diff --git a/terraform/aws/ec2_dup.tf b/terraform/aws/ec2_dup.tf new file mode 100644 index 0000000000..00e0ba940f --- /dev/null +++ b/terraform/aws/ec2_dup.tf @@ -0,0 +1,308 @@ +resource "aws_instance" "web_host" { + # ec2 have plain text secrets in user data + ami = "${var.ami}" + instance_type = "t2.nano" + + vpc_security_group_ids = [ + "${aws_security_group.web-node.id}"] + subnet_id = "${aws_subnet.web_subnet.id}" + user_data = <Deployed via Terraform" | sudo tee /var/www/html/index.html +EOF + tags = merge({ + Name = "${local.resource_prefix.value}-ec2" + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "347af3cd-4f70-4632-aca3-4d5e30ffc0b6" + }) +} + +resource "aws_ebs_volume" "web_host_storage" { + # unencrypted volume + availability_zone = "${var.region}a" + #encrypted = false # Setting this causes the volume to be recreated on apply + size = 1 + tags = merge({ + Name = "${local.resource_prefix.value}-ebs" + }, { + git_commit = "d3439f0f2af62f6fa3521e14d6c27819ef8f12e1" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2021-05-02 11:17:26" + git_last_modified_by = "nimrodkor@users.noreply.github.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "c5509daf-10f0-46af-9e03-41989212521d" + }) +} + +resource "aws_ebs_snapshot" "example_snapshot" { + # ebs snapshot without encryption + volume_id = "${aws_ebs_volume.web_host_storage.id}" + description = "${local.resource_prefix.value}-ebs-snapshot" + tags = merge({ + Name = "${local.resource_prefix.value}-ebs-snapshot" + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "c1008080-ec2f-4512-a0d0-2e9330aa58f0" + }) +} + +resource "aws_volume_attachment" "ebs_att" { + device_name = "/dev/sdh" + volume_id = "${aws_ebs_volume.web_host_storage.id}" + instance_id = "${aws_instance.web_host.id}" +} + +resource "aws_security_group" "web-node" { + # security group is open to the world in SSH port + name = "${local.resource_prefix.value}-sg" + description = "${local.resource_prefix.value} Security Group" + vpc_id = aws_vpc.web_vpc.id + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = [ + "0.0.0.0/0"] + } + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [ + "0.0.0.0/0"] + } + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = [ + "0.0.0.0/0"] + } + depends_on = [aws_vpc.web_vpc] + tags = { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "b7af1b40-64eb-4519-a1a0-ab198db4b193" + } +} + +resource "aws_vpc" "web_vpc" { + cidr_block = "172.16.0.0/16" + enable_dns_hostnames = true + enable_dns_support = true + tags = merge({ + Name = "${local.resource_prefix.value}-vpc" + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "9bf2359b-952e-4570-9595-52eba4c20473" + }) +} + +resource "aws_subnet" "web_subnet" { + vpc_id = aws_vpc.web_vpc.id + cidr_block = "172.16.10.0/24" + availability_zone = "${var.region}a" + map_public_ip_on_launch = true + + tags = merge({ + Name = "${local.resource_prefix.value}-subnet" + }, { + git_commit = "6e62522d2ab8f63740e53752b84a6e99cd65696a" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2021-05-02 11:16:31" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "0345f650-d280-4ca8-86c9-c71c38c0eda8" + }) +} + +resource "aws_subnet" "web_subnet2" { + vpc_id = aws_vpc.web_vpc.id + cidr_block = "172.16.11.0/24" + availability_zone = "${var.region}b" + map_public_ip_on_launch = true + + tags = merge({ + Name = "${local.resource_prefix.value}-subnet2" + }, { + git_commit = "6e62522d2ab8f63740e53752b84a6e99cd65696a" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2021-05-02 11:16:31" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "224af03a-00e0-4981-be30-14965833c2db" + }) +} + + +resource "aws_internet_gateway" "web_igw" { + vpc_id = aws_vpc.web_vpc.id + + tags = merge({ + Name = "${local.resource_prefix.value}-igw" + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "d8e63cb4-2fb5-4726-9c86-5fd05ef03674" + }) +} + +resource "aws_route_table" "web_rtb" { + vpc_id = aws_vpc.web_vpc.id + + tags = merge({ + Name = "${local.resource_prefix.value}-rtb" + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "5e4fee6e-a6aa-4b61-a741-47c5efb463e1" + }) +} + +resource "aws_route_table_association" "rtbassoc" { + subnet_id = aws_subnet.web_subnet.id + route_table_id = aws_route_table.web_rtb.id +} + +resource "aws_route_table_association" "rtbassoc2" { + subnet_id = aws_subnet.web_subnet2.id + route_table_id = aws_route_table.web_rtb.id +} + +resource "aws_route" "public_internet_gateway" { + route_table_id = aws_route_table.web_rtb.id + destination_cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.web_igw.id + + timeouts { + create = "5m" + } +} + + +resource "aws_network_interface" "web-eni" { + subnet_id = aws_subnet.web_subnet.id + private_ips = ["172.16.10.100"] + + tags = merge({ + Name = "${local.resource_prefix.value}-primary_network_interface" + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "7e2ffea8-739f-467d-b57b-53cbc0d7ccbe" + }) +} + +# VPC Flow Logs to S3 +resource "aws_flow_log" "vpcflowlogs" { + log_destination = aws_s3_bucket.flowbucket.arn + log_destination_type = "s3" + traffic_type = "ALL" + vpc_id = aws_vpc.web_vpc.id + + tags = merge({ + Name = "${local.resource_prefix.value}-flowlogs" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "6808d4b7-45bc-4d1d-9523-96757a3add3a" + }) +} + +resource "aws_s3_bucket" "flowbucket" { + bucket = "${local.resource_prefix.value}-flowlogs" + force_destroy = true + + tags = merge({ + Name = "${local.resource_prefix.value}-flowlogs" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/ec2.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "f058838a-b1e0-4383-b965-7e06e987ffb1" + }) +} + +output "ec2_public_dns" { + description = "Web Host Public DNS name" + value = aws_instance.web_host.public_dns +} + +output "vpc_id" { + description = "The ID of the VPC" + value = aws_vpc.web_vpc.id +} + +output "public_subnet" { + description = "The ID of the Public subnet" + value = aws_subnet.web_subnet.id +} + +output "public_subnet2" { + description = "The ID of the Public subnet" + value = aws_subnet.web_subnet2.id +} diff --git a/terraform/aws/providers1.tf b/terraform/aws/providers1.tf new file mode 100644 index 0000000000..17968919c9 --- /dev/null +++ b/terraform/aws/providers1.tf @@ -0,0 +1,18 @@ + +provider "aws" { + profile = var.profile + region = var.region +} + +provider "aws" { + alias = "plain_text_access_keys_provider" + region = "us-west-1" + access_key = "AKIAIOSFODNN7EXAMPLE" + secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" +} + +terraform { + backend "s3" { + encrypt = true + } +} diff --git a/terraform/aws/s3_dup.tf b/terraform/aws/s3_dup.tf new file mode 100644 index 0000000000..a2a2ed78fe --- /dev/null +++ b/terraform/aws/s3_dup.tf @@ -0,0 +1,141 @@ +resource "aws_s3_bucket" "data" { + # bucket is public + # bucket is not encrypted + # bucket does not have access logs + # bucket does not have versioning + bucket = "${local.resource_prefix.value}-data" + force_destroy = true + tags = merge({ + Name = "${local.resource_prefix.value}-data" + Environment = local.resource_prefix.value + }, { + git_commit = "4d57f83ca4d3a78a44fb36d1dcf0d23983fa44f5" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2022-05-18 07:08:06" + git_last_modified_by = "nimrod@bridgecrew.io" + git_modifiers = "34870196+LironElbaz/nimrod/nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "0874007d-903a-4b4c-945f-c9c233e13243" + }) +} + +resource "aws_s3_bucket_object" "data_object" { + bucket = aws_s3_bucket.data.id + key = "customer-master.xlsx" + source = "resources/customer-master.xlsx" + tags = merge({ + Name = "${local.resource_prefix.value}-customer-master" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "a7f01cc7-63c2-41a8-8555-6665e5e39a64" + }) +} + +resource "aws_s3_bucket" "financials" { + # bucket is not encrypted + # bucket does not have access logs + # bucket does not have versioning + bucket = "${local.resource_prefix.value}-financials" + acl = "private" + force_destroy = true + tags = merge({ + Name = "${local.resource_prefix.value}-financials" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "0e012640-b597-4e5d-9378-d4b584aea913" + }) + +} + +resource "aws_s3_bucket" "operations" { + # bucket is not encrypted + # bucket does not have access logs + bucket = "${local.resource_prefix.value}-operations" + acl = "private" + versioning { + enabled = true + } + force_destroy = true + tags = merge({ + Name = "${local.resource_prefix.value}-operations" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "29efcf7b-22a8-4bd6-8e14-1f55b3a2d743" + }) +} + +resource "aws_s3_bucket" "data_science" { + # bucket is not encrypted + bucket = "${local.resource_prefix.value}-data-science" + acl = "private" + versioning { + enabled = true + } + logging { + target_bucket = "${aws_s3_bucket.logs.id}" + target_prefix = "log/" + } + force_destroy = true + tags = { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "9a7c8788-5655-4708-bbc3-64ead9847f64" + } +} + +resource "aws_s3_bucket" "logs" { + bucket = "${local.resource_prefix.value}-logs" + acl = "log-delivery-write" + versioning { + enabled = true + } + server_side_encryption_configuration { + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + kms_master_key_id = "${aws_kms_key.logs_key.arn}" + } + } + } + force_destroy = true + tags = merge({ + Name = "${local.resource_prefix.value}-logs" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "01946fe9-aae2-4c99-a975-e9b0d3a4696c" + }) +} diff --git a/terraform/aws/s3_live.tf b/terraform/aws/s3_live.tf new file mode 100644 index 0000000000..a2a2ed78fe --- /dev/null +++ b/terraform/aws/s3_live.tf @@ -0,0 +1,141 @@ +resource "aws_s3_bucket" "data" { + # bucket is public + # bucket is not encrypted + # bucket does not have access logs + # bucket does not have versioning + bucket = "${local.resource_prefix.value}-data" + force_destroy = true + tags = merge({ + Name = "${local.resource_prefix.value}-data" + Environment = local.resource_prefix.value + }, { + git_commit = "4d57f83ca4d3a78a44fb36d1dcf0d23983fa44f5" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2022-05-18 07:08:06" + git_last_modified_by = "nimrod@bridgecrew.io" + git_modifiers = "34870196+LironElbaz/nimrod/nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "0874007d-903a-4b4c-945f-c9c233e13243" + }) +} + +resource "aws_s3_bucket_object" "data_object" { + bucket = aws_s3_bucket.data.id + key = "customer-master.xlsx" + source = "resources/customer-master.xlsx" + tags = merge({ + Name = "${local.resource_prefix.value}-customer-master" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "a7f01cc7-63c2-41a8-8555-6665e5e39a64" + }) +} + +resource "aws_s3_bucket" "financials" { + # bucket is not encrypted + # bucket does not have access logs + # bucket does not have versioning + bucket = "${local.resource_prefix.value}-financials" + acl = "private" + force_destroy = true + tags = merge({ + Name = "${local.resource_prefix.value}-financials" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "0e012640-b597-4e5d-9378-d4b584aea913" + }) + +} + +resource "aws_s3_bucket" "operations" { + # bucket is not encrypted + # bucket does not have access logs + bucket = "${local.resource_prefix.value}-operations" + acl = "private" + versioning { + enabled = true + } + force_destroy = true + tags = merge({ + Name = "${local.resource_prefix.value}-operations" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "29efcf7b-22a8-4bd6-8e14-1f55b3a2d743" + }) +} + +resource "aws_s3_bucket" "data_science" { + # bucket is not encrypted + bucket = "${local.resource_prefix.value}-data-science" + acl = "private" + versioning { + enabled = true + } + logging { + target_bucket = "${aws_s3_bucket.logs.id}" + target_prefix = "log/" + } + force_destroy = true + tags = { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "9a7c8788-5655-4708-bbc3-64ead9847f64" + } +} + +resource "aws_s3_bucket" "logs" { + bucket = "${local.resource_prefix.value}-logs" + acl = "log-delivery-write" + versioning { + enabled = true + } + server_side_encryption_configuration { + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + kms_master_key_id = "${aws_kms_key.logs_key.arn}" + } + } + } + force_destroy = true + tags = merge({ + Name = "${local.resource_prefix.value}-logs" + Environment = local.resource_prefix.value + }, { + git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" + git_file = "terraform/aws/s3.tf" + git_last_modified_at = "2020-06-16 14:46:24" + git_last_modified_by = "nimrodkor@gmail.com" + git_modifiers = "nimrodkor" + git_org = "bridgecrewio" + git_repo = "terragoat" + yor_trace = "01946fe9-aae2-4c99-a975-e9b0d3a4696c" + }) +}