/iac-iast-owasp-demo

IaC for IAST of OWASP Juice Shop app.

Primary LanguageHCL

Terraform deployment for IAST OWASP demo

IAST demo using OpenTelemetry

Description

IaC for IAST of OWASP Juice Shop app.

Architecture

Architecture

Local deployment

Requirements

  • AWS CLI
  • Git
  • Terraform

Resources created on the AWS Management Console

  • tfstate S3 bucket with DynamoDB
  • Secrets in AWS Secrets Manager to store database user and password

Requirements before deploying locally

  • Add local machine IP address as a variable in your environement

Requirements before deploying through GitHub Actions

  • Add local machine IP address as a GitHub Secret in your repository

Steps for Unix systems

  1. Connect to your AWS account with short-term credentials from AWS IAM
    aws configure
AWS Access Key ID [None]: <YOUR_ACCESS_KEY>
AWS Secret Access Key [None]: <YOUR_SECRET_ACCESS_KEY>
Default region name [None]: <REGION>
Default output format [None]: <PREFERRED_FORMAT_SUCH_AS_JSON>

  1. Clone this repository in your local machine
    git clone <HTTPS/SSH>

  2. Go to the repository folder
    cd iac-iast-owasp-demo

  3. Go to infrastructure folder
    cd infrastructure

  4. Initialize terraform
    terraform init

  5. Run terraform plan
    terraform plan

  6. Deploy resources in AWS
    terraform apply

Requirements

No requirements.

Providers

Name Version
aws 5.11.0

Modules

No modules.

Resources

Name Type
aws_db_instance.rds resource
aws_db_subnet_group.db_sg resource
aws_eip.nat_eip resource
aws_iam_instance_profile.instance_profile resource
aws_iam_openid_connect_provider.default resource
aws_iam_role.github_actions resource
aws_iam_role.instance_role resource
aws_iam_role_policy_attachment.github_actions_atch resource
aws_iam_role_policy_attachment.ssm_policy resource
aws_instance.app_server resource
aws_internet_gateway.ig_external_vpc resource
aws_main_route_table_association.rtb_assoc resource
aws_nat_gateway.nat_external_vpc resource
aws_route_table.rtb resource
aws_security_group.sg resource
aws_ssm_activation.ssm_activation resource
aws_subnet.subnet resource
aws_vpc.vpc resource
aws_ami.ubuntu_image data source
aws_iam_policy_document.assume_role data source
aws_iam_policy_document.github_assume_role_policy data source
aws_region.current_region data source
aws_secretsmanager_secret.db_secret data source
aws_secretsmanager_secret_version.db_secrets data source

Inputs

Name Description Type Default Required
my_ip IP for ssh any n/a yes

Outputs

No outputs.

Five last commits

8333606 - Ignore push of some file when running the pipeline
8bc788b - Ignore push of some file when running the pipeline
280ff4c - Add TF_VAR_my_ip env var to pipeline
d4c00de - Add my_ip env var to pipeline
fc6e417 - Add terraform apply and correct plan in pipeline

README Activity Log

This README file was updated on Tue Aug 8 18:24:29 CEST 2023 by Leticia Valladares on this commit