Skip to content

Instantly share code, notes, and snippets.

@cappetta

cappetta/all-assets-plan.output Secret

Created June 4, 2019 16:55
Show Gist options
  • Save cappetta/9c520578d22950c3da61500463b977e1 to your computer and use it in GitHub Desktop.
Save cappetta/9c520578d22950c3da61500463b977e1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
all-assets-plan.output
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
module.staging-infrastructure.module.secdevops.data.aws_ami.win2k16: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.was: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.sc: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.mrrobot: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.win2k12: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.ubuntu: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.kali: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.fristileaks: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.win8: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.myhouse7: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.sickos: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.cuckoo-host: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.ms3_nix: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.ms3_2k12: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.hackinos: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.win2k3: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.win2k10: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.bulldog: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.flare: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.vulnos: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.win2k19: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.stapler: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.ms3_2k8: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.win7: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.nnm: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.remnux: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.seed_ubuntu1604: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.win2k8: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.skytower: Refreshing state...
module.staging-infrastructure.module.network.data.aws_availability_zones.available: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.centos: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.nessus: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.r7: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.win2k12_RTM: Refreshing state...
module.staging-infrastructure.module.secdevops.data.aws_ami.commando: Refreshing state...
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.staging-state.aws_dynamodb_table.state-file-locking-table will be created
+ resource "aws_dynamodb_table" "state-file-locking-table" {
+ arn = (known after apply)
+ billing_mode = "PROVISIONED"
+ hash_key = "LockID"
+ id = (known after apply)
+ name = "stage-state-file-locking"
+ read_capacity = 20
+ stream_arn = (known after apply)
+ stream_label = (known after apply)
+ stream_view_type = (known after apply)
+ tags = {
+ "environment" = "stage"
}
+ write_capacity = 20
+ attribute {
+ name = "LockID"
+ type = "S"
}
+ point_in_time_recovery {
+ enabled = (known after apply)
}
+ server_side_encryption {
+ enabled = (known after apply)
}
}
# module.staging-infrastructure.module.network.aws_eip.nat-a will be created
+ resource "aws_eip" "nat-a" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ vpc = true
}
# module.staging-infrastructure.module.network.aws_eip.nat-b will be created
+ resource "aws_eip" "nat-b" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ vpc = true
}
# module.staging-infrastructure.module.network.aws_internet_gateway.gw will be created
+ resource "aws_internet_gateway" "gw" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_nat_gateway.nat-a will be created
+ resource "aws_nat_gateway" "nat-a" {
+ allocation_id = (known after apply)
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_nat_gateway.nat-b will be created
+ resource "aws_nat_gateway" "nat-b" {
+ allocation_id = (known after apply)
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ subnet_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_route_table.private-a will be created
+ resource "aws_route_table" "private-a" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ cidr_block = "0.0.0.0/0"
+ egress_only_gateway_id = ""
+ gateway_id = ""
+ instance_id = ""
+ ipv6_cidr_block = ""
+ nat_gateway_id = (known after apply)
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "environment" = "stage"
+ "name" = "private-a"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_route_table.private-b will be created
+ resource "aws_route_table" "private-b" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ cidr_block = "0.0.0.0/0"
+ egress_only_gateway_id = ""
+ gateway_id = ""
+ instance_id = ""
+ ipv6_cidr_block = ""
+ nat_gateway_id = (known after apply)
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "environment" = "stage"
+ "name" = "private-b"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_route_table.public-a will be created
+ resource "aws_route_table" "public-a" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ cidr_block = "0.0.0.0/0"
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ instance_id = ""
+ ipv6_cidr_block = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "environment" = "stage"
+ "name" = "public-a"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_route_table.public-b will be created
+ resource "aws_route_table" "public-b" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ cidr_block = "0.0.0.0/0"
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ instance_id = ""
+ ipv6_cidr_block = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "environment" = "stage"
+ "name" = "public-b"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_route_table_association.private-a will be created
+ resource "aws_route_table_association" "private-a" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_route_table_association.private-b will be created
+ resource "aws_route_table_association" "private-b" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_route_table_association.public-a will be created
+ resource "aws_route_table_association" "public-a" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_route_table_association.public-b will be created
+ resource "aws_route_table_association" "public-b" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_subnet.attacker_subnet will be created
+ resource "aws_subnet" "attacker_subnet" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "eu-west-2b"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.1.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "environment" = "stage"
+ "name" = "attacker_subnet"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_subnet.honeypot_subnet will be created
+ resource "aws_subnet" "honeypot_subnet" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "eu-west-2b"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.4.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "environment" = "stage"
+ "name" = "malware_subnet"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_subnet.malware_subnet will be created
+ resource "aws_subnet" "malware_subnet" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "eu-west-2b"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.3.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "environment" = "stage"
+ "name" = "malware_subnet"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_subnet.private-a will be created
+ resource "aws_subnet" "private-a" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "eu-west-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.253.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "environment" = "stage"
+ "name" = "not-in-use-private-a"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_subnet.private-b will be created
+ resource "aws_subnet" "private-b" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "eu-west-2b"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.252.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "environment" = "stage"
+ "name" = "not-in-use-private-b"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_subnet.target_subnet will be created
+ resource "aws_subnet" "target_subnet" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "eu-west-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.2.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "environment" = "stage"
+ "name" = "target_subnet"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.network.aws_vpc.main will be created
+ resource "aws_vpc" "main" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "environment" = "stage"
+ "name" = "main"
}
}
# module.staging-infrastructure.module.secdevops.aws_instance.kali[0] will be created
+ resource "aws_instance" "kali" {
+ ami = "ami-05af869c6544c46a9"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "circleci_build"
+ network_interface_id = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags = {
+ "Environment" = "stage"
+ "Name" = "CyberRange-kali-linux-0"
+ "Terraform" = "True"
}
+ tenancy = (known after apply)
+ user_data = "5a364ca15bc1b39c1831051db17b10792f74ed97"
+ volume_tags = (known after apply)
+ vpc_security_group_ids = (known after apply)
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ snapshot_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = true
+ iops = (known after apply)
+ volume_id = (known after apply)
+ volume_size = 120
+ volume_type = (known after apply)
}
}
# module.staging-infrastructure.module.secdevops.aws_instance.pT10_commando[0] will be created
+ resource "aws_instance" "pT10_commando" {
+ ami = "ami-0e9c45059c7ada9fc"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "circleci_build"
+ network_interface_id = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags = {
+ "Environment" = "stage"
+ "Name" = "CyberRange-commando-pT16-0"
+ "Terraform" = "True"
}
+ tenancy = (known after apply)
+ user_data = "5fe7ecafe6346796c67952eea299c978c3410659"
+ volume_tags = (known after apply)
+ vpc_security_group_ids = (known after apply)
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ snapshot_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = true
+ iops = (known after apply)
+ volume_id = (known after apply)
+ volume_size = 150
+ volume_type = (known after apply)
}
}
# module.staging-infrastructure.module.secdevops.aws_instance.r7vm[0] will be created
+ resource "aws_instance" "r7vm" {
+ ami = "ami-012d8ca6c1e439af0"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "circleci_build"
+ network_interface_id = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags = {
+ "Environment" = "stage"
+ "Name" = "CyberRange-r7-0"
+ "Terraform" = "True"
}
+ tenancy = (known after apply)
+ user_data = "5a364ca15bc1b39c1831051db17b10792f74ed97"
+ volume_tags = (known after apply)
+ vpc_security_group_ids = (known after apply)
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ snapshot_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = true
+ iops = (known after apply)
+ volume_id = (known after apply)
+ volume_size = 120
+ volume_type = (known after apply)
}
}
# module.staging-infrastructure.module.secdevops.aws_key_pair.circleci_key will be created
+ resource "aws_key_pair" "circleci_key" {
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "circleci_build"
+ public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOGnCWq/F0BqJM+gnJTwdRfu66c3zisu3naYxqsUKI/RzvNhnbqwVWMcWMoqFmr4o459/zmvew7c/ble22u+kjB33eJehc77WJWA4EExALokj+S1qf6JL1ZDIRYwBmb7edKLecNbhi62bZKldGoqpkxZM0xQG27w9c75YBnVFBFXV0VBB+kOp3QQTZMV5IiOoQ6G6BwY1tGQN3JXkGHYEIAeLQhynn1fXp9Rz0wu8l+0TfjSNNLEMAHondA87aUJRfJZ7icDAGIZ9MGaNFDMmHD84zuIV9sEsfSAJr/aVREMkabcQ+PyShoLrLdS1zMuBVUGxfI7g+tVKnbVdLSD3j"
}
# module.staging-infrastructure.module.secdevops.aws_security_group.fbctf will be created
+ resource "aws_security_group" "fbctf" {
+ arn = (known after apply)
+ description = "FaceBook Capture The Flag"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "10.0.1.0/24",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 443
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 443
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 80
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 80
},
]
+ name = "FB-CTF"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Environment" = "stage"
+ "Name" = "FB-CTF"
+ "Terraform" = "True"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.secdevops.aws_security_group.kali will be created
+ resource "aws_security_group" "kali" {
+ arn = (known after apply)
+ description = "penetration testing assets"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "10.0.1.0/24",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 5901
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 5901
},
]
+ name = "attackers"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Environment" = "stage"
+ "Name" = "kali"
+ "Terraform" = "True"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.secdevops.aws_security_group.logger will be created
+ resource "aws_security_group" "logger" {
+ arn = (known after apply)
+ description = "DetectionLab: Security Group for the logger host"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "10.0.1.0/24",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 8000
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 8000
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 8412
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 8412
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 8888
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 8888
},
]
+ name = "logger_security_group"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.secdevops.aws_security_group.malware will be created
+ resource "aws_security_group" "malware" {
+ arn = (known after apply)
+ description = "flarevm malware security group"
+ egress = [
+ {
+ cidr_blocks = [
+ "66.66.66.66/32",
]
+ description = ""
+ from_port = 1
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 1
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 3389
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 3389
},
]
+ name = "malware"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Environment" = "stage"
+ "Name" = "malware_sg"
+ "Terraform" = "True"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.secdevops.aws_security_group.targets will be created
+ resource "aws_security_group" "targets" {
+ arn = (known after apply)
+ description = "windows / linux targets"
+ egress = [
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "10.0.1.0/24",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 8080
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 8080
},
]
+ name = "targets"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Environment" = "stage"
+ "Name" = "webgoat_sg"
+ "Terraform" = "True"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.secdevops.aws_security_group.tpot will be created
+ resource "aws_security_group" "tpot" {
+ arn = (known after apply)
+ description = "T-Pot Honeypot"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 64294
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 64295
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 64295
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 64297
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 64297
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 64298
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 65535
},
+ {
+ cidr_blocks = [
+ "10.0.1.0/24",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ name = "T-Pot"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Environment" = "stage"
+ "Name" = "T-Pot"
+ "Terraform" = "True"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.secdevops.aws_security_group.windows will be created
+ resource "aws_security_group" "windows" {
+ arn = (known after apply)
+ description = "DetectionLab: Security group for the Windows hosts"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "10.0.1.0/24",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 3389
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 3389
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 443
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 443
},
+ {
+ cidr_blocks = [
+ "188.214.10.182/32",
]
+ description = ""
+ from_port = 5985
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 5986
},
]
+ name = "windows_security_group"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Environment" = "stage"
+ "Name" = "detectionlab_sg"
+ "Terraform" = "True"
}
+ vpc_id = (known after apply)
}
# module.staging-infrastructure.module.secdevops.aws_security_group_rule.allow_all_between_kali_and_webgoat will be created
+ resource "aws_security_group_rule" "allow_all_between_kali_and_webgoat" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ from_port = 0
+ id = (known after apply)
+ protocol = "-1"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 0
+ type = "ingress"
}
# module.staging-infrastructure.module.secdevops.aws_security_group_rule.allow_all_between_webgoat_and_kali will be created
+ resource "aws_security_group_rule" "allow_all_between_webgoat_and_kali" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ from_port = 0
+ id = (known after apply)
+ protocol = "-1"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 0
+ type = "ingress"
}
# module.staging-infrastructure.module.secdevops.aws_security_group_rule.allow_malware_to_malware will be created
+ resource "aws_security_group_rule" "allow_malware_to_malware" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ from_port = 0
+ id = (known after apply)
+ protocol = "-1"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 0
+ type = "ingress"
}
Plan: 35 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment