Merge pull request #72 from teamssix/main

feat: add tencent cloud cvm security group open all port scenario

Author: teamssix

README.md

@@ -0,0 +1,77 @@
+# Tencent Cloud CVM security group open all port
+
+English | [中文](./README_CN.md)
+
+## Description
+
+This is a scenario used to build the Tencent Cloud CVM security group open all port.
+
+## Deployment Environment
+
+Execute the following command in the container
+
+```shell
+cd /TerraformGoat/tencentcloud/cvm/cvm_security_group_open_all_port
+```
+
+Edit the `terraform.tfvars` file and write your `tencentcloud_secret_id` and `tencentcloud_secret_key` in the file
+
+```shell
+vim terraform.tfvars
+```
+
+> You can create and view your SecretKey on the [API Key Management](https://console.cloud.tencent.com/cam/capi) of the Tencent Cloud console
+
+Deploy Vulnerable Environment
+
+```shell
+terraform init
+terraform apply
+```
+
+> When the terminal prompts `Enter a value:`, enter `yes`
+
+After the environment is set up, you can see the instance and security group IDs at Outputs
+
+## Steps
+
+Use the Tencent Cloud command line tool to view the rules of the security group.
+
+```bash
+> tccli vpc DescribeSecurityGroupPolicies --SecurityGroupId sg-bitg1oeb
+
+{
+    "SecurityGroupPolicySet": {
+        "Version": "1",
+        "Egress": [],
+        "Ingress": [
+            {
+                "PolicyIndex": 0,
+                "Protocol": "tcp",
+                "Port": "1-65535",
+                "ServiceTemplate": {
+                    "ServiceId": "",
+                    "ServiceGroupId": ""
+                },
+                "CidrBlock": "0.0.0.0/0",
+                "Ipv6CidrBlock": "",
+                "SecurityGroupId": "",
+                "AddressTemplate": {
+                    "AddressId": "",
+                    "AddressGroupId": ""
+                },
+                "Action": "ACCEPT",
+                "PolicyDescription": "",
+                "ModifyTime": "2022-06-09 17:18:02"
+            }
+        ]
+    },
+    "RequestId": "41986b77-47e5-46be-980e-1b93c874d5ff"
+}
+```
+
+## Destroy the environment
+
+```shell
+terraform destroy
+```

README_CN.md

@@ -0,0 +1,79 @@
+# 腾讯云 CVM 安全组允许所有端口访问
+
+[English](./README.md) | 中文
+
+## 描述信息
+
+这是一个用于构建腾讯云 CVM 安全组允许所有端口访问的场景。
+
+## 环境搭建
+
+在容器中执行以下命令
+
+```shell
+cd /TerraformGoat/tencentcloud/cvm/cvm_security_group_open_all_port
+```
+
+编辑 `terraform.tfvars` 文件，在文件中填入你的 `tencentcloud_secret_id` 和 `tencentcloud_secret_key`
+
+```shell
+vim terraform.tfvars
+```
+
+> 在腾讯云控制台的 [API 密钥管理](https://console.cloud.tencent.com/cam/capi) 可以创建和查看您的 SecretKey
+
+部署靶场
+
+```shell
+terraform init
+terraform apply
+```
+
+> 在终端提示 `Enter a value:` 时，输入 `yes` 即可
+
+环境搭建完后，在 Outputs 处可以看到实例和安全组的 ID
+
+## 步骤
+
+使用腾讯云命令行工具查看安全组的规则。
+
+```bash
+> tccli vpc DescribeSecurityGroupPolicies --SecurityGroupId sg-bitg1oeb
+
+{
+    "SecurityGroupPolicySet": {
+        "Version": "1",
+        "Egress": [],
+        "Ingress": [
+            {
+                "PolicyIndex": 0,
+                "Protocol": "tcp",
+                "Port": "1-65535",
+                "ServiceTemplate": {
+                    "ServiceId": "",
+                    "ServiceGroupId": ""
+                },
+                "CidrBlock": "0.0.0.0/0",
+                "Ipv6CidrBlock": "",
+                "SecurityGroupId": "",
+                "AddressTemplate": {
+                    "AddressId": "",
+                    "AddressGroupId": ""
+                },
+                "Action": "ACCEPT",
+                "PolicyDescription": "",
+                "ModifyTime": "2022-06-09 17:18:02"
+            }
+        ]
+    },
+    "RequestId": "41986b77-47e5-46be-980e-1b93c874d5ff"
+}
+```
+
+通过返回的内容可以看到当前安全组允许所有端口访问。
+
+## 销毁环境
+
+```shell
+terraform destroy
+```

tencentcloud/cvm/cvm_security_group_open_all_port/README.md

@@ -0,0 +1,30 @@
+resource "tencentcloud_instance" "instance" {
+  instance_name     = "huocorp_terraform_goat_instance"
+  availability_zone = "ap-guangzhou-7"
+  image_id          = "img-pi0ii46r"
+  security_groups   = [tencentcloud_security_group.default.id]
+  instance_type     = data.tencentcloud_instance_types.instance_types.instance_types.0.instance_type
+}
+
+resource "tencentcloud_security_group" "default" {
+  name        = "huocorp_terraform_goat_security_group"
+  description = "make it accessible for both production and stage ports"
+  project_id  = 0
+}
+
+resource "tencentcloud_security_group_rule" "ingress" {
+  security_group_id = tencentcloud_security_group.default.id
+  type              = "ingress"
+  cidr_ip           = "0.0.0.0/0"
+  ip_protocol       = "tcp"
+  port_range        = "1-65535"
+  policy            = "accept"
+  depends_on = [
+    tencentcloud_security_group.default
+  ]
+}
+
+data "tencentcloud_instance_types" "instance_types" {
+  cpu_core_count = 1
+  memory_size    = 1
+}

tencentcloud/cvm/cvm_security_group_open_all_port/README_CN.md

@@ -0,0 +1,7 @@
+output "tencentcloud_instance_id" {
+  value = tencentcloud_instance.instance.id
+}
+
+output "tencentcloud_security_group_id" {
+  value = tencentcloud_security_group.default.id
+}

tencentcloud/cvm/cvm_security_group_open_all_port/main.tf

@@ -0,0 +1,2 @@
+tencentcloud_secret_id  = "xxx"
+tencentcloud_secret_key = "xxx"

tencentcloud/cvm/cvm_security_group_open_all_port/outputs.tf

@@ -0,0 +1,13 @@
+variable "tencentcloud_secret_id" {
+  type        = string
+  description = "Set TencentCloud secret id."
+  sensitive   = true
+  nullable    = false
+}
+
+variable "tencentcloud_secret_key" {
+  type        = string
+  description = "Set TencentCloud secret key."
+  sensitive   = true
+  nullable    = false
+}

tencentcloud/cvm/cvm_security_group_open_all_port/terraform.tfvars

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    tencentcloud = {
+      source  = "tencentcloudstack/tencentcloud"
+      version = "1.70.2"
+    }
+  }
+}
+
+provider "tencentcloud" {
+  secret_id  = var.tencentcloud_secret_id
+  secret_key = var.tencentcloud_secret_key
+  region     = "ap-guangzhou"
+}