Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 04:22:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update AWS Terraform

Browse source 
- Add variables to cloud-init.yaml
- Allow to set Linux OS password via cloud-init
- Pass the tpot.conf file as inline content to allow variables
- Remove obsolete tpot.conf file in terraform/ directory
This commit is contained in:
Sebastian Haderecker 2020-03-25 13:34:22 +01:00
parent f606187350
commit a73f34490d
4 changed files with 38 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cloud/terraform/aws/main.tf
View file

@ -60,7 +60,7 @@ resource "aws_instance" "tpot" {
volume_size = 128 volume_size = 128
delete_on_termination = true delete_on_termination = true
} }
user_data = "${file("../cloud-init.yaml")} content: ${base64encode(file("../tpot.conf"))}" user_data = templatefile("../cloud-init.yaml", {timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password})
vpc_security_group_ids = [aws_security_group.tpot.id] vpc_security_group_ids = [aws_security_group.tpot.id]
associate_public_ip_address = true associate_public_ip_address = true
} }

26
cloud/terraform/aws/variables.tf
View file

@ -52,3 +52,29 @@ variable "ec2_ami" {
"us-west-2" = "ami-030a304a76b181155" "us-west-2" = "ami-030a304a76b181155"
} }
} }
# cloud-init configuration
variable "timezone" {
default = "UTC"
}
variable "linux_password" {
#default = "LiNuXuSeRPaSs#"
description = "Set a password for the default user"
}
# These will go in the generated tpot.conf file
variable "tpot_flavor" {
default = "STANDARD"
description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN]"
}
variable "web_user" {
default = "webuser"
description = "Set a username for the web user"
}
variable "web_password" {
#default = "w3b$ecret"
description = "Set a password for the web user"
}

22
cloud/terraform/cloud-init.yaml
View file

@ -1,9 +1,5 @@
#cloud-config #cloud-config
timezone: UTC timezone: ${timezone}
package_update: true
package_upgrade: true
package_reboot_if_required: true
packages: packages:
- git - git
@ -12,14 +8,18 @@ runcmd:
- git clone https://github.com/dtag-dev-sec/tpotce /root/tpot - git clone https://github.com/dtag-dev-sec/tpotce /root/tpot
- /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf - /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
- rm /root/tpot.conf - rm /root/tpot.conf
- /sbin/shutdown -r +5 - /sbin/shutdown -r now
password: ${password}
chpasswd:
expire: false
# The contents of tpot.conf will be base64 encoded and appended to this file
# via the terraform configuration in main.tf
#
# Make sure there are no trailing new lines after "permissions" below
write_files: write_files:
- encoding: b64 - content: |
# tpot configuration file
myCONF_TPOT_FLAVOR='${tpot_flavor}'
myCONF_WEB_USER='${web_user}'
myCONF_WEB_PW='${web_password}'
owner: root:root owner: root:root
path: /root/tpot.conf path: /root/tpot.conf
permissions: '0600' permissions: '0600'

5
cloud/terraform/tpot.conf
View file

@ -1,5 +0,0 @@
# tpot configuration file
# myCONF_TPOT_FLAVOR=[STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN]
myCONF_TPOT_FLAVOR='STANDARD'
myCONF_WEB_USER='webuser'
myCONF_WEB_PW='w3b$ecret'