terrancedejesus/iac_white_box_aws_sns_exfiltration_main.tf

## iac_white_box_aws_sns_exfiltration_main.tf
provider "aws" {
  region = var.region
}

# Generate random ID for unique resource names
resource "random_id" "unique" {
  byte_length = 2
}

# VPC for EC2
resource "aws_vpc" "main_vpc" {
  cidr_block           = "10.0.0.0/16"
  enable_dns_support   = true
  enable_dns_hostnames = true
  tags = {
    Name = "whitebox-vpc-${random_id.unique.hex}"
  }
}

# Internet Gateway for Public Access
resource "aws_internet_gateway" "main_igw" {
  vpc_id = aws_vpc.main_vpc.id
  tags = {
    Name = "whitebox-igw-${random_id.unique.hex}"
  }
}

# Public Subnet
resource "aws_subnet" "public_subnet" {
  vpc_id                  = aws_vpc.main_vpc.id
  cidr_block              = "10.0.1.0/24"
  map_public_ip_on_launch = true
  tags = {
    Name = "whitebox-public-subnet-${random_id.unique.hex}"
  }
}

# Route Table for Public Subnet
resource "aws_route_table" "public_route_table" {
  vpc_id = aws_vpc.main_vpc.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.main_igw.id
  }
  tags = {
    Name = "whitebox-public-route-table-${random_id.unique.hex}"
  }
}

# Route Table Association for Public Subnet
resource "aws_route_table_association" "public_route_table_assoc" {
  subnet_id      = aws_subnet.public_subnet.id
  route_table_id = aws_route_table.public_route_table.id
}

# Security Group for EC2 Instance
resource "aws_security_group" "ec2_sg" {
  vpc_id      = aws_vpc.main_vpc.id
  name        = "whitebox-ec2-sg-${random_id.unique.hex}"
  description = "Allow SSH access"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [var.trusted_ip_cidr]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# IAM Role for EC2 Instance
resource "aws_iam_role" "ec2_role" {
  name = "ec2-role-${random_id.unique.hex}"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

# IAM Policy for Basic EC2 Permissions
resource "aws_iam_role_policy" "ec2_policy" {
  name = "ec2-policy-${random_id.unique.hex}"
  role = aws_iam_role.ec2_role.id

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "sns:Publish",
        "sns:CreateTopic",
        "sns:Subscribe",
        "sts:GetCallerIdentity",
        "ec2:Describe*"
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

# Instance Profile for EC2 Role
resource "aws_iam_instance_profile" "ec2_instance_profile" {
  name = "ec2-instance-profile-${random_id.unique.hex}"
  role = aws_iam_role.ec2_role.name
}

# Key Pair for SSH Access
resource "aws_key_pair" "ec2_key" {
  key_name   = "whitebox-key-${random_id.unique.hex}"
  public_key = file(var.public_key_path)
}

# EC2 Instance
resource "aws_instance" "main_instance" {
  ami                    = var.ami_id
  instance_type          = var.instance_type
  subnet_id              = aws_subnet.public_subnet.id
  vpc_security_group_ids = [aws_security_group.ec2_sg.id]
  key_name               = aws_key_pair.ec2_key.key_name
  associate_public_ip_address = true

  user_data = <<EOF
#!/bin/bash
set -e

# Install required packages
sudo apt-get update -y
sudo apt-get install -y unzip curl jq git

# Deploy GitHub credentials
mkdir -p /home/ubuntu/.github
echo "github_token=ghp_dummyGitHubToken123456" > /home/ubuntu/.github/credentials
echo "github_username=exampleuser" >> /home/ubuntu/.github/credentials
chown -R ubuntu:ubuntu /home/ubuntu/.github

# Deploy .env file with dummy secrets
echo "SECRET_KEY=supersecret" > /home/ubuntu/project.env
echo "API_KEY=dummy-api-key" >> /home/ubuntu/project.env
echo "DATABASE_URL=postgres://user:password@localhost:5432/mydb" >> /home/ubuntu/project.env
chown ubuntu:ubuntu /home/ubuntu/project.env

# Install AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
EOF

  iam_instance_profile = aws_iam_instance_profile.ec2_instance_profile.name

  root_block_device {
    volume_size = 50
    volume_type = "gp3"
  }

  tags = {
    Name = "whitebox-ec2-instance-${random_id.unique.hex}"
  }
}

## iac_white_box_aws_sns_exfiltration_outputs.tf
output "ec2_instance_public_ip" {
  value       = aws_instance.main_instance.public_ip
  description = "Public IP address of the EC2 instance"
}

output "ec2_instance_id" {
  value       = aws_instance.main_instance.id
  description = "ID of the EC2 instance"
}

output "ec2_ssh_command" {
  description = "SSH command to access the EC2 instance"
  value       = "ssh -i ${var.public_key_path} ubuntu@${aws_instance.main_instance.public_ip} (remove .pub ext)"
}

output "vpc_id" {
  value       = aws_vpc.main_vpc.id
  description = "ID of the VPC"
}

output "vpc_arn" {
  value       = aws_vpc.main_vpc.arn
  description = "ARN of the VPC"
}

output "internet_gateway_id" {
  value       = aws_internet_gateway.main_igw.id
  description = "ID of the Internet Gateway"
}

output "subnet_id" {
  value       = aws_subnet.public_subnet.id
  description = "ID of the Public Subnet"
}

output "security_group_id" {
  value       = aws_security_group.ec2_sg.id
  description = "ID of the Security Group"
}

output "security_group_arn" {
  value       = aws_security_group.ec2_sg.arn
  description = "ARN of the Security Group"
}

output "iam_role_name" {
  value       = aws_iam_role.ec2_role.name
  description = "Name of the IAM Role"
}

output "iam_role_arn" {
  value       = aws_iam_role.ec2_role.arn
  description = "ARN of the IAM Role"
}

output "iam_instance_profile_name" {
  value       = aws_iam_instance_profile.ec2_instance_profile.name
  description = "Name of the IAM Instance Profile"
}

output "iam_instance_profile_arn" {
  value       = aws_iam_instance_profile.ec2_instance_profile.arn
  description = "ARN of the IAM Instance Profile"
}

output "ec2_policy_name" {
  value       = aws_iam_role_policy.ec2_policy.name
  description = "Name of the IAM Policy for EC2"
}

output "ec2_policy_arn" {
  value       = aws_iam_role_policy.ec2_policy.id
  description = "ARN of the IAM Policy for EC2"
}

output "key_pair_name" {
  value       = aws_key_pair.ec2_key.key_name
  description = "Name of the SSH Key Pair"
}

## iac_white_box_aws_sns_exfiltration_variables.tf
variable "region" {
  description = "AWS region for deployment"
  default     = "us-east-1"
}

variable "trusted_ip_cidr" {
  description = "Trusted IP CIDR block for SSH access"
  default     = "0.0.0.0/0" # Change to your IP address for better security
}

variable "public_key_path" {
  description = "Path to the public SSH key for EC2 access"
  type        = string
  default     = "~/.ssh/whitebox_key.pub" # Replace this with your public key path
}

variable "ami_id" {
  description = "AMI ID for the EC2 instance"
  default     = "ami-0cad6ee50670e3d0e" # Change AMI ID to your region
}

variable "instance_type" {
  description = "Instance type for the EC2 instance"
  default     = "t2.micro"
}
	provider "aws" {
	region = var.region
	}

	# Generate random ID for unique resource names
	resource "random_id" "unique" {
	byte_length = 2
	}

	# VPC for EC2
	resource "aws_vpc" "main_vpc" {
	cidr_block = "10.0.0.0/16"
	enable_dns_support = true
	enable_dns_hostnames = true
	tags = {
	Name = "whitebox-vpc-${random_id.unique.hex}"
	}
	}

	# Internet Gateway for Public Access
	resource "aws_internet_gateway" "main_igw" {
	vpc_id = aws_vpc.main_vpc.id
	tags = {
	Name = "whitebox-igw-${random_id.unique.hex}"
	}
	}

	# Public Subnet
	resource "aws_subnet" "public_subnet" {
	vpc_id = aws_vpc.main_vpc.id
	cidr_block = "10.0.1.0/24"
	map_public_ip_on_launch = true
	tags = {
	Name = "whitebox-public-subnet-${random_id.unique.hex}"
	}
	}

	# Route Table for Public Subnet
	resource "aws_route_table" "public_route_table" {
	vpc_id = aws_vpc.main_vpc.id
	route {
	cidr_block = "0.0.0.0/0"
	gateway_id = aws_internet_gateway.main_igw.id
	}
	tags = {
	Name = "whitebox-public-route-table-${random_id.unique.hex}"
	}
	}

	# Route Table Association for Public Subnet
	resource "aws_route_table_association" "public_route_table_assoc" {
	subnet_id = aws_subnet.public_subnet.id
	route_table_id = aws_route_table.public_route_table.id
	}

	# Security Group for EC2 Instance
	resource "aws_security_group" "ec2_sg" {
	vpc_id = aws_vpc.main_vpc.id
	name = "whitebox-ec2-sg-${random_id.unique.hex}"
	description = "Allow SSH access"

	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = [var.trusted_ip_cidr]
	}

	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	# IAM Role for EC2 Instance
	resource "aws_iam_role" "ec2_role" {
	name = "ec2-role-${random_id.unique.hex}"

	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Principal": {
	"Service": "ec2.amazonaws.com"
	},
	"Action": "sts:AssumeRole"
	}
	]
	}
	EOF
	}

	# IAM Policy for Basic EC2 Permissions
	resource "aws_iam_role_policy" "ec2_policy" {
	name = "ec2-policy-${random_id.unique.hex}"
	role = aws_iam_role.ec2_role.id

	policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"sns:Publish",
	"sns:CreateTopic",
	"sns:Subscribe",
	"sts:GetCallerIdentity",
	"ec2:Describe*"
	],
	"Resource": "*"
	}
	]
	}
	EOF
	}

	# Instance Profile for EC2 Role
	resource "aws_iam_instance_profile" "ec2_instance_profile" {
	name = "ec2-instance-profile-${random_id.unique.hex}"
	role = aws_iam_role.ec2_role.name
	}

	# Key Pair for SSH Access
	resource "aws_key_pair" "ec2_key" {
	key_name = "whitebox-key-${random_id.unique.hex}"
	public_key = file(var.public_key_path)
	}

	# EC2 Instance
	resource "aws_instance" "main_instance" {
	ami = var.ami_id
	instance_type = var.instance_type
	subnet_id = aws_subnet.public_subnet.id
	vpc_security_group_ids = [aws_security_group.ec2_sg.id]
	key_name = aws_key_pair.ec2_key.key_name
	associate_public_ip_address = true

	user_data = <<EOF
	#!/bin/bash
	set -e

	# Install required packages
	sudo apt-get update -y
	sudo apt-get install -y unzip curl jq git

	# Deploy GitHub credentials
	mkdir -p /home/ubuntu/.github
	echo "github_token=ghp_dummyGitHubToken123456" > /home/ubuntu/.github/credentials
	echo "github_username=exampleuser" >> /home/ubuntu/.github/credentials
	chown -R ubuntu:ubuntu /home/ubuntu/.github

	# Deploy .env file with dummy secrets
	echo "SECRET_KEY=supersecret" > /home/ubuntu/project.env
	echo "API_KEY=dummy-api-key" >> /home/ubuntu/project.env
	echo "DATABASE_URL=postgres://user:password@localhost:5432/mydb" >> /home/ubuntu/project.env
	chown ubuntu:ubuntu /home/ubuntu/project.env

	# Install AWS CLI
	curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
	unzip awscliv2.zip
	sudo ./aws/install
	EOF

	iam_instance_profile = aws_iam_instance_profile.ec2_instance_profile.name

	root_block_device {
	volume_size = 50
	volume_type = "gp3"
	}

	tags = {
	Name = "whitebox-ec2-instance-${random_id.unique.hex}"
	}
	}
	output "ec2_instance_public_ip" {
	value = aws_instance.main_instance.public_ip
	description = "Public IP address of the EC2 instance"
	}

	output "ec2_instance_id" {
	value = aws_instance.main_instance.id
	description = "ID of the EC2 instance"
	}

	output "ec2_ssh_command" {
	description = "SSH command to access the EC2 instance"
	value = "ssh -i ${var.public_key_path} ubuntu@${aws_instance.main_instance.public_ip} (remove .pub ext)"
	}

	output "vpc_id" {
	value = aws_vpc.main_vpc.id
	description = "ID of the VPC"
	}

	output "vpc_arn" {
	value = aws_vpc.main_vpc.arn
	description = "ARN of the VPC"
	}

	output "internet_gateway_id" {
	value = aws_internet_gateway.main_igw.id
	description = "ID of the Internet Gateway"
	}

	output "subnet_id" {
	value = aws_subnet.public_subnet.id
	description = "ID of the Public Subnet"
	}

	output "security_group_id" {
	value = aws_security_group.ec2_sg.id
	description = "ID of the Security Group"
	}

	output "security_group_arn" {
	value = aws_security_group.ec2_sg.arn
	description = "ARN of the Security Group"
	}

	output "iam_role_name" {
	value = aws_iam_role.ec2_role.name
	description = "Name of the IAM Role"
	}

	output "iam_role_arn" {
	value = aws_iam_role.ec2_role.arn
	description = "ARN of the IAM Role"
	}

	output "iam_instance_profile_name" {
	value = aws_iam_instance_profile.ec2_instance_profile.name
	description = "Name of the IAM Instance Profile"
	}

	output "iam_instance_profile_arn" {
	value = aws_iam_instance_profile.ec2_instance_profile.arn
	description = "ARN of the IAM Instance Profile"
	}

	output "ec2_policy_name" {
	value = aws_iam_role_policy.ec2_policy.name
	description = "Name of the IAM Policy for EC2"
	}

	output "ec2_policy_arn" {
	value = aws_iam_role_policy.ec2_policy.id
	description = "ARN of the IAM Policy for EC2"
	}

	output "key_pair_name" {
	value = aws_key_pair.ec2_key.key_name
	description = "Name of the SSH Key Pair"
	}
	variable "region" {
	description = "AWS region for deployment"
	default = "us-east-1"
	}

	variable "trusted_ip_cidr" {
	description = "Trusted IP CIDR block for SSH access"
	default = "0.0.0.0/0" # Change to your IP address for better security
	}

	variable "public_key_path" {
	description = "Path to the public SSH key for EC2 access"
	type = string
	default = "~/.ssh/whitebox_key.pub" # Replace this with your public key path
	}

	variable "ami_id" {
	description = "AMI ID for the EC2 instance"
	default = "ami-0cad6ee50670e3d0e" # Change AMI ID to your region
	}

	variable "instance_type" {
	description = "Instance type for the EC2 instance"
	default = "t2.micro"
	}