-
-
Save nnfuzzy/ecaae98cda8b91065aa0cce5a1d1e559 to your computer and use it in GitHub Desktop.
AWS EC2 Graylog playground
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
services: | |
# MongoDB: https://hub.docker.com/mongo/ | |
mongo: | |
image: mongo:4.2 | |
networks: | |
- graylog | |
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html | |
elasticsearch: | |
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 | |
environment: | |
- http.host=0.0.0.0 | |
- transport.host=localhost | |
- network.host=0.0.0.0 | |
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" | |
ulimits: | |
memlock: | |
soft: -1 | |
hard: -1 | |
deploy: | |
resources: | |
limits: | |
memory: 1g | |
networks: | |
- graylog | |
# Graylog: https://hub.docker.com/r/graylog/graylog/ | |
graylog: | |
image: graylog/graylog:4.0 | |
environment: | |
# CHANGE ME (must be at least 16 characters)! | |
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper | |
# Password: admin | |
- GRAYLOG_ROOT_PASSWORD_SHA2=AnyPasssowrdHASH | |
- GRAYLOG_HTTP_EXTERNAL_URI=http://AWSExternalElasticIP:9000/ #Not ElasticSearch! | |
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh | |
networks: | |
- graylog | |
restart: always | |
depends_on: | |
- mongo | |
- elasticsearch | |
ports: | |
# Graylog web interface and REST API | |
- 9000:9000 | |
# Syslog TCP | |
- 5555:5555 | |
# Syslog UDP | |
#- 1514:1514/udp | |
# GELF TCP | |
#- 12201:12201 | |
# GELF UDP | |
#- 12201:12201/udp | |
networks: | |
graylog: | |
driver: bridge |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
sudo apt-get update -y | |
sudo apt-get install -y mc git tmux zsh | |
sudo apt-get install -y \ | |
apt-transport-https \ | |
ca-certificates \ | |
curl \ | |
gnupg \ | |
lsb-release | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg | |
echo \ | |
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ | |
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null | |
sudo apt-get update -y | |
sudo apt-get install -y docker-ce docker-ce-cli containerd.io | |
sudo usermod -aG docker ${USER} | |
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
sudo chmod +x /usr/local/bin/docker-compose |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
required_providers { | |
aws = { | |
source = "hashicorp/aws" | |
version = "~> 2.70" | |
} | |
} | |
} | |
provider "aws" { | |
profile = "default" | |
region = "eu-central-1" | |
} | |
resource "aws_key_pair" "graylogkey" { | |
key_name = "graylogkey" | |
public_key = "cat > YourPublicKey" | |
} | |
resource "aws_security_group" "allow_limited" { | |
name = "${terraform.workspace}_allow_limited" | |
description = "Allow limited" | |
ingress { | |
from_port = 22 | |
to_port = 22 | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
from_port = 9000 | |
to_port = 9000 | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
from_port = 5555 | |
to_port = 5555 | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
} | |
resource "aws_instance" "graylog" { | |
ami = "ami-05f7491af5eef733a" #Ubuntu20.04 | |
instance_type = "t3a.large" | |
key_name = aws_key_pair.graylogkey.key_name | |
vpc_security_group_ids = [aws_security_group.allow_limited.id] | |
tags ={ | |
Name = "graylog" | |
} | |
user_data=file("install.sh") # Docker install | |
root_block_device { | |
volume_type = "gp2" | |
volume_size = "40" | |
} | |
provisioner "file" { | |
source="~/.tmux.conf" | |
destination="~/.tmux.conf" | |
connection { | |
type = "ssh" | |
user = "ubuntu" | |
private_key = file("~/.ssh/graylog") | |
host = self.public_dns | |
} | |
} | |
} | |
resource "aws_eip" "graylog_ip" { | |
instance = aws_instance.graylog.id | |
vpc = true | |
} | |
output "graylog_ip" { | |
value = aws_eip.graylog_ip.public_ip | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment