8xlarge
+      - c4.xlarge
+      - c4.2xlarge
+      - c4.4xlarge
+      - c4.8xlarge
+      - m4.xlarge
+      - m4.2xlarge
+      - m4.4xlarge
+      - c3.xlarge
+      - c3.2xlarge
+      - c3.4xlarge
+      - c3.8xlarge
+      - m3.xlarge
+      - m3.2xlarge
+    ConstraintDescription: must be a valid EC2 instance type.
+Metadata: 
+  AWS::CloudFormation::Interface: 
+    ParameterGroups: 
+      - 
+        Label: 
+          default: "Firewall Parameters"
+        Parameters: 
+          - ServerKeyName
+          - AZchoice
+          - FirewallAMI
+          - InstanceTypePortal
+          - InstanceTypeGateway
+      - 
+        Label: 
+          default: "Amazon Configuration"
+        Parameters: 
+          - PortalBootstrapBucketName
+          - GatewayBootstrapBucketName
+          - LambdaBucketName
 Resources:
   PortalBSRole:
     Type: 'AWS::IAM::Role'
@@ -392,8 +489,8 @@ Resources:
             VolumeType: gp2
             DeleteOnTermination: true
             VolumeSize: 60
-      ImageId: !Ref 'FirewallAMI'
-      InstanceType: c5.xlarge
+      ImageId: !Ref FirewallAMI
+      InstanceType: !Ref InstanceTypePortal
       KeyName: !Ref ServerKeyName
       Monitoring: false
       Tags:
@@ -438,14 +535,14 @@ Resources:
     Properties:
       KeyName: !Ref ServerKeyName
       AssociatePublicIpAddress: true
-      InstanceType: c5.xlarge
+      InstanceType: !Ref InstanceTypeGateway
       BlockDeviceMappings:
         - DeviceName: /dev/xvda
           Ebs:
             VolumeType: gp2
             DeleteOnTermination: true
             VolumeSize: 60
-      ImageId: !Ref 'FirewallAMI'
+      ImageId: !Ref FirewallAMI
       SecurityGroups:
         - !Ref PAVMAWSPublicSecurityGroup
       EbsOptimized: true