From e88660840ec9c476989e85a850e98f66f99eb304 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 9 Dec 2019 12:39:21 +0200 Subject: [PATCH] Initial infra with a couple of example machines and island --- envs/os_compatability/aws_keys/.gitignore | 4 + envs/os_compatability/terraform/config.tf | 5 + envs/os_compatability/terraform/infra.tf | 92 +++++++++++++++++++ .../terraform/instance_template/main.tf | 12 +++ .../terraform/instance_template/variables.tf | 17 ++++ envs/os_compatability/terraform/instances.tf | 41 +++++++++ 6 files changed, 171 insertions(+) create mode 100644 envs/os_compatability/aws_keys/.gitignore create mode 100644 envs/os_compatability/terraform/config.tf create mode 100644 envs/os_compatability/terraform/infra.tf create mode 100644 envs/os_compatability/terraform/instance_template/main.tf create mode 100644 envs/os_compatability/terraform/instance_template/variables.tf create mode 100644 envs/os_compatability/terraform/instances.tf diff --git a/envs/os_compatability/aws_keys/.gitignore b/envs/os_compatability/aws_keys/.gitignore new file mode 100644 index 000000000..5e7d2734c --- /dev/null +++ b/envs/os_compatability/aws_keys/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/envs/os_compatability/terraform/config.tf b/envs/os_compatability/terraform/config.tf new file mode 100644 index 000000000..9884c24a2 --- /dev/null +++ b/envs/os_compatability/terraform/config.tf @@ -0,0 +1,5 @@ +provider "aws" { + version = "~> 2.0" + region = "eu-central-1" + shared_credentials_file = "../aws_keys/accessKeys" +} diff --git a/envs/os_compatability/terraform/infra.tf b/envs/os_compatability/terraform/infra.tf new file mode 100644 index 000000000..c561acb02 --- /dev/null +++ b/envs/os_compatability/terraform/infra.tf @@ -0,0 +1,92 @@ +resource "aws_vpc" "os_compat_vpc" { + cidr_block = "10.0.0.0/24" + enable_dns_support = true + tags = { + Name = "os_compat_vpc" + } +} + +resource "aws_internet_gateway" "os_compat_gateway" { + vpc_id = "${aws_vpc.os_compat_vpc.id}" + + tags = { + Name = "os_compat_gateway" + } +} + +// create routing table which points to the internet gateway +resource "aws_route_table" "os_compat_route" { + vpc_id = "${aws_vpc.os_compat_vpc.id}" + + route { + cidr_block = "0.0.0.0/0" + gateway_id = "${aws_internet_gateway.os_compat_gateway.id}" + } + + tags = { + Name = "os_compat_route" + } +} + +// associate the routing table with the subnet +resource "aws_route_table_association" "subnet-association" { + subnet_id = "${aws_subnet.main.id}" + route_table_id = "${aws_route_table.os_compat_route.id}" +} + +resource "aws_subnet" "main" { + vpc_id = "${aws_vpc.os_compat_vpc.id}" + cidr_block = "10.0.0.0/24" + + tags = { + Name = "Main" + } +} + +resource "aws_security_group" "os_compat_islad" { + name = "os_compat_island" + description = "Allow remote access to the island" + vpc_id = "${aws_vpc.os_compat_vpc.id}" + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "os_compat_island" + } +} + +resource "aws_security_group" "os_compat_instance" { + name = "os_compat_instance" + description = "Disables remote access to vulnerable instances" + vpc_id = "${aws_vpc.os_compat_vpc.id}" + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "os_compat_instance" + } +} diff --git a/envs/os_compatability/terraform/instance_template/main.tf b/envs/os_compatability/terraform/instance_template/main.tf new file mode 100644 index 000000000..5c95b55b4 --- /dev/null +++ b/envs/os_compatability/terraform/instance_template/main.tf @@ -0,0 +1,12 @@ +resource "aws_instance" "os_test_machine" { + ami = "${var.ami}" + instance_type = "t2.micro" + private_ip = "${var.ip}" + subnet_id = "${data.aws_subnet.main.id}" + key_name = "os_compat" + tags = { + Name = "${var.name}" + } + security_groups = ["${data.aws_security_group.os_compat_instance.id}"] + associate_public_ip_address = false +} diff --git a/envs/os_compatability/terraform/instance_template/variables.tf b/envs/os_compatability/terraform/instance_template/variables.tf new file mode 100644 index 000000000..baa480461 --- /dev/null +++ b/envs/os_compatability/terraform/instance_template/variables.tf @@ -0,0 +1,17 @@ +variable "ami" {type=string} +variable "ip" {type=string} +variable "name" {type=string} +variable "env_vars" { + type = object({ + subnet_id = string + security_group_id = string + }) +} + +data "aws_subnet" "main" { + id = "${var.env_vars.subnet_id}" +} + +data "aws_security_group" "os_compat_instance" { + id = "${var.env_vars.security_group_id}" +} diff --git a/envs/os_compatability/terraform/instances.tf b/envs/os_compatability/terraform/instances.tf new file mode 100644 index 000000000..4257230da --- /dev/null +++ b/envs/os_compatability/terraform/instances.tf @@ -0,0 +1,41 @@ +resource "aws_instance" "island" { + ami = "ami-01cc9554aa0b4c00e" + instance_type = "t2.micro" + private_ip = "10.0.0.251" + subnet_id = "${aws_subnet.main.id}" + key_name = "os_compat" + tags = { + Name = "os_compat_ISLAND" + } + security_groups = ["${aws_security_group.os_compat_islad.id}"] + associate_public_ip_address = true + root_block_device { + volume_size = "30" + volume_type = "standard" + delete_on_termination = true + } + #associate_public_ip_address = false +} + +locals { + env_vars = { + subnet_id = "${aws_subnet.main.id}" + security_group_id = "${aws_security_group.os_compat_instance.id}" + } +} + +module "ubuntu_12" { + source = "./instance_template" + name = "ubuntu_12" + ami = "ami-003d0b1d" + ip = "10.0.0.6" + env_vars = "${local.env_vars}" +} + +module "ubuntu_14" { + source = "./instance_template" + name = "ubuntu_14" + ami = "ami-067ee10914e74ffee" + ip = "10.0.0.7" + env_vars = "${local.env_vars}" +}