Splunk
/
FredsHoneyPot


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124
							{% import 'variables.include' as var %}

###################
# HoneyPot Instance
resource "aws_instance" "honeypot" {
  ami = data.aws_ami.ubuntu.id
#  ami = "${data.aws_ami.centos7.id}"
  instance_type = var.Honeypot-Instance-Type
  availability_zone = data.aws_availability_zones.available.names[0]
  subnet_id = aws_subnet.subnet_Honeypot.id
  private_ip = var.Honeypot-IP-Secured
  ebs_optimized = var.EBS-Optimized
  disable_api_termination = false
  associate_public_ip_address = true
  instance_initiated_shutdown_behavior = "terminate"
  key_name = var.AWS-Key-Pair-Name
  vpc_security_group_ids = [ aws_security_group.sg_honeypot_secured_access.id ]
  depends_on    = [ aws_internet_gateway.gw_primary ]

  tags = {
    Name = "honeypot"
  }

  root_block_device {
    volume_type = var.Default-Volume-Type
    volume_size = var.Honeypot-Volume-Size # Gigabytes
    delete_on_termination = true
  }

  ebs_block_device {
    device_name = "/dev/sdd"
    volume_size = var.Swap-Volume-Size
    volume_type = var.Swap-Volume-Type
    delete_on_termination = true
  }

  user_data = <<EOF
#cloud-config
package_update: true
package_upgrade: true
packages:
  - git
  - vim
  - wget
  - curl
  - tcpdump
  - python
runcmd:
  - mkswap /dev/xvdd
  - swapon -a
  - git clone https://github.com/fdamstra/python_multithreaded_socket_logger.git /opt/multithreaded_socket_logger
  - bash /opt/multithreaded_socket_logger/honeypot_init.sh
mounts:
  - [ xvdd, none, swap, sw, 0, 0 ]
growpart:
  mode: auto
  devices: ['/']
  ignore_growroot_disabled: false
power_state:
  delay: "+1"
  mode: "reboot"
  message: "Rebooting after first init."
  condition: True
EOF
# To reboot, add the following above the EOF line:
# power_state:
#   delay: "+0"
#   mode: "reboot"
#   message: "Rebooting after first init."
#   condition: True

  # Fix issues with cached keys. Arguably less secure, but also way less annoying
  provisioner "local-exec" {
    command = "ssh-keygen -f ~/.ssh/known_hosts -R honeypot.lab.${var.Domain-Name}"
  }
}

# Create the "bad" network interface
resource "aws_network_interface" "honeypot_if" {
  subnet_id = aws_subnet.subnet_Honeypot.id
  security_groups = [aws_security_group.sg_all_open.id]
  private_ips = [var.Honeypot-IP-Unsecured]
 
  attachment { 
    instance = aws_instance.honeypot.id
    device_index = 1
  }
}

# Give bad interface an EIP
resource "aws_eip" "eip_honeypot" {
  vpc                       = true
  network_interface         = aws_network_interface.honeypot_if.id
}


# Give me the IP Addresses
output "honeypot_mgmt_ip" {
    value = aws_instance.honeypot.public_ip
}

output "honeypot_untrusted_ip" {
    value = aws_eip.eip_honeypot.public_ip
}

# Give me DNS entries
resource "aws_route53_record" "honeypot" {
  zone_id = var.Domain-Zone-ID
  name = "honeypot.lab.${var.Domain-Name}"
  type = "A"
  ttl = "300"
  records = [ aws_instance.honeypot.public_ip ]
}
resource "aws_route53_record" "honeypot_pvt" {
  zone_id = var.Domain-Zone-ID
  name = "honeypot_pvt.lab.${var.Domain-Name}"
  type = "A"
  ttl = "300"
  records = [aws_instance.honeypot.private_ip]
}
output "honeypot_dns" {
  value = aws_route53_record.honeypot.name
}