Appears to be updated to latest tf and aws provider

AWS_AMI_MAPS.j

@@ -36,7 +36,7 @@ data "aws_ami" "centos7" {
 #############
 # Old fashioned method, manual mapping:
 variable "ubuntu_amis" {
-  type = "map"
+  type = map
   default = {
     us-east-1 = "ami-40d28157"
     us-east-2 = "ami-153e6470"

honeypot.j

@@ -3,34 +3,34 @@
 ###################
 # HoneyPot Instance
 resource "aws_instance" "honeypot" {
-  ami = "${data.aws_ami.ubuntu.id}"
+  ami = data.aws_ami.ubuntu.id
 #  ami = "${data.aws_ami.centos7.id}"
-  instance_type = "${var.Honeypot-Instance-Type}"
-  availability_zone = "${data.aws_availability_zones.available.names[0]}"
-  subnet_id = "${aws_subnet.subnet_Honeypot.id}"
-  private_ip = "${var.Honeypot-IP-Secured}"
-  ebs_optimized = "${var.EBS-Optimized}"
+  instance_type = var.Honeypot-Instance-Type
+  availability_zone = data.aws_availability_zones.available.names[0]
+  subnet_id = aws_subnet.subnet_Honeypot.id
+  private_ip = var.Honeypot-IP-Secured
+  ebs_optimized = var.EBS-Optimized
   disable_api_termination = false
   associate_public_ip_address = true
   instance_initiated_shutdown_behavior = "terminate"
-  key_name = "${var.AWS-Key-Pair-Name}"
-  vpc_security_group_ids = ["${aws_security_group.sg_honeypot_secured_access.id}"]
-  depends_on    = ["aws_internet_gateway.gw_primary"]
+  key_name = var.AWS-Key-Pair-Name
+  vpc_security_group_ids = [ aws_security_group.sg_honeypot_secured_access.id ]
+  depends_on    = [ aws_internet_gateway.gw_primary ]
 
-  tags {
+  tags = {
     Name = "honeypot"
   }
 
   root_block_device {
-    volume_type = "${ var.Default-Volume-Type }"
-    volume_size = "${ var.Honeypot-Volume-Size }" # Gigabytes
+    volume_type = var.Default-Volume-Type
+    volume_size = var.Honeypot-Volume-Size # Gigabytes
     delete_on_termination = true
   }
 
   ebs_block_device {
     device_name = "/dev/sdd"
-    volume_size = "${var.Swap-Volume-Size}"
-    volume_type = "${var.Swap-Volume-Type}"
+    volume_size = var.Swap-Volume-Size
+    volume_type = var.Swap-Volume-Type
     delete_on_termination = true
   }
 
@@ -77,12 +77,12 @@ EOF
 
 # Create the "bad" network interface
 resource "aws_network_interface" "honeypot_if" {
-  subnet_id = "${aws_subnet.subnet_Honeypot.id}"
-  security_groups = ["${aws_security_group.sg_all_open.id}"]
-  private_ips = ["${var.Honeypot-IP-Unsecured}"]
+  subnet_id = aws_subnet.subnet_Honeypot.id
+  security_groups = [aws_security_group.sg_all_open.id]
+  private_ips = [var.Honeypot-IP-Unsecured]
  
   attachment { 
-    instance = "${aws_instance.honeypot.id}"
+    instance = aws_instance.honeypot.id
     device_index = 1
   }
 }
@@ -90,35 +90,35 @@ resource "aws_network_interface" "honeypot_if" {
 # Give bad interface an EIP
 resource "aws_eip" "eip_honeypot" {
   vpc                       = true
-  network_interface         = "${aws_network_interface.honeypot_if.id}"
+  network_interface         = aws_network_interface.honeypot_if.id
 }
 
 
 # Give me the IP Addresses
 output "honeypot_mgmt_ip" {
-    value = "${aws_instance.honeypot.public_ip}"
+    value = aws_instance.honeypot.public_ip
 }
 
 output "honeypot_untrusted_ip" {
-    value = "${aws_eip.eip_honeypot.public_ip}"
+    value = aws_eip.eip_honeypot.public_ip
 }
 
 # Give me DNS entries
 resource "aws_route53_record" "honeypot" {
-  zone_id = "${var.Domain-Zone-ID}"
+  zone_id = var.Domain-Zone-ID
   name = "honeypot.lab.${var.Domain-Name}"
   type = "A"
   ttl = "300"
-  records = ["${aws_instance.honeypot.public_ip}"]
+  records = [ aws_instance.honeypot.public_ip ]
 }
 resource "aws_route53_record" "honeypot_pvt" {
-  zone_id = "${var.Domain-Zone-ID}"
+  zone_id = var.Domain-Zone-ID
   name = "honeypot_pvt.lab.${var.Domain-Name}"
   type = "A"
   ttl = "300"
-  records = ["${aws_instance.honeypot.private_ip}"]
+  records = [aws_instance.honeypot.private_ip]
 }
 output "honeypot_dns" {
-  value = "${aws_route53_record.honeypot.name}"
+  value = aws_route53_record.honeypot.name
 }
 

network_acl.j

@@ -38,7 +38,7 @@ resource "aws_network_acl" "acl_public" {
         to_port = 0
     }
 
-    tags {
+    tags = {
         Name = "Public Subnets"
     }
 }

security.j

@@ -5,14 +5,14 @@
 resource "aws_security_group" "sg_honeypot_secured_access" {
   name        = "sg_honeypot_secured_access"
   description = "Allows ssh from me. Allows select outbound for updates and such."
-  vpc_id      = "${aws_vpc.vpc_primary.id}"
+  vpc_id      = aws_vpc.vpc_primary.id
 
   # SSH for management from me
   ingress {
     from_port = 22
     to_port = 22
     protocol = "tcp"
-    cidr_blocks = ["${var.Trusted-CIDR}", "${var.VPC-Subnet}"]
+    cidr_blocks = concat(var.Trusted-CIDR, [ var.VPC-Subnet ])
   }
 
   # Outbound Access
@@ -71,38 +71,38 @@ resource "aws_security_group" "sg_honeypot_secured_access" {
 resource "aws_security_group" "sg_splunk_secured_access" {
   name        = "sg_splunk_secured_access"
   description = "Allows ssh, http, and https from me. Allows select outbound for updates and such."
-  vpc_id      = "${aws_vpc.vpc_primary.id}"
+  vpc_id      = aws_vpc.vpc_primary.id
 
   # SSH for management from me
   ingress {
     from_port = 22
     to_port = 22
     protocol = "tcp"
-    cidr_blocks = ["${var.Trusted-CIDR}"]
+    cidr_blocks = var.Trusted-CIDR
   }
   ingress {
     from_port = 80
     to_port = 80
     protocol = "tcp"
-    cidr_blocks = ["${var.Trusted-CIDR}"]
+    cidr_blocks = var.Trusted-CIDR
   }
   ingress {
     from_port = 443
     to_port = 443
     protocol = "tcp"
-    cidr_blocks = ["${var.Trusted-CIDR}"]
+    cidr_blocks = var.Trusted-CIDR
   }
   ingress {
     from_port = 8089
     to_port = 8089
     protocol = "tcp"
-    cidr_blocks = ["${var.VPC-Subnet}"]
+    cidr_blocks = [var.VPC-Subnet]
   }
   ingress {
     from_port = 9997
     to_port = 9997
     protocol = "tcp"
-    cidr_blocks = ["${var.VPC-Subnet}"]
+    cidr_blocks = [var.VPC-Subnet]
   }
 
   # Outbound Access
@@ -149,7 +149,7 @@ resource "aws_security_group" "sg_splunk_secured_access" {
 resource "aws_security_group" "sg_all_open" {
   name        = "sg_all_open"
   description = "Allows everything."
-  vpc_id      = "${aws_vpc.vpc_primary.id}"
+  vpc_id      = aws_vpc.vpc_primary.id
 
   # SSH for management from me
   ingress {
@@ -167,5 +167,3 @@ resource "aws_security_group" "sg_all_open" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 }
-
-

splunk_server.j

@@ -3,34 +3,34 @@
 ###################
 # Splunk_Server Instance
 resource "aws_instance" "splunk-hp" {
-  ami = "${data.aws_ami.ubuntu.id}"
-#  ami = "${data.aws_ami.centos7.id}"
-  instance_type = "${var.Splunk-Instance-Type}"
-  availability_zone = "${data.aws_availability_zones.available.names[0]}"
-  subnet_id = "${aws_subnet.subnet_Splunk.id}"
-  private_ip = "${var.Splunk-IP}"
-  ebs_optimized = "${var.EBS-Optimized}"
+  ami = data.aws_ami.ubuntu.id
+#  ami = data.aws_ami.centos7.id
+  instance_type = var.Splunk-Instance-Type
+  availability_zone = data.aws_availability_zones.available.names[0]
+  subnet_id = aws_subnet.subnet_Splunk.id
+  private_ip = var.Splunk-IP
+  ebs_optimized = var.EBS-Optimized
   disable_api_termination = false
   associate_public_ip_address = true
   instance_initiated_shutdown_behavior = "terminate"
-  key_name = "${var.AWS-Key-Pair-Name}"
-  vpc_security_group_ids = ["${aws_security_group.sg_splunk_secured_access.id}"]
-  depends_on    = ["aws_internet_gateway.gw_primary"]
+  key_name = var.AWS-Key-Pair-Name
+  vpc_security_group_ids = [aws_security_group.sg_splunk_secured_access.id]
+  depends_on    = [aws_internet_gateway.gw_primary]
 
-  tags {
+  tags = {
     Name = "splunk-hp"
   }
 
   root_block_device {
-    volume_type = "${ var.Default-Volume-Type }"
-    volume_size = "${ var.Splunk-Volume-Size }" # Gigabytes
+    volume_type =  var.Default-Volume-Type
+    volume_size =  var.Splunk-Volume-Size # Gigabytes
     delete_on_termination = true
   }
 
   ebs_block_device {
     device_name = "/dev/sdd"
-    volume_size = "${var.Swap-Volume-Size}"
-    volume_type = "${var.Swap-Volume-Type}"
+    volume_size = var.Swap-Volume-Size
+    volume_type = var.Swap-Volume-Type
     delete_on_termination = true
   }
 
@@ -77,25 +77,25 @@ EOF
 
 # Give me the IP Addresses
 output "splunk-hp_ip" {
-    value = "${aws_instance.splunk-hp.public_ip}"
+    value = aws_instance.splunk-hp.public_ip
 }
 
 # Give me DNS entries
 resource "aws_route53_record" "splunk-hp" {
-  zone_id = "${var.Domain-Zone-ID}"
+  zone_id = var.Domain-Zone-ID
   name = "splunk-hp.lab.${var.Domain-Name}"
   type = "A"
   ttl = "300"
-  records = ["${aws_instance.splunk-hp.public_ip}"]
+  records = [aws_instance.splunk-hp.public_ip]
 }
 resource "aws_route53_record" "splunk-hp_pvt" {
-  zone_id = "${var.Domain-Zone-ID}"
+  zone_id = var.Domain-Zone-ID
   name = "splunk-hp_pvt.lab.${var.Domain-Name}"
   type = "A"
   ttl = "300"
-  records = ["${aws_instance.splunk-hp.private_ip}"]
+  records = [aws_instance.splunk-hp.private_ip]
 }
 output "splunk-hp_dns" {
-  value = "${aws_route53_record.splunk-hp.name}"
+  value = aws_route53_record.splunk-hp.name
 }
 

variables.include

@@ -22,7 +22,7 @@
 {# These IPs will have direct access to instances. Should include  #}
 {# the terraform master's IP address, as well as your workstation  #}
 {# or home IP. Can contain multiple entries.                       #}
-{% set Trusted_CIDR = '["99.56.213.129/32"]'  %}
+{% set Trusted_CIDR = '["0.0.0.0/0"]'  %}
 
 {###########################################}
 {# Optional Variables                      #}

variables.j

@@ -4,31 +4,31 @@
 # These MUST be configured
 variable "AWS-Key-Pair-Name" {
   description = "Name of the keypair in AWS"
-  type = "string"
+  type = string
   default = "{{ var.AWS_Key_Pair_Name }}"
 }
 
 variable "Private-Key-File" {
   description = "The name of the file containing your private key"
-  type = "string"
+  type = string
   default = "{{ var.Private_Key_File }}"
 }
 
 variable "Domain-Name" {
   description = "Your domain name (hosted in Route53)"
-  type = "string"
+  type = string
   default = "{{ var.Domain_Name }}"
 }
 
 variable "Domain-Zone-ID" {
   description = "The Zone ID of the Domain-Name in Route53"
-  type = "string"
+  type = string
   default = "{{ var.Domain_Zone_ID }}"
 }
 
 variable "Trusted-CIDR" {
   description = "Trusted source addresses in CIDR notation."
-  type = "list"
+  type = list
   default =  {{ var.Trusted_CIDR }}
 }
 
@@ -38,43 +38,43 @@ variable "Trusted-CIDR" {
 # will usually work.
 variable "region" {
   description = "Which AWS region do you wish to deploy to?"
-  type = "string"
+  type = string
   default = "{{ var.AWS_Region }}"
 }
 
 variable "VPC-Subnet" {
   description = "The full subnet for your VPC (to be split into 2 subnets)"
-  type = "string"
+  type = string
   default = "10.66.0.0/16"
 }
 
 variable "Honeypot-Subnet" {
   description = "The CIDR for the Honeypot subnet. Must be a subnet of VPC-Subnet"
-  type = "string"
+  type = string
   default = "10.66.0.0/24"
 }
 
 variable "Honeypot-IP-Secured" {
   description = "The private IP for the secured interface. Note that this must be greater than that of the secured interface."
-  type = "string"
+  type = string
   default = "10.66.0.20"
 }
 
 variable "Honeypot-IP-Unsecured" {
   description = "The private IP for the unsecured interace."
-  type = "string"
+  type = string
   default = "10.66.0.10"
 }
 
 variable "Splunk-Subnet" {
   description = "The CIDR for the Splunk subnet. Must be a subnet of VPC-Subnet"
-  type = "string"
+  type = string
   default = "10.66.1.0/24"
 }
 
 variable "Splunk-IP" {
   description = "The IP for the Splunk instance."
-  type = "string"
+  type = string
   default = "10.66.1.10"
 }
 
@@ -84,49 +84,52 @@ variable "Splunk-IP" {
 # your performance, here's where you can tune.
 variable "Honeypot-Instance-Type" {
   description = "What size instances do you want to deploy?"
-  type = "string"
-  default = "t2.micro"
+  type = string
+  #default = "t2.micro"
+  default = "t3.2xlarge"
 }
 
 variable "Splunk-Instance-Type" {
   description = "What size instances do you want to deploy?"
-  type = "string"
-  default = "t2.micro"
+  type = string
+  default = "t3.2xlarge"
+  #default = "t2.micro"
 }
 
 variable "EBS-Optimized" {
   description = "Should instances be deployed as EBS optimized?"
-  type = "string"
-  default = false
+  type = string
+  #default = false
+  default = true
 }
 
 variable "Honeypot-Volume-Size" {
   description = "How much swap do you need?"
-  type = "string"
+  type = string
   default = 10
 }
 
 variable "Splunk-Volume-Size" {
   description = "How much swap do you need?"
-  type = "string"
+  type = string
   default = 10
 }
 
 variable "Swap-Volume-Size" {
   description = "How much swap do you need?"
-  type = "string"
+  type = string
   default = 2
 }
 
 variable "Swap-Volume-Type" {
   description = "Type of storage for the swap volume."
-  type = "string"
+  type = string
   default = "gp2"
 }
 
 variable "Default-Volume-Type" {
   description = "Type of storage for the default volumes."
-  type = "string"
+  type = string
   default = "gp2"
 }
 

vpcs_and_subnets.j

@@ -6,13 +6,13 @@ resource "aws_vpc" "vpc_primary" {
   cidr_block = "${var.VPC-Subnet}"
   enable_dns_support = true
   enable_dns_hostnames = true
-  tags {
+  tags = {
     Name = "Primary VPC"
   }
 }
 resource "aws_internet_gateway" "gw_primary" {
   vpc_id = "${aws_vpc.vpc_primary.id}"
-  tags {
+  tags = {
     Name = "Primary Gateway"
   }
 }
@@ -26,7 +26,7 @@ resource "aws_subnet" "subnet_Honeypot" {
   cidr_block = "${var.Honeypot-Subnet}"
   availability_zone = "${data.aws_availability_zones.available.names[0]}"
   map_public_ip_on_launch = true
-  tags {
+  tags = {
     Name = "HoneyPot"
   }
 }
@@ -35,7 +35,7 @@ resource "aws_subnet" "subnet_Splunk" {
   cidr_block = "${var.Splunk-Subnet}"
   availability_zone = "${data.aws_availability_zones.available.names[0]}"
   map_public_ip_on_launch = true
-  tags {
+  tags = {
     Name = "Splunk Subnet"
   }
 }
@@ -48,7 +48,7 @@ resource "aws_route_table" "r" {
         cidr_block = "0.0.0.0/0"
         gateway_id = "${aws_internet_gateway.gw_primary.id}"
     }
-  tags {
+  tags = {
     Name = "Primary Route Table"
   }
 }