This repo contains multiple scripts used to launch, manage, and use the Contrast Security Hosted Demo Environment. The demo environment is comprised of a "virtual developer workstation" and related services hosted in AWS, which enables demonstrations of Contrast's innovative application security monitoring and protection platform.
The provided shell scripts are meant to be run from a Mac. The included PowerShell scripts are meant to be used from within the Windows "virtual developer workstation" for demonstration additional Contrast capabilities.
The /bin folder contains various scripts; below is more information about each one.
This script will add a new AWS security group inbound TCP rule for the user-specified port number.
Usage: ./add_ingress_ports_to_demo_security_groups.sh [port number]
Example:
./add_ingress_ports_to_demo_security_groups.sh 8080
This script will add a new AWS security group inbound TCP rule
for RDP (3389) using the current IP address for the specified region and security group.
Usage: `./add_my_ip_to_demo_security_group.sh [your target AWS region]
Example:
./add_my_ip_to_demo_security_group.sh us-east-1 ContrastDemo-Sam-Spade
This script will copy a source AMI across all AWS regions. The source AMI is identified based on its name and source AWS region.
Usage: ./copy_ami_to_all_regions.sh [source AMI name] [source region]
Example:
./copy_ami_to_all_regions.sh hde-0.1.0 us-east-1
This script will create a security group call ContrastDemo across all AWS regions.
Usage: ./create_demo_security_groups.sh
This script will launch a new Contrast demo "virtual developer workstation". It expects 5 input arguments:
- Demo version/name of the latest demo EC2 AMI – you can specify default and that will automatically launch the latest AMI
- Customer name or description, so your instance can be distinguished among your other demo instances
- Your name, to help identify instances you’ve created
- Your target AWS region, which should be closest to your geographic location (find your closest region at https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html)
- Number of hours you need to keep the instance running – the instance will automatically terminate after the specified number of hours (if
0is specified, then no auto-termination alarm will be set; if a value greater than24is specified, then the maximum allowed value of 24 will be set)
Usage: ./demo_contrast.sh [demo version] [customer name or description] [your name] [your target AWS region] [hours to keep demo running]
Example:
./demo_contrast.sh default 'Johns Demo Instance' 'John Smith' us-west-1 2
This script will deregister AMIs across all AWS regions based on the specified AMI name. It is meant to be used to easily deregister obsolete Contrast demo workstation AMIs.
Usage: ./deregister_ami_across_regions.sh [target AMI name]
Example:
./deregister_ami_across_regions.sh hde-0.1.0
The following PowerShell scripts are designed to only be run from within a Contrast demo "virtual developer workstation". There are located in C:\Contrast within the demo workstation.
This script will launch a Linux EC2 instance from within a Windows "virtual developer workstation" to support a Ruby RailsSGoat demonstration. The result is a Linux server in the same AWS VPC that is pre-configured to serve RailsGoat and connect to the Contrast TeamServer running on the Wndows workstation. This script will only allow for one running child Linux instance with RailsGoat that will automatically be terminated after 24 hours.
Usage: .\CreateRailsGoatInstance.ps1
This script will wait for 120 seconds, then stop the Contrast .NET agent service and start it up again to ensure it is active and running.
Usage: .\dotNet_agent_delayed_start.ps1
This script will terminate all Linux EC2 instances that are associated with the Windows "virtual developer workstation" from which it is run. If multiple Linux instances for RailsGoat were launched, this script will terminate all running instances.
Usage: .\TerminateRailsGoatInstances.ps1
This script is kindly borrowed from https://gist.github.com/Gonzales/e000b7c2e72e13701c77431d3a2ffd73. It fixes an issue with AWS Windows 2016 AMIs where it does not properly register routes to 169.254.169.254 by default, the AWS EC2 meta-data service to get information about a running instance from within an instance itself. This script is automatically run upon startup from the Contrast demo "virtual developer workstation" and should not need to be run again.
Usage: .\win_2016_aws_network_fix.ps1