Initial terraform configuration

2019-01-06 21:07:49 -08:00
parent 162f5ce552
commit 409ba689ec
13 changed files with 399 additions and 8 deletions
--- a/Terraform/Method1/main.tf
+++ b/Terraform/Method1/main.tf
@@ -0,0 +1,222 @@
+# Terraform configuration to be used with DetectionLab Method1
+# Before using this, you must fill out the variables in terraform.tfvars
+# Please follow the instructions in https://github.com/clong/DetectionLab/blob/master/Terraform/Method1/Method1.md
+
+variable "region" {
+  default = "us-west-1"
+}
+variable "shared_credentials_file" {
+  type = "string"
+}
+variable "key_name" {
+  default = "id_terraform"
+}
+variable "public_key_path" {
+  type = string
+}
+variable "ip_whitelist" {
+  type = "list"
+}
+variable "logger_ami" {}
+variable "dc_ami" {}
+variable "wef_ami" {}
+variable "win10_ami" {}
+
+# Specify the provider and access details
+provider "aws" {
+  shared_credentials_file = "${var.shared_credentials_file}"
+  region = "${var.region}"
+  profile = "terraform"
+}
+
+# Create a VPC to launch our instances into
+resource "aws_vpc" "default" {
+  cidr_block = "192.168.0.0/16"
+}
+
+# Create an internet gateway to give our subnet access to the outside world
+resource "aws_internet_gateway" "default" {
+  vpc_id = "${aws_vpc.default.id}"
+}
+
+# Grant the VPC internet access on its main route table
+resource "aws_route" "internet_access" {
+  route_table_id         = "${aws_vpc.default.main_route_table_id}"
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = "${aws_internet_gateway.default.id}"
+}
+
+# Create a subnet to launch our instances into
+resource "aws_subnet" "default" {
+  vpc_id                  = "${aws_vpc.default.id}"
+  cidr_block              = "192.168.38.0/24"
+  map_public_ip_on_launch = true
+}
+
+# Our default security group for the logger host
+resource "aws_security_group" "logger" {
+  name        = "logger_security_group"
+  description = "DetectionLab: Security Group for the logger host"
+  vpc_id      = "${aws_vpc.default.id}"
+
+  # SSH access
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = "${var.ip_whitelist}"
+  }
+
+  # Splunk access
+  ingress {
+    from_port   = 8000
+    to_port     = 8000
+    protocol    = "tcp"
+    cidr_blocks = "${var.ip_whitelist}"
+  }
+
+  # Fleet access
+  ingress {
+    from_port   = 8412
+    to_port     = 8412
+    protocol    = "tcp"
+    cidr_blocks = "${var.ip_whitelist}"
+  }
+
+  # Caldera access
+  ingress {
+    from_port   = 8888
+    to_port     = 8888
+    protocol    = "tcp"
+    cidr_blocks = "${var.ip_whitelist}"
+  }
+
+  # Allow all traffic from the private subnet
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["192.168.38.0/24"]
+  }
+
+  # outbound internet access
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "windows" {
+  name        = "windows_security_group"
+  description = "DetectionLab: Security group for the Windows hosts"
+  vpc_id      = "${aws_vpc.default.id}"
+
+  # RDP
+  ingress {
+    from_port   = 3389
+    to_port     = 3389
+    protocol    = "tcp"
+    cidr_blocks = "${var.ip_whitelist}"
+  }
+
+  # WinRM
+  ingress {
+    from_port   = 5985
+    to_port     = 5986
+    protocol    = "tcp"
+    cidr_blocks = "${var.ip_whitelist}"
+  }
+
+  # Allow all traffic from the private subnet
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["192.168.38.0/24"]
+  }
+
+  # outbound internet access
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_key_pair" "auth" {
+  key_name   = "${var.key_name}"
+  public_key = "${file(var.public_key_path)}"
+}
+
+resource "aws_instance" "logger" {
+  instance_type = "t3.medium"
+  ami = "${var.logger_ami}"
+  tags {
+    Name = "logger"
+  }
+  subnet_id = "${aws_subnet.default.id}"
+  vpc_security_group_ids = ["${aws_security_group.logger.id}"]
+  key_name = "${aws_key_pair.auth.id}"
+  private_ip = "192.168.38.105"
+  # Run the following commands to restart Fleet
+  provisioner "remote-exec" {
+    inline = [
+      "cd /home/vagrant/kolide-quickstart && sudo docker-compose stop",
+      "sudo service docker restart",
+      "cd /home/vagrant/kolide-quickstart && sudo docker-compose start"
+    ]
+    connection {
+      type = "ssh"
+      user = "vagrant"
+      password = "vagrant"
+    }
+  }
+  root_block_device {
+    delete_on_termination = true
+  }
+}
+
+resource "aws_instance" "dc" {
+  instance_type = "t2.small"
+  ami = "${var.dc_ami}"
+  tags {
+    Name = "dc.windomain.local"
+  }
+  subnet_id = "${aws_subnet.default.id}"
+  vpc_security_group_ids = ["${aws_security_group.windows.id}"]
+  private_ip = "192.168.38.102"
+  root_block_device {
+    delete_on_termination = true
+  }
+}
+
+resource "aws_instance" "wef" {
+  instance_type = "t2.small"
+  ami = "${var.wef_ami}"
+  tags {
+    Name = "wef.windomain.local"
+  }
+  subnet_id = "${aws_subnet.default.id}"
+  vpc_security_group_ids = ["${aws_security_group.windows.id}"]
+  private_ip = "192.168.38.103"
+  root_block_device {
+    delete_on_termination = true
+  }
+}
+
+resource "aws_instance" "win10" {
+  instance_type = "t2.small"
+  ami = "${var.win10_ami}"
+  tags {
+    Name = "win10.windomain.local"
+  }
+  subnet_id = "${aws_subnet.default.id}"
+  vpc_security_group_ids = ["${aws_security_group.windows.id}"]
+  private_ip = "192.168.38.104"
+  root_block_device {
+    delete_on_termination = true
+  }
+}