Updated README.md and prettification

<project version="4">

  <component name="ChangeListManager">

    <list default="true" id="6d8b47de-bd76-4775-9001-e9d1327eafc5" name="Default Changelist" comment="">

      <change afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/files/deploy.sh" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/bigip/main.tf" beforeDir="false" afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/bigip/main.tf" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/README.md" beforeDir="false" afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/README.md" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/bigip/outputs.tf" beforeDir="false" afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/bigip/outputs.tf" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/docker/main.tf" beforeDir="false" afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/docker/main.tf" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/hostvars_template.yml" beforeDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/files/userdata.tmpl" beforeDir="false" afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/files/userdata.tmpl" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/main.tf" beforeDir="false" afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/main.tf" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/vars.tf" beforeDir="false" afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/vars.tf" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/outputs.tf" beforeDir="false" afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/modules/functions/jumpbox/outputs.tf" afterDir="false" />

      <change beforePath="$PROJECT_DIR$/terraform/f5-sgw-ts/secure/inspec/bigip-ready/files/file" beforeDir="false" afterPath="$PROJECT_DIR$/terraform/f5-sgw-ts/secure/inspec/bigip-ready/files/file" afterDir="false" />

    </list>

    <option name="SHOW_DIALOG" value="false" />

    <option name="HIGHLIGHT_CONFLICTS" value="true" />

    <option name="showLibraryContents" value="true" />

  </component>

  <component name="PropertiesComponent">

    <property name="RunOnceActivity.ShowReadmeOnStart" value="true" />

    <property name="WebServerToolWindowFactoryState" value="false" />

    <property name="last_opened_file_path" value="$PROJECT_DIR$" />

    <property name="node.js.detected.package.eslint" value="true" />

      <workItem from="1574922245790" duration="1009000" />

      <workItem from="1574988736439" duration="13109000" />

      <workItem from="1575411461731" duration="191000" />

      <workItem from="1575783013263" duration="280000" />

      <workItem from="1575783319032" duration="36202000" />

    </task>

    <servers />

  </component>

    </option>

  </component>

  <component name="WindowStateProjectService">

    <state x="653" y="383" key="com.intellij.ide.util.TipDialog" timestamp="1575411543681">

      <screen x="0" y="23" width="1920" height="1057" />

    <state x="1170" y="475" key="com.intellij.ide.util.TipDialog" timestamp="1575783319254">

      <screen x="0" y="0" width="3440" height="1395" />

    </state>

    <state x="653" y="383" key="com.intellij.ide.util.TipDialog/-1920.23.1920.1057/0.23.1920.1057/-3600.23.1680.1027@0.23.1920.1057" timestamp="1575411543681" />

    <state x="1170" y="475" key="com.intellij.ide.util.TipDialog/0.0.3440.1395@0.0.3440.1395" timestamp="1575783319254" />

    <state x="948" y="329" key="com.intellij.openapi.editor.actions.MultiplePasteAction$ClipboardContentChooser" timestamp="1575921756577">

      <screen x="0" y="0" width="2560" height="1395" />

    </state>

    <state x="948" y="329" key="com.intellij.openapi.editor.actions.MultiplePasteAction$ClipboardContentChooser/0.0.2560.1395@0.0.2560.1395" timestamp="1575921756577" />

    <state x="1422" y="244" key="com.intellij.openapi.editor.actions.MultiplePasteAction$ClipboardContentChooser/0.0.3840.1035@0.0.3840.1035" timestamp="1575865715940" />

  </component>

</project>

 No newline at end of file

an authentication token must be generated and recorded as documented below in order to access the modules required by this demo

https://www.terraform.io/docs/commands/cli-config.html

You can choose to run this from your workstation or a container. Follow the instructions below as appropriate;

Initially this demo is run from the local workstation.

# Using your workstation

- install Terraform https://learn.hashicorp.com/terraform/getting-started/install.html

- install locust https://docs.locust.io/en/stable/installation.html

- install jq https://stedolan.github.io/jq/download/

# Using a Docker container

The port 8089 is opened in order to use the gui of the locust load generating tool should you choose to use it.

- install Docker Desktop (https://www.docker.com/products/docker-desktop)

- `docker run -it -v $(pwd):/workspace -p 8089:8089 mmenger/tfdemoenv:1.6.2 /bin/bash`

# Required Resource

This example creates the following resources inside of AWS.  Please ensure your IAM user or IAM Role has privileges to create these objects.

# Access Credentials

```bash

#starting from within the clone of this repository

vi secrets.auto.tfvars

vi secrets.tfvars

```

enter the following in the *secrets.auto.tfvars* file

```hcl

AccessKeyID         = "<AN ACCESS KEY FOR YOUR AWS ACCOUNT>" 

SecretAccessKey     = "<THE SECRET KEY ASSOCIATED WITH THE AWS ACCESS KEY>" 

ec2_key_name        = "<THE NAME OF AN AWS KEY PAIR WHICH IS ASSOCIATE WITH THE AWS ACOUNT>"

ec2_key_file        = "<THE PATH TO AN SSH KEY FILE USED TO CONNECT TO THE UBUNTU SERVER ONCE IT IS CREATED. NOTE: THIS PATH SHOULD BE RELATIVE TO THE CONTAINER ROOT>"

enter the following in the *secrets.tfvars* file

```hcl-terraform

cidr           = "<VPC CIDR Block>"

region         = "<AWS Deployment Region>"

azs            = ["<primary az>", "<secondary az>"]

secops-profile = "<AWS_PROFILE>"

customer       = "<Cusotomer Tage Prefix>"

ec2_key_name   = "<EC2 Keypair>"

ec2_key_file   = "<EC2 Private Key Absolution /path/to/filename.pem>"

environment    = "<Environment - Tag>"

project        = "<Project - Tag>"

```

save the file and quit vi

# Setup 

Due to the modulistion of the demo structure this demo is created from ```secure``` path, after the repo has been cloned; 

```hcl

# Enter secure demo path

cd secure/

# initialize Terraform

terraform init

# Plan terraform to validate deployment

terraform plan

terraform plan --var-file=/path/to/secrets.tfvars

# build the BIG-IPS and the underpinning infrastructure

terraform apply 

terraform apply --var-file=/path/to/secrets.tfvars

```

Depending upon how you intend to use the environment you may need to wait after Terraform is complete. The configuration of the  BIG-IPs is completed asynchoronously. If you need the BIG-IPs to be fully configured before proceeding, the following Inspec tests validate the connectivity of the BIG-IP and the availability of the management API end point.

```

once the tests all pass the BIG-IPs are ready

If terraform returns an error, rerun ```terraform apply```.

If terraform returns an error, rerun ```terraform apply --var-file=/path/to/secrets.tfvars```.

# Log into the BIG-IP

```

# Teardown

When you are done using the demo environment you will need to decommission it

```hcl

terraform destroy

terraform destroy --var-file=/path/to/secret.tfvars

```

as a final step check that terraform doesn't think there's anything remaining

terraform show

```

this should return a blank line

<<<<<<< HEAD

# Todo

* adjust subnets and ranges to remove hardcoding for dynamic generation (smaller cidr for inspections)

* AWS SSM integration for keystore/passwords

* flow log addition/creation for CIS Foundations

* AWS Security HUB(?)

=======

>>>>>>> c1011a4108b87900d2187485c80916d354a7fe8e

# Credits

* Mark Menhjar - Terraform AWS BIG-IP Setup - <https://github.com/mjmenger/terraform-aws-bigip-setup>

* Daniel Edgar - Ansible Uber Demo - <https://github.com/>

output "public_nic_ids" {

  description = "BIG-IP Public EIP ID's"

  value       = module.bigip.public_nic_ids

}

output "mgmt_public_ips" {

  description = "BIG-IP Management Public IP Addresses"

  value       = module.bigip.mgmt_public_ips

}

output "mgmt_public_dns" {

  description = "BIG-IP Management Public FQDN's"

  value       = module.bigip.mgmt_public_dns

}

output "mgmt_addresses" {

  description = "BIG-IP Managemment Private IP's"

  value       = module.bigip.mgmt_addresses

}

output "private_addresses" {

  description = "BIG-IP Private VS IP's"

  value       = module.bigip.private_addresses

}

output "bigip_mgmt_port" {

  description = "BIG-IP Management Port"

  value       = module.bigip.mgmt_port

}

#!/bin/bash

## This is install & configure ansible

cd /home/ubuntu

git clone https://github.com/merps/ansible-uber-demo.git

cd ansible-uber-demo

cp /home/ubuntu/inventory.yml /home/ubuntu/ansible-uber-demo/ansible/inventory.yml

ansible-galaxy install -r ansible/requirements.yml

ansible-playbook ansible/playbooks/site.yml

# install dependencies

sudo apt update

sudo apt-add-repository --yes --update ppa:ansible/ansible

sudo apt install software-properties-common ansible python-apt python-pip rpm -y

sudo apt install software-properties-common ansible python-apt python-pip rpm git docker.io -y

sudo pip install -q jmespath

# install inspec

wget https://packages.chef.io/files/stable/inspec/4.18.0/ubuntu/18.04/inspec_4.18.0-1_amd64.deb

sudo dpkg -i inspec_4.18.0-1_amd64.deb

### Clean up

rm /config/cloud/startup-script.sh 

EOF