Terraform implementation of a vulnerable infrastructure in AWS.

Uses community modules from the terraform-aws-modules project.

Create a keypair in the AWS Console (EC2 > Network & Security > Key Pairs).

Create the file terraform.tfvars, and add your keypair name:

key_name = "<YOUR KEYPAIR NAME>"

Other variables found in variables.tf can be customized in terraform.tfvars as well.

Run standard Terraform setup:

terraform init
terraform plan
terraform apply -auto-approve

Terraform will build the following:

• VPC
• Security Groups (accessible from 0.0.0.0/0)
• MongoDB instance (with over-permissive IAM roles)
• S3 Bucket (globally accessible)
• EKS cluster running Jenkins Helm chart

This can take 20-30 minutes. Once done, you can log in to the MongoDB instance as ubuntu using the SSH key you created:

ssh -i <your ssh key file> ubuntu@<your mongodb instance>

For the Kubernetes cluster and the Jenkins deployment, first pull the kubeconfig from the created cluster:

export KUBECONFIG=~/.kube/config-sample-aws
aws eks update-kubeconfig --name sample-aws-eks-cluster --region us-east-1

Verify connectivity using kubectl get nodes:

NAME                          STATUS   ROLES    AGE    VERSION
ip-10-0-10-131.ec2.internal   Ready    <none>   139m   v1.21.14-eks-ba74326
ip-10-0-11-77.ec2.internal    Ready    <none>   139m   v1.21.14-eks-ba74326

Get the admin password of Jenkins with:

kubectl exec --namespace default -it svc/jenkins -c jenkins -- /bin/cat /run/secrets/additional/chart-admin-password && echo

Get the IP address of the created load balancer with kubectl get svc --namespace default jenkins

NAME      TYPE           CLUSTER-IP     EXTERNAL-IP                                                                     PORT(S)          AGE
jenkins   LoadBalancer   172.20.22.93   ad10bd28b6d0a47e5ba86fa2ec26e588-5b6d630a56b225a3.elb.us-east-1.amazonaws.com   8080:31997/TCP   3m7s

The Jenkins UI will be at http://:8080. You can login with admin and the password you retrieved above.