From 83530588d08b1994f37adb822fe19d7c1c4cc0a6 Mon Sep 17 00:00:00 2001
From: Marius <tmariuss@gmail.com>
Date: Mon, 7 Feb 2022 11:18:07 +0000
Subject: [PATCH] Make a template for deploying T-Pot in multiple regions using
 terraform

---
 cloud/terraform/aws_multi_region/_provider.tf |  9 +++
 cloud/terraform/aws_multi_region/main.tf      | 27 ++++++++
 .../modules/multi-region/main.tf              | 69 +++++++++++++++++++
 .../modules/multi-region/outputs.tf           | 12 ++++
 .../modules/multi-region/variables.tf         | 57 +++++++++++++++
 .../modules/multi-region/versions.tf          |  9 +++
 cloud/terraform/aws_multi_region/outputs.tf   |  7 ++
 cloud/terraform/aws_multi_region/variables.tf | 19 +++++
 8 files changed, 209 insertions(+)
 create mode 100644 cloud/terraform/aws_multi_region/_provider.tf
 create mode 100644 cloud/terraform/aws_multi_region/main.tf
 create mode 100644 cloud/terraform/aws_multi_region/modules/multi-region/main.tf
 create mode 100644 cloud/terraform/aws_multi_region/modules/multi-region/outputs.tf
 create mode 100644 cloud/terraform/aws_multi_region/modules/multi-region/variables.tf
 create mode 100644 cloud/terraform/aws_multi_region/modules/multi-region/versions.tf
 create mode 100644 cloud/terraform/aws_multi_region/outputs.tf
 create mode 100644 cloud/terraform/aws_multi_region/variables.tf

diff --git a/cloud/terraform/aws_multi_region/_provider.tf b/cloud/terraform/aws_multi_region/_provider.tf
new file mode 100644
index 00000000..53b015f6
--- /dev/null
+++ b/cloud/terraform/aws_multi_region/_provider.tf
@@ -0,0 +1,9 @@
+provider "aws" {
+  alias  = "eu-west-2"
+  region = "eu-west-2"
+}
+
+provider "aws" {
+  alias  = "us-west-1"
+  region = "us-west-1"
+}
diff --git a/cloud/terraform/aws_multi_region/main.tf b/cloud/terraform/aws_multi_region/main.tf
new file mode 100644
index 00000000..e3655383
--- /dev/null
+++ b/cloud/terraform/aws_multi_region/main.tf
@@ -0,0 +1,27 @@
+module "eu-west-2" {
+  source = "./modules/multi-region"
+  ec2_vpc_id = "vpc-xxxxxxxx"
+  ec2_subnet_id = "subnet-xxxxxxxx"
+  ec2_region = "eu-west-2"
+  tpot_name = "T-Pot Honeypot"
+  
+  linux_password = var.linux_password
+  web_password = var.web_password
+  providers = {
+    aws = aws.eu-west-2
+  }
+}
+
+module "us-west-1" {
+  source = "./modules/multi-region"
+  ec2_vpc_id = "vpc-xxxxxxxx"
+  ec2_subnet_id = "subnet-xxxxxxxx"
+  ec2_region = "us-west-1"
+  tpot_name = "T-Pot Honeypot"
+
+  linux_password = var.linux_password
+  web_password = var.web_password
+  providers = {
+    aws = aws.us-west-1
+  }
+}
diff --git a/cloud/terraform/aws_multi_region/modules/multi-region/main.tf b/cloud/terraform/aws_multi_region/modules/multi-region/main.tf
new file mode 100644
index 00000000..18ad1f40
--- /dev/null
+++ b/cloud/terraform/aws_multi_region/modules/multi-region/main.tf
@@ -0,0 +1,69 @@
+variable "ec2_vpc_id" {}
+variable "ec2_subnet_id" {}
+variable "ec2_region" {}
+variable "linux_password" {}
+variable "web_password" {}
+variable "tpot_name" {}
+
+resource "aws_security_group" "tpot" {
+  name        = "T-Pot"
+  description = "T-Pot Honeypot"
+  vpc_id      = var.ec2_vpc_id
+  ingress {
+    from_port   = 0
+    to_port     = 64000
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 0
+    to_port     = 64000
+    protocol    = "udp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 64294
+    to_port     = 64294
+    protocol    = "tcp"
+    cidr_blocks = var.admin_ip
+  }
+  ingress {
+    from_port   = 64295
+    to_port     = 64295
+    protocol    = "tcp"
+    cidr_blocks = var.admin_ip
+  }
+  ingress {
+    from_port   = 64297
+    to_port     = 64297
+    protocol    = "tcp"
+    cidr_blocks = var.admin_ip
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  tags = {
+    Name = "T-Pot"
+  }
+}
+
+resource "aws_instance" "tpot" {
+  ami           = var.ec2_ami[var.ec2_region]
+  instance_type = var.ec2_instance_type
+  key_name      = var.ec2_ssh_key_name
+  subnet_id     = var.ec2_subnet_id
+  tags = {
+    Name = var.tpot_name
+  }
+  root_block_device {
+    volume_type           = "gp2"
+    volume_size           = 128
+    delete_on_termination = true
+  }
+  user_data                   = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
+  vpc_security_group_ids      = [aws_security_group.tpot.id]
+  associate_public_ip_address = true
+}
diff --git a/cloud/terraform/aws_multi_region/modules/multi-region/outputs.tf b/cloud/terraform/aws_multi_region/modules/multi-region/outputs.tf
new file mode 100644
index 00000000..753a893b
--- /dev/null
+++ b/cloud/terraform/aws_multi_region/modules/multi-region/outputs.tf
@@ -0,0 +1,12 @@
+output "Admin_UI" {
+  value = "https://${aws_instance.tpot.public_dns}:64294/"
+}
+
+output "SSH_Access" {
+  value = "ssh -i {private_key_file} -p 64295 admin@${aws_instance.tpot.public_dns}"
+}
+
+output "Web_UI" {
+  value = "https://${aws_instance.tpot.public_dns}:64297/"
+}
+
diff --git a/cloud/terraform/aws_multi_region/modules/multi-region/variables.tf b/cloud/terraform/aws_multi_region/modules/multi-region/variables.tf
new file mode 100644
index 00000000..30820368
--- /dev/null
+++ b/cloud/terraform/aws_multi_region/modules/multi-region/variables.tf
@@ -0,0 +1,57 @@
+variable "admin_ip" {
+  default     = ["152.37.108.93/32"]
+  description = "admin IP addresses in CIDR format"
+}
+
+variable "ec2_ssh_key_name" {
+  default = "default"
+}
+
+# https://aws.amazon.com/ec2/instance-types/
+variable "ec2_instance_type" {
+  default = "t3.xlarge"
+}
+
+# Refer to https://wiki.debian.org/Cloud/AmazonEC2Image/Buster
+variable "ec2_ami" {
+  type = map(string)
+  default = {
+    "af-south-1"     = "ami-0272d4f5fb1b98a0d"
+    "ap-east-1"      = "ami-00d242e2f23abf6d2"
+    "ap-northeast-1" = "ami-001c6b4d627e8be53"
+    "ap-northeast-2" = "ami-0d841ed4bf80e764c"
+    "ap-northeast-3" = "ami-01b0a01d770321320"
+    "ap-south-1"     = "ami-04ba7e5bd7c6f6929"
+    "ap-southeast-1" = "ami-0dca3eabb09c32ae2"
+    "ap-southeast-2" = "ami-03ff8684dc585ddae"
+    "ca-central-1"   = "ami-08af22d7c0382fd83"
+    "eu-central-1"   = "ami-0f41e297b3c53fab8"
+    "eu-north-1"     = "ami-0bbc6a00971c77d6d"
+    "eu-south-1"     = "ami-03ff8684dc585ddae"
+    "eu-west-1"      = "ami-080684ad73d431a05"
+    "eu-west-2"      = "ami-04b259723891dfc53"
+    "eu-west-3"      = "ami-00662eead74f66895"
+    "me-south-1"     = "ami-021a6c6047091ab5b"
+    "sa-east-1"      = "ami-0aac091cce68a049c"
+    "us-east-1"      = "ami-05ad4ed7f9c48178b"
+    "us-east-2"      = "ami-07640f3f27c0ad3d3"
+    "us-west-1"      = "ami-0c053f1d5f22eb09f"
+    "us-west-2"      = "ami-090cd3aed687b1ee1"
+  }
+}
+
+## cloud-init configuration ##
+variable "timezone" {
+  default = "UTC"
+}
+
+## These will go in the generated tpot.conf file ##
+variable "tpot_flavor" {
+  default     = "STANDARD"
+  description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]"
+}
+
+variable "web_user" {
+  default     = "webuser"
+  description = "Set a username for the web user"
+}
diff --git a/cloud/terraform/aws_multi_region/modules/multi-region/versions.tf b/cloud/terraform/aws_multi_region/modules/multi-region/versions.tf
new file mode 100644
index 00000000..5699714f
--- /dev/null
+++ b/cloud/terraform/aws_multi_region/modules/multi-region/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.72.0"
+    }
+  }
+}
diff --git a/cloud/terraform/aws_multi_region/outputs.tf b/cloud/terraform/aws_multi_region/outputs.tf
new file mode 100644
index 00000000..845637d4
--- /dev/null
+++ b/cloud/terraform/aws_multi_region/outputs.tf
@@ -0,0 +1,7 @@
+output "eu-west-2_Web_UI" {
+  value = module.eu-west-2.Web_UI
+}
+
+output "us-west-1_Web_UI" {
+  value = module.us-west-1.Web_UI
+}
diff --git a/cloud/terraform/aws_multi_region/variables.tf b/cloud/terraform/aws_multi_region/variables.tf
new file mode 100644
index 00000000..beb671a8
--- /dev/null
+++ b/cloud/terraform/aws_multi_region/variables.tf
@@ -0,0 +1,19 @@
+variable "linux_password" {
+  #default = "LiNuXuSeRP4Ss!"
+  description = "Set a password for the default user"
+
+  validation {
+    condition     = length(var.linux_password) > 0
+    error_message = "Please specify a password for the default user."
+  }
+}
+
+variable "web_password" {
+  #default = "w3b$ecret20"
+  description = "Set a password for the web user"
+
+  validation {
+    condition     = length(var.web_password) > 0
+    error_message = "Please specify a password for the web user."
+  }
+}