Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 20:42:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update README.md

Browse source
This commit is contained in:
Sebastian Haderecker 2020-03-27 17:00:26 +01:00 committed by GitHub
parent bedd13af20
commit bde3d5df29
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
cloud/terraform/README.md
View file

@ -20,24 +20,29 @@ This can easily be extended to support other [Terraform providers](https://www.t
- [Applying the Configuration](#applying) - [Applying the Configuration](#applying)
- [Connecting to the Instance](#connecting) - [Connecting to the Instance](#connecting)
<a name="what-created"></a> <a name="what-created"></a>
## What get's created ## What get's created
<a name="what-created-aws"></a> <a name="what-created-aws"></a>
### Amazon Web Services (AWS) ### Amazon Web Services (AWS)
* EC2 instance: * EC2 instance:
* t3.large (2 vCPU, 8 GiB RAM) * t3.large (2 vCPUs, 8 GB RAM)
* 128GB disk * 128 GB disk
* [Debian Buster](https://wiki.debian.org/Cloud/AmazonEC2Image/Buster) * Debian 10
* AWS Security Group: * Public IP
* Security Group:
* TCP/UDP ports <= 64000 open to the Internet * TCP/UDP ports <= 64000 open to the Internet
* TCP ports 64294, 64295 and 64297 open to a chosen administrative IP * TCP ports 64294, 64295 and 64297 open to a chosen administrative IP
<a name="what-created-otc"></a> <a name="what-created-otc"></a>
### Open Telekom Cloud (OTC) ### Open Telekom Cloud (OTC)
* * ECS instance:
* * s2.medium.8 (1 vCPU, 8 GB RAM)
* 128 GB disk
* Debian 10
* Public EIP
* Security Group
* Network, Subnet, Router (= Virtual Private Cloud [VPC])
<a name="pre"></a> <a name="pre"></a>
## Pre-Requisites ## Pre-Requisites
@ -48,37 +53,49 @@ This can easily be extended to support other [Terraform providers](https://www.t
* AWS Account * AWS Account
* Existing VPC: VPC ID needs to be specified in `aws/variables.tf` * Existing VPC: VPC ID needs to be specified in `aws/variables.tf`
* Existing subnet: Subnet ID needs to be specified in `aws/variables.tf` * Existing subnet: Subnet ID needs to be specified in `aws/variables.tf`
* Existing SSH key pair: Key name needs to be specified in `aws/variables.tf`
* AWS Authentication credentials should be [set using environment variables](https://www.terraform.io/docs/providers/aws/index.html#environment-variables) * AWS Authentication credentials should be [set using environment variables](https://www.terraform.io/docs/providers/aws/index.html#environment-variables)
<a name="pre-otc"></a> <a name="pre-otc"></a>
### Open Telekom Cloud (OTC) ### Open Telekom Cloud (OTC)
* * OTC Account
* * Existing SSH key pair: Key name needs to be specified in `otc/variables.tf`
* OTC Authentication credentials (Username, Password, Project Name, User Domain Name) can be set in the `otc/clouds.yaml` file
<a name="variables"></a> <a name="variables"></a>
## Terraform Variables ## Terraform Variables
<a name="variables-common"></a> <a name="variables-common"></a>
### Common configuration items ### Common configuration items
These variables exist in `aws/variables.tf` and `otc/variables.tf` respectively: These variables exist in `aws/variables.tf` and `otc/variables.tf` respectively.
* Settings for cloud-init:
* * `timezone` - Set the Server's timezone
* * `linux_password`- Set a password for the Linux Operating System user (which is also used on the Admin UI)
This will be used to configure credentials for the T-Pot Kibana interface.
Settings for T-Pot:
* `tpot_flavor` - Set the flavor of the T-Pot (Available flavors are listed in the variable's description)
* `web_user` - Set a username for the T-Pot Kibana Dasboard
* `web_password` - Set a password for the T-Pot Kibana Dashboard
<a name="variables-aws"></a> <a name="variables-aws"></a>
### Amazon Web Services (AWS) ### Amazon Web Services (AWS)
In `aws/variables.tf`, change the following variables to correspond to your existing EC2 infrastructure: In `aws/variables.tf`, you can change the additional variables:
* `admin_ip` - source IP address(es) that you will use to administer the system. Connections to TCP ports 64294, 64295 and 64297 will be allowed from this IP only. Multiple IPs or CIDR blocks can be specified in the format: `["127.0.0.1/32", "192.168.0.0/24"]` * `admin_ip` - source IP address(es) that you will use to administer the system. Connections to TCP ports 64294, 64295 and 64297 will be allowed from this IP only. Multiple IPs or CIDR blocks can be specified in the format: `["127.0.0.1/32", "192.168.0.0/24"]`
* `ec2_vpc_id` * `ec2_vpc_id` - Specify an existing VPC ID
* `ec2_subnet_id` * `ec2_subnet_id` - Specify an existing Subnet ID
* `ec2_region` * `ec2_region`
* `ec2_ssh_key_name` - Specify an existing SSH key pair
* `ec2_instance_type`
<a name="variables-otc"></a> <a name="variables-otc"></a>
### Open Telekom Cloud (OTC) ### Open Telekom Cloud (OTC)
* In `otc/variables.tf`, you can change the additional variables:
* * `availabiliy_zone`
* `flavor`
* `key_pair` - Specify an existing SSH key pair
* `image_id`
* `volume_size`
Furthermore you can configure the naming of the created infrastructure (per default everything gets prefixed with "tpot-", e.g. "tpot-router").
<a name="initialising"></a> <a name="initialising"></a>
## Initialising ## Initialising
@ -103,6 +120,8 @@ $ terraform apply
``` ```
This will create your infrastructure and start a Cloud Server. On startup, the Server gets bootstrapped with cloud-init and will install T-Pot. Once this is done, the server will reboot. This will create your infrastructure and start a Cloud Server. On startup, the Server gets bootstrapped with cloud-init and will install T-Pot. Once this is done, the server will reboot.
If you want the remove the built infrastructure, you can run [`terraform destroy`](https://www.terraform.io/docs/commands/destroy.html) to delete it.
<a name="connecting"></a> <a name="connecting"></a>
## Connecting to the Instance ## Connecting to the Instance
When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access). When the installation is completed, you can proceed with connecting/logging in to the T-Pot according to the [documentation](https://github.com/dtag-dev-sec/tpotce#ssh-and-web-access).