Follow the steps on this page to create an AWS account
Once you login into AWS it should automatically select the nearest datacenter based on your IP address. This repo has been created and tested on the US East - Ohio datacenter and avablility zone B. This repo should be compatible with any region and avability zone but pick the best region based on your location/users. As a side note, dedicated hosts to run macOS only exist in certain regions and avability zones which is why we selected Ohio for the region and B for the avability zone.
- Select
<YOUR username>in the top-right then "My Security Credentials" - Scroll down to "Access keys for CLI..."
- Select "Create access key"
- Save your generated access key ID and secret access key in a safe location
- Open terminal
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o /tmp/AWSCLIV2.pkg- Download AWS CLI v2
sudo installer -pkg /tmp/AWSCLIV2.pkg -target /- Install AWS CLI v2
aws configure- Paste the access key ID generated from above
- Paste the access key generated from above
- Enter your region - Ohio is
us-east-2 - Leave ouput format as default
- Credentails are saved at
~/.aws/credentials
It should be noted that this repo only supports Terraform v0.15 and greater.
brew tap hashicorp/tapbrew install hashicorp/tap/terraform
You might be curious why you need to generate SSH keys rather than using a pre-existing key pair. The reason I create a SSH key is because when you create a Winodws machine on AWS the only way to get the password is provide your SSH PRIVATE KEY. Personally, I am not a huge fan of providing this to AWS so I prefer to generate a key pair that I can burn after the worskhop. Additionally, you can share this SSH key pair with your team for the duration of the workshop.
git clone https://github.com/OTRF/macos-workshopscd macos-workshops/terraformssh-keygen -b 4096 -t rsa -m pem -f ssh_keys/id_rsa -q -N ""
vim variables.tfand set:VPC_NAME- Set this to a generic name likeOTR_DEFCON_2021. It's important to note that all resouces created will be prepended with this variable. For example, the EC2 name for the Elastic box will beOTR_DEFCON_2021_jump_box.vpcCIDRblock- This defines the network subnet for the VPC. The subnet should be a Class B because Class C subnets will be created inside the VPC. - Default is172.16.0.0/161.managementCIDRblock- This subnet hosts the VPN/jumpbox and the red team boxes. Set this value to a class C subnet inside the subnet defined above - default172.16.21.0/24. 1.publicCIDRblock- This subnet hosts the boxes that will be interacted by workshop participants so the SIEM boxes - default172.16.43.0/161.corpCIDRblock- This subnet hosts the boxes that will emulate an enterprise environment - default172.16.50.0/16availabilityZone- The AWS region to create resources in. Be default this is set to Ohio:us-east-2b.ubunut-ami- Set this to the AMI UID 1. AWS Services > Compute > EC2 > Images > AMIs 1. Search forUbuntu 20.041. Copy the AMI IDwindows-ami- Set this to the AMI UID 1. AWS Services > Compute > EC2 > Images > AMIs 1. Search forwindows 20191. Copy the AMI IDmacos-ami- Set this to the AMI UID 1. AWS Services > Compute > EC2 > Images > AMIs 1. Search formacOS catalina1. Copy the AMI ID- Repeat the same steps for the Ubuntu AMI for the Windows server AMI
siem_servers_map- This maps SIEM names to IP addresses for the local subnet. It's best to leave this set as default.management_subnet_map- Same as the map abovecorp_servers_map- Same as the maps above
aws ec2 allocate-hosts --instance-type mac1.metal --availability-zone <availabilityZone - terraform/variables.tf> --auto-placement on --quantity 3 --region <availabilityZone - terraform/variables.tf - leave AZ off>
- Copy the host ID and press
q
vim terraform/variables.tfscroll down tomacos_dedicated_hostssection- Enter the host ID for one openings
terraform initterraform planterraform apply