From d337c57b2540fe9abbbdc12b017726f33c9c25f1 Mon Sep 17 00:00:00 2001 From: Chad Roberts Date: Thu, 25 Jun 2020 13:16:27 -0700 Subject: [PATCH 1/3] New optional variable for a prefix to place in front of instance names in case someone wants to run multiple DetectionLab instances within the same AWS account so it's easier to tell instances apart which would otherwise all have the same names --- AWS/Terraform/main.tf | 9 ++++----- AWS/Terraform/terraform.tfvars.example | 1 + AWS/Terraform/variables.tf | 5 +++++ 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/AWS/Terraform/main.tf b/AWS/Terraform/main.tf index 52fb98e..18324a5 100644 --- a/AWS/Terraform/main.tf +++ b/AWS/Terraform/main.tf @@ -159,7 +159,7 @@ resource "aws_instance" "logger" { ami = coalesce(var.logger_ami, data.aws_ami.logger_ami.image_id) tags = { - Name = "logger" + Name = "${var.tag_prefix}logger" } subnet_id = aws_subnet.default.id @@ -223,7 +223,7 @@ resource "aws_instance" "dc" { ami = coalesce(var.dc_ami, data.aws_ami.dc_ami.image_id) tags = { - Name = "dc.windomain.local" + Name = "${var.tag_prefix}dc.windomain.local" } subnet_id = aws_subnet.default.id @@ -258,7 +258,7 @@ resource "aws_instance" "wef" { ami = coalesce(var.wef_ami, data.aws_ami.wef_ami.image_id) tags = { - Name = "wef.windomain.local" + Name = "${var.tag_prefix}wef.windomain.local" } subnet_id = aws_subnet.default.id @@ -293,7 +293,7 @@ resource "aws_instance" "win10" { ami = coalesce(var.win10_ami, data.aws_ami.win10_ami.image_id) tags = { - Name = "win10.windomain.local" + Name = "${var.tag_prefix}win10.windomain.local" } subnet_id = aws_subnet.default.id @@ -304,4 +304,3 @@ resource "aws_instance" "win10" { delete_on_termination = true } } - diff --git a/AWS/Terraform/terraform.tfvars.example b/AWS/Terraform/terraform.tfvars.example index 56a3c38..49521d2 100644 --- a/AWS/Terraform/terraform.tfvars.example +++ b/AWS/Terraform/terraform.tfvars.example @@ -6,3 +6,4 @@ public_key_path = "/home/user/.ssh/id_logger.pub" private_key_path = "/home/user/.ssh/id_logger" ip_whitelist = ["1.2.3.4/32"] availability_zone = "us-west-1b" +// tag_prefix = "some_prefix_" diff --git a/AWS/Terraform/variables.tf b/AWS/Terraform/variables.tf index 3371d49..8efd508 100644 --- a/AWS/Terraform/variables.tf +++ b/AWS/Terraform/variables.tf @@ -6,6 +6,11 @@ variable "profile" { default = "terraform" } +variable "tag_prefix" { + description = "Optional string to prefix at the front of instance names in case you need to run multiple DetectionLab environments in the same AWS account" + default = "" +} + variable "availability_zone" { description = "https://www.terraform.io/docs/providers/aws/d/availability_zone.html" default = "" From b673d80613e09de24c6cf42e0bd0696555345603 Mon Sep 17 00:00:00 2001 From: Chad Roberts Date: Thu, 25 Jun 2020 13:19:40 -0700 Subject: [PATCH 2/3] New optional variable for defining additional tags to apply to all AWS resources created for the DetectionLab environment --- AWS/Terraform/main.tf | 31 ++++++++++++++++---------- AWS/Terraform/terraform.tfvars.example | 1 + AWS/Terraform/variables.tf | 6 +++++ 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/AWS/Terraform/main.tf b/AWS/Terraform/main.tf index 18324a5..4c5de3e 100644 --- a/AWS/Terraform/main.tf +++ b/AWS/Terraform/main.tf @@ -8,11 +8,13 @@ provider "aws" { # Create a VPC to launch our instances into resource "aws_vpc" "default" { cidr_block = "192.168.0.0/16" + tags = var.custom-tags } # Create an internet gateway to give our subnet access to the outside world resource "aws_internet_gateway" "default" { vpc_id = aws_vpc.default.id + tags = var.custom-tags } # Grant the VPC internet access on its main route table @@ -28,6 +30,7 @@ resource "aws_subnet" "default" { cidr_block = "192.168.38.0/24" availability_zone = var.availability_zone map_public_ip_on_launch = true + tags = var.custom-tags } # Adjust VPC DNS settings to not conflict with lab @@ -35,6 +38,7 @@ resource "aws_vpc_dhcp_options" "default" { domain_name = "windomain.local" domain_name_servers = concat([aws_instance.dc.private_ip], var.external_dns_servers) netbios_name_servers = [aws_instance.dc.private_ip] + tags = var.custom-tags } resource "aws_vpc_dhcp_options_association" "default" { @@ -47,6 +51,7 @@ resource "aws_security_group" "logger" { name = "logger_security_group" description = "DetectionLab: Security Group for the logger host" vpc_id = aws_vpc.default.id + tags = var.custom-tags # SSH access ingress { @@ -107,6 +112,7 @@ resource "aws_security_group" "windows" { name = "windows_security_group" description = "DetectionLab: Security group for the Windows hosts" vpc_id = aws_vpc.default.id + tags = var.custom-tags # RDP ingress { @@ -152,15 +158,16 @@ resource "aws_security_group" "windows" { resource "aws_key_pair" "auth" { key_name = var.public_key_name public_key = file(var.public_key_path) + tags = var.custom-tags } resource "aws_instance" "logger" { instance_type = "t3.medium" ami = coalesce(var.logger_ami, data.aws_ami.logger_ami.image_id) - tags = { - Name = "${var.tag_prefix}logger" - } + tags = merge(var.custom-tags, map( + "Name", "${var.tag_prefix}logger" + )) subnet_id = aws_subnet.default.id vpc_security_group_ids = [aws_security_group.logger.id] @@ -222,9 +229,9 @@ resource "aws_instance" "dc" { # Uses the local variable if external data source resolution fails ami = coalesce(var.dc_ami, data.aws_ami.dc_ami.image_id) - tags = { - Name = "${var.tag_prefix}dc.windomain.local" - } + tags = merge(var.custom-tags, map( + "Name", "${var.tag_prefix}dc.windomain.local" + )) subnet_id = aws_subnet.default.id vpc_security_group_ids = [aws_security_group.windows.id] @@ -257,9 +264,9 @@ resource "aws_instance" "wef" { # Uses the local variable if external data source resolution fails ami = coalesce(var.wef_ami, data.aws_ami.wef_ami.image_id) - tags = { - Name = "${var.tag_prefix}wef.windomain.local" - } + tags = merge(var.custom-tags, map( + "Name", "${var.tag_prefix}wef.windomain.local" + )) subnet_id = aws_subnet.default.id vpc_security_group_ids = [aws_security_group.windows.id] @@ -292,9 +299,9 @@ resource "aws_instance" "win10" { # Uses the local variable if external data source resolution fails ami = coalesce(var.win10_ami, data.aws_ami.win10_ami.image_id) - tags = { - Name = "${var.tag_prefix}win10.windomain.local" - } + tags = merge(var.custom-tags, map( + "Name", "${var.tag_prefix}win10.windomain.local" + )) subnet_id = aws_subnet.default.id vpc_security_group_ids = [aws_security_group.windows.id] diff --git a/AWS/Terraform/terraform.tfvars.example b/AWS/Terraform/terraform.tfvars.example index 49521d2..63d8455 100644 --- a/AWS/Terraform/terraform.tfvars.example +++ b/AWS/Terraform/terraform.tfvars.example @@ -7,3 +7,4 @@ private_key_path = "/home/user/.ssh/id_logger" ip_whitelist = ["1.2.3.4/32"] availability_zone = "us-west-1b" // tag_prefix = "some_prefix_" +// custom-tags = {"tag_name": "tag_value"} diff --git a/AWS/Terraform/variables.tf b/AWS/Terraform/variables.tf index 8efd508..1ddada8 100644 --- a/AWS/Terraform/variables.tf +++ b/AWS/Terraform/variables.tf @@ -6,6 +6,12 @@ variable "profile" { default = "terraform" } +variable "custom-tags" { + type = map(string) + description = "Optional mapping for additional tags to apply to all related AWS resources" + default = {} +} + variable "tag_prefix" { description = "Optional string to prefix at the front of instance names in case you need to run multiple DetectionLab environments in the same AWS account" default = "" From 5c31e000cea81dc4df1bdf7e72695a949cc3716d Mon Sep 17 00:00:00 2001 From: Chad Roberts Date: Thu, 25 Jun 2020 13:26:35 -0700 Subject: [PATCH 3/3] More descriptive name for one of the new optional variables --- AWS/Terraform/main.tf | 8 ++++---- AWS/Terraform/terraform.tfvars.example | 2 +- AWS/Terraform/variables.tf | 3 +-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/AWS/Terraform/main.tf b/AWS/Terraform/main.tf index 4c5de3e..1ebdc4c 100644 --- a/AWS/Terraform/main.tf +++ b/AWS/Terraform/main.tf @@ -166,7 +166,7 @@ resource "aws_instance" "logger" { ami = coalesce(var.logger_ami, data.aws_ami.logger_ami.image_id) tags = merge(var.custom-tags, map( - "Name", "${var.tag_prefix}logger" + "Name", "${var.instance_name_prefix}logger" )) subnet_id = aws_subnet.default.id @@ -230,7 +230,7 @@ resource "aws_instance" "dc" { ami = coalesce(var.dc_ami, data.aws_ami.dc_ami.image_id) tags = merge(var.custom-tags, map( - "Name", "${var.tag_prefix}dc.windomain.local" + "Name", "${var.instance_name_prefix}dc.windomain.local" )) subnet_id = aws_subnet.default.id @@ -265,7 +265,7 @@ resource "aws_instance" "wef" { ami = coalesce(var.wef_ami, data.aws_ami.wef_ami.image_id) tags = merge(var.custom-tags, map( - "Name", "${var.tag_prefix}wef.windomain.local" + "Name", "${var.instance_name_prefix}wef.windomain.local" )) subnet_id = aws_subnet.default.id @@ -300,7 +300,7 @@ resource "aws_instance" "win10" { ami = coalesce(var.win10_ami, data.aws_ami.win10_ami.image_id) tags = merge(var.custom-tags, map( - "Name", "${var.tag_prefix}win10.windomain.local" + "Name", "${var.instance_name_prefix}win10.windomain.local" )) subnet_id = aws_subnet.default.id diff --git a/AWS/Terraform/terraform.tfvars.example b/AWS/Terraform/terraform.tfvars.example index 63d8455..1f09645 100644 --- a/AWS/Terraform/terraform.tfvars.example +++ b/AWS/Terraform/terraform.tfvars.example @@ -6,5 +6,5 @@ public_key_path = "/home/user/.ssh/id_logger.pub" private_key_path = "/home/user/.ssh/id_logger" ip_whitelist = ["1.2.3.4/32"] availability_zone = "us-west-1b" -// tag_prefix = "some_prefix_" +// instance_name_prefix = "some_prefix_" // custom-tags = {"tag_name": "tag_value"} diff --git a/AWS/Terraform/variables.tf b/AWS/Terraform/variables.tf index 1ddada8..97ebde2 100644 --- a/AWS/Terraform/variables.tf +++ b/AWS/Terraform/variables.tf @@ -12,7 +12,7 @@ variable "custom-tags" { default = {} } -variable "tag_prefix" { +variable "instance_name_prefix" { description = "Optional string to prefix at the front of instance names in case you need to run multiple DetectionLab environments in the same AWS account" default = "" } @@ -120,4 +120,3 @@ variable "win10_ami" { type = string default = "" } -