Check Point CloudFormation Templates

In This Section:

Template Parameters

Parameter Description

Template Parameters

The section that follows, provides additional information about Check Point CloudFormation template parameters:

Password hash
SIC key
IAM permissions (STS accounts)

Parameter Description

Parameter	Description
`Password hash`	To manage the environment security, administrators can connect to the Security Management Server with SmartConsole clients and to Check Point instances through the Gaia Portal. When you deploy a Check Point CloudGuard IaaS instance, you can set the administrator password for the server with password hash parameters. To protect the password, you must provide the password's MD5-based BSD password algorithm 1 salted hash, instead of the password itself. You can pre-generate the password's salted hash. On a Check Point Security Management Server, run this command: `cpopenssl passwd -1 password` On Linux or Windows machines with OpenSSL installed, run this command: `openssl passwd -1 password`
`Secure Internal Communication (SIC) key`	The SIC key creates trusted connections between Security Gateways, Security Management Servers, and other Check Point components. Trust is required to install policies on the Security Gateways and to send logs from the Security Gateways to Security Management Servers.
`IAM permissions`	When you set STS Role ARN values in the STS Role field of the Transit Management CloudFormation template, the role you create will have sts:AssumeRole permission. If you have to add or remove additional spoke accounts later, edit the Transit role profile in AWS, and add or remove ARNs.

Parameter

Description

Password hash

To manage the environment security, administrators can connect to the Security Management Server with SmartConsole clients and to Check Point instances through the Gaia Portal.

When you deploy a Check Point CloudGuard IaaS instance, you can set the administrator password for the server with password hash parameters. To protect the password, you must provide the password's MD5-based BSD password algorithm 1 salted hash, instead of the password itself.

You can pre-generate the password's salted hash.

On a Check Point Security Management Server, run this command:
cpopenssl passwd -1 password
On Linux or Windows machines with OpenSSL installed, run this command:
openssl passwd -1 password

Secure Internal Communication (SIC) key

The SIC key creates trusted connections between Security Gateways, Security Management Servers, and other Check Point components.

Trust is required to install policies on the Security Gateways and to send logs from the Security Gateways to Security Management Servers.

IAM permissions

When you set STS Role ARN values in the STS Role field of the Transit Management CloudFormation template, the role you create will have sts:AssumeRole permission.

If you have to add or remove additional spoke accounts later, edit the Transit role profile in AWS, and add or remove ARNs.