diff --git a/Terraform/Method1/README.md b/Terraform/Method1/README.md deleted file mode 100644 index 77f33cd..0000000 --- a/Terraform/Method1/README.md +++ /dev/null @@ -1,45 +0,0 @@ -# Method 1 - Build Locally and Import to AWS - -This method involves using Terraform to bring DetectionLab infrastructure online by first building it locally using Virtualbox/VMware and then [importing the resulting virtual machines](https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html#import-vm-image) as AMIs on AWS. - -The supplied Terraform configuration can then be used to create EC2 instances and all requisite networking components. - -## Prerequisites -* A machine to build DetectionLab with -* An AWS account -* An AWS user and access keys to use with the AWS CLI -* Optional but recommended: a separate user for Terraform - -## Step by step guide - -1. Build the lab by following the [README](https://github.com/clong/DetectionLab/blob/master/README.md) -2. [Configure the AWS command line utility](https://docs.aws.amazon.com/polly/latest/dg/setup-aws-cli.html) -3. [Create an S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-bucket.html). You will upload the DetectionLab VMs to this bucket later. - -4. For the VM importation to work, you must create a role named `vmimport` with a trust relationship policy document that allows VM Import to assume the role, and you must attach an IAM policy to the role: - - ```aws iam create-role --role-name vmimport --assume-role-policy-document file:///path/to/DetectionLab/Terraform/Method1/vm_import/trust-policy.json``` - -5. Edit `/path/to/DetectionLab/Terraform/Method1/vm_import/role-policy.json` and insert the name of the bucket you created in step 3 on lines 12-13, replacing `YOUR_BUCKET_GOES_HERE` with the name of your bucket. - -6. Use the create-role command to create a role named vmimport and give VM Import/Export access to it: - - ```aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file:///path/to/DetectionLab/Terraform/Method1/vm_import/role-policy.json``` - -7. Export the DetectionLab VMs as single file OVA files if they are not already in that format -8. [Upload the OVAs to the S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/upload-objects.html) you created in step three -9. Edit the `logger.json`, `dc.json`, `wef.json` and `win10.json` files and modify the S3Bucket and S3Key headers to match the location of the OVA files in your S3 bucket. -10. Import the VMs from S3 as AMIs by running the following commands: -``` -aws ec2 import-image --description "dc" --license-type byol --disk-containers file:///path/to/DetectionLab/Terraform/Method1/vm_import/dc.json -aws ec2 import-image --description "wef" --license-type byol --disk-containers file:///path/to/DetectionLab/Terraform/Method1/vm_import/wef.json -aws ec2 import-image --description "win10" --license-type byol --disk-containers file:///path/to/DetectionLab/Terraform/Method1/vm_import/win10.json -aws ec2 import-image --description "logger" --license-type byol --disk-containers file:///path/to/DetectionLab/Terraform/Method1/vm_import/logger.json -``` -11. Check on the status of the importation with the following command: - - ```aws ec2 describe-import-image-tasks --import-task-ids ``` - -12. Fill out the variables in `/path/to/DetectionLab/Terraform/Method1/terraform.tfvars` -13. Run `terraform init` to setup the initial Terraform configuration -14. `cd /path/to/DetectionLab/Terraform/Method1 && terraform apply` diff --git a/Terraform/Method1/vm_import/dc.json b/Terraform/Method1/vm_import/dc.json deleted file mode 100644 index e437685..0000000 --- a/Terraform/Method1/vm_import/dc.json +++ /dev/null @@ -1,9 +0,0 @@ -[ - { - "Description": "dc", - "Format": "ova", - "UserBucket": { - "S3Bucket": "YOUR_BUCKET_GOES_HERE", - "S3Key": "dc.ova" - } -}] diff --git a/Terraform/Method1/vm_import/logger.json b/Terraform/Method1/vm_import/logger.json deleted file mode 100644 index 1ea443a..0000000 --- a/Terraform/Method1/vm_import/logger.json +++ /dev/null @@ -1,9 +0,0 @@ -[ - { - "Description": "logger", - "Format": "ova", - "UserBucket": { - "S3Bucket": "YOUR_BUCKET_GOES_HERE", - "S3Key": "logger.ova" - } -}] diff --git a/Terraform/Method1/vm_import/role-policy.json b/Terraform/Method1/vm_import/role-policy.json deleted file mode 100644 index 5366b79..0000000 --- a/Terraform/Method1/vm_import/role-policy.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "Version":"2012-10-17", - "Statement":[ - { - "Effect":"Allow", - "Action":[ - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket" - ], - "Resource":[ - "arn:aws:s3:::YOUR_BUCKET_GOES_HERE", - "arn:aws:s3:::YOUR_BUCKET_GOES_HERE/*" - ] - }, - { - "Effect":"Allow", - "Action":[ - "ec2:ModifySnapshotAttribute", - "ec2:CopySnapshot", - "ec2:RegisterImage", - "ec2:Describe*" - ], - "Resource":"*" - } - ] -} diff --git a/Terraform/Method1/vm_import/trust-policy.json b/Terraform/Method1/vm_import/trust-policy.json deleted file mode 100644 index c60e6ff..0000000 --- a/Terraform/Method1/vm_import/trust-policy.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "vmie.amazonaws.com" }, - "Action": "sts:AssumeRole", - "Condition": { - "StringEquals":{ - "sts:Externalid": "vmimport" - } - } - } - ] -} diff --git a/Terraform/Method1/vm_import/wef.json b/Terraform/Method1/vm_import/wef.json deleted file mode 100644 index da09d80..0000000 --- a/Terraform/Method1/vm_import/wef.json +++ /dev/null @@ -1,9 +0,0 @@ -[ - { - "Description": "wef", - "Format": "ova", - "UserBucket": { - "S3Bucket": "YOUR_BUCKET_GOES_HERE", - "S3Key": "wef.ova" - } -}] diff --git a/Terraform/Method1/vm_import/win10.json b/Terraform/Method1/vm_import/win10.json deleted file mode 100644 index 39a3620..0000000 --- a/Terraform/Method1/vm_import/win10.json +++ /dev/null @@ -1,9 +0,0 @@ -[ - { - "Description": "win10", - "Format": "ova", - "UserBucket": { - "S3Bucket": "YOUR_BUCKET_GOES_HERE", - "S3Key": "win10.ova" - } -}]