Skip to content

Configure Cloud Attack Range

Jump to bottom
jzsplunk edited this page Aug 31, 2020 · 5 revisions

Prerequisite

  1. git clone --recursive https://github.com/splunk/attack_range_cloud && cd attack_range_cloud clone project and cd into the project dir or git clone --recursive git@github.com:splunk/attack_range_cloud.git && cd attack_range_cloud (if ssh access is enforced through your git account)
  2. pip install virtualenv && virtualenv -p python3 venv && source venv/bin/activate && pip install -r requirements.txt create virtualenv and install requirements
  3. Edit cloud attack range configuration: You need to change the attack range password
cp cloud_attack_range.conf.template cloud_attack_range.conf
vim cloud_attack_range.conf

Terraform configuration

  1. brew install terraform install Terraform CLI on OSX other platforms
  2. Run Terraform init cd terraform && terraform init && cd ..
  3. brew install awscli install AWS CLI on OSX otherwise see: guide
  4. aws configure configure your AWS CLI and credentials. Specify the same region, which you specified in cloud_attack_range.conf.
  5. Generate a ssh keypair with ssh-keygen. This generates a keypair under the folder ~/.ssh/ with id_rsa and id_rsa.pub .
  6. Import the public key id_rsa.pub under the name cloud-attack-range-key-pair into AWS under EC2/Network & Security/Key Pairs. For more information visit the documentation of AWS. Please use this keys only for attack range EC2 instances because they are used to identify the EC2 instances for stop and resume.
  7. Change splunk_admin_password in cloud_attack_range.conf
  8. Navigate to https://aws.amazon.com/marketplace/pp?sku=3iplms73etrdhxdepv72l6ywj and press "Continue to Subscribe" then "Accept Terms". This will allow official Ubuntu images to be used by your AWS account.
  9. Install kubectl and Helm

Clone this wiki locally