Hello! Welcome to the code that I've written called the AWSome Honey Pot. The purpose of the repository is to house Terraform templates and files that are used to create a HoneyPot within AWS using T-Pot.
I've received a lot of my guidance on how to create this from the following articles:
It is a fantastic read, and I do encourage you all to read this article.
In order to execute deploy this infrastructure, you'll need to ensure you have the following installed:
- Subscribe to Debian Buster AMI - ABSOLUTE REQUIREMENT!
- Terraform v1.3+
- AWS CLI
NOTE You'll need to have this installed so you can configure your aws profile prior to deployment.
For more information about installing the necessary technologies, feel free to check out these resources:
Assuming you have your AWS CLI configured properly for your account, you'll need to execute the following commands:
-
Modify the
main.tf
file inside of the workspace folder and insert your a list of IP addresses that you would like to access the administration panel and SSH into the machine.resource "aws_security_group" "tpot_security_group" { ... ingress { from_port = 64294 to_port = 64294 protocol = "tcp" cidr_blocks = ["your_ip_addr_cidr"] # Change your IP address here } ingress { from_port = 64295 to_port = 64295 protocol = "tcp" cidr_blocks = ["your_ip_addr_cidr"] # Change to your IP address here } ingress { from_port = 64297 to_port = 64297 protocol = "tcp" cidr_blocks = ["your_ip_addr_cidr"] # Change to your IP address here } ... }
-
Initialize Terraform
$ terraform init
-
Apply the entire plan to the AWS account
$ terraform apply -auto-approve
NOTE: This will take between 15-30 minutes. Feel free to step away while this is working. It is deploying your infrastructure to your account.
Once the plan has been created and applied, a private key should be created within the workspace folder called
hp_key_pair.pem
. You can use this key to ssh into the instance. -
Verify that everything is up.
- Log into the admin portal (https://<your_instance_ip>:64297) using the credentials listed below:
username: webuser password: w3b$ecret
After logging in, you should be redirected to this page:
If not, check your security groups and ensure you have whitelisted the right IP address CIDRs.
If at any point you want to clean up your resources, please feel free to run the following command:
$ terraform destroy -auto-approve
This will destroy all of the resources that were spun up in the account.
Otherwise, happy hacking!