Skip to content

Instantly share code, notes, and snippets.

@notdodo

notdodo/main.tf

Last active July 19, 2022 12:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save notdodo/d5cfc8cfae6cc5ca50d087ba2bb1fa3a to your computer and use it in GitHub Desktop.
Save notdodo/d5cfc8cfae6cc5ca50d087ba2bb1fa3a to your computer and use it in GitHub Desktop.
Download ZIP
Minimum viable Terraform deployment to test AWS EC2 Auto Scaling privilege escalation https://notdodo.medium.com/aws-ec2-auto-scaling-privilege-escalation-d518f8e7f91b
Raw
main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
provider "aws" {
region = "eu-west-1"
default_tags {
tags = {
Stack = "demo"
}
}
}
data "aws_caller_identity" "current" {}
resource "aws_iam_role" "datascientist" {
path = "/demo/"
name = "demo-DataScientist"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
AWS = data.aws_caller_identity.current.arn
}
},
]
})
inline_policy {
name = "DenyPrivEscs"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"iam:PassRole",
]
Resource = "*"
}
]
})
}
}
resource "aws_iam_role" "ec2_admin" {
path = "/demo/"
name = "demo-EC2Admin"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ec2.amazonaws.com"
}
},
]
})
}
resource "aws_iam_role_policy_attachment" "attach_admin" {
role = aws_iam_role.ec2_admin.name
policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
resource "aws_iam_instance_profile" "privesc_instance_role" {
name = aws_iam_role.ec2_admin.name
role = aws_iam_role.ec2_admin.name
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment