-
Notifications
You must be signed in to change notification settings - Fork 354
AWS: MacOS Installation
P4T12ICK edited this page Feb 2, 2021
·
8 revisions
This will build a range automatically in MacOS. You will need also to sign up for an AWS account here as a prerequisite
- Install all the project dependencies with this 1 liner:
source <(curl -s 'https://raw.githubusercontent.com/splunk/attack_range/develop/scripts/macos_deploy_aws.sh')
- Run
aws configure
to configure your AWS credentials on the local machine. If you are not sure how to create AWS credentials for the attack_range follow these instructions. - Finally configure your attack_range by running
python attack_range.py configure
- Build Attack Range
python attack_range.py build
- Obtain a copy of the Attack Range on your local computer. For example, this can be done by copying or cloning Attack Range from GitHub:
git clone https://github.com/splunk/attack_range
- Go to the install directory of the Attack Range:
cd attack_range
- Install virtual environment and all default packages required for the Attack Range project:
pip install virtualenv && virtualenv -p python3 venv && source venv/bin/activate && pip install -r requirements.txt
- If you don't have one, sign up for an AWS account here
- Install Terraform: Brew-install via
brew install terraform
, or download from this link - Initialize Terraform:
cd terraform/aws && terraform init && cd ../..
- Install AWS CLI:
brew install awscli
, otherwise see the guide on installing AWS CLI - Enable use of Ubuntu images/virtual machines in your AWS account; go to this link and press "Continue to Subscribe" and then "Accept Terms".
- Also enable use of Kali Linux from the AWS Marketplace if needed, by going to this link and again pressing "Continue to Subscribe" and "Accept Terms".
- Prepare public-private SSH keys for access to AWS - at your local machine, use existing default keys (
id_rsa
andid_rsa.pub
stored atACCOUNT_HOME_FOLDER/.ssh
), or generate a new SSH key pair viassh-keygen
with no passphrase - Configure the public key and preferred region into AWS (see Configuring a public key into AWS and selecting a preferred AWS region)
- Create a user account for programmatic access to Attack Range instances in AWS (see Configuring a public key into AWS and selecting a preferred AWS region)
- Configure access to AWS by running
aws configure
at the install directory of the Attack Range; in this configuration, you'd need to provide Access key ID, Secret access key, and ** name of the preferred region** - the parameters obtained while configuring AWS account for programmatic access to AWS. - On your local machine, instantiate an Attack Range config file:
cp attack_range.conf.template attack_range.conf && vim attack_range.conf
. - Modify these parameters in the local config file:
-
attack_range_password
, any password you chose -
key_name
, the exact AWS name of the public key you imported earlier into AWS -
ip_whitelist
, to improve security, allow only AWS access from your public IP addresses, i.e., replace default permissions from 0.0.0.0/0 to your exact public IP addresses and masks. -
private_key_path
, the path on your local machine to the private key corresponding to the public key you imported into AWS -
region
, name of the preferred region you used/logged in when importing the public key to AWS
Finally, verify that access to AWS is configured successfully; make sure this command returns a populated JSON listing:
aws ec2 describe-instances
After configurations are complete, run Attack Range:
python attack_range.py build
Verify that the instance is present in AWS:
python attack_range.py show
Once done, shoot down Attack Range to save on AWS costs:
python attack_range.py destroy