Standardize terraform provider file and minimum Terraform version (#405)

* Standardize terraform provider file and min TF version

* Remove duplicate version block

* override the default variable value

* Keep higher AWS provider versions for ec2_ssrf and sqs_flag_shop

These scenarios require higher provider versions due to specific features:
- ec2_ssrf: >= 5.61.0
- sqs_flag_shop: >= 5.74.0

Tests were failing when downgraded to >= 5.0.0.

* Fix rce_web_app duplicate provider config

Remove provider.tf and update settings.tf instead, since rce_web_app
already uses settings.tf for provider configuration.

---------

Co-authored-by: Andrew Aiken <andrew.aiken@machinemetrics.com>
Co-authored-by: nobodynate <nate.wilson@rhinosecuritylabs.com>

Author: 3 people

.github/workflows/scenario-terraform-compatibility.yaml

@@ -92,7 +92,7 @@ jobs:
             if [[ -n "${VAR_MAP[$var]}" ]]; then
               echo "  \"$var\": ${VAR_MAP[$var]}," >> $TFVARS_FILE
             else
-              echo "  \"$var\": \"junk\"," >> $TFVARS_FILE
+              echo "  \"$var\": \"cloudgoat\"," >> $TFVARS_FILE
             fi
           done
 

cloudgoat/scenarios/aws/beanstalk_secrets/terraform/provider.tf

@@ -7,7 +7,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.74.0"
+      version = ">= 5.0.0"
     }
   }
 }

cloudgoat/scenarios/aws/cloud_breach_s3/terraform/provider.tf

@@ -1,4 +1,25 @@
+## This configures the minimum required Terraform and provider versions.
+## Configure the AWS profile and region specified in the variables as well as default tags.
+
+terraform {
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
+    }
+  }
+}
+
 provider "aws" {
   profile = var.profile
   region  = var.region
+
+  default_tags {
+    tags = {
+      Stack    = var.stack-name
+      Scenario = var.scenario-name
+    }
+  }
 }

cloudgoat/scenarios/aws/cloud_breach_s3/terraform/versions.tf

@@ -1,4 +1,25 @@
+## This configures the minimum required Terraform and provider versions.
+## Configure the AWS profile and region specified in the variables as well as default tags.
+
+terraform {
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
+    }
+  }
+}
+
 provider "aws" {
-  profile = "${var.profile}"
-  region = "${var.region}"
-}
+  profile = var.profile
+  region  = var.region
+
+  default_tags {
+    tags = {
+      Stack    = var.stack-name
+      Scenario = var.scenario-name
+    }
+  }
+}

cloudgoat/scenarios/aws/codebuild_secrets/terraform/provider.tf

@@ -1,3 +1,17 @@
+## This configures the minimum required Terraform and provider versions.
+## Configure the AWS profile and region specified in the variables as well as default tags.
+
+terraform {
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
+    }
+  }
+}
+
 provider "aws" {
   profile = var.profile
   region  = var.region
@@ -9,4 +23,4 @@ provider "aws" {
       Scenario = var.scenario-name
     }
   }
-}
+}

cloudgoat/scenarios/aws/detection_evasion/terraform/provider.tf

@@ -1,4 +1,25 @@
+## This configures the minimum required Terraform and provider versions.
+## Configure the AWS profile and region specified in the variables as well as default tags.
+
+terraform {
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
+    }
+  }
+}
+
 provider "aws" {
   profile = var.profile
   region  = var.region
+
+  default_tags {
+    tags = {
+      Stack    = var.stack-name
+      Scenario = var.scenario-name
+    }
+  }
 }

cloudgoat/scenarios/aws/ecs_efs_attack/terraform/provider.tf

@@ -1,3 +1,17 @@
+## This configures the minimum required Terraform and provider versions.
+## Configure the AWS profile and region specified in the variables as well as default tags.
+
+terraform {
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
+    }
+  }
+}
+
 provider "aws" {
   profile = var.profile
   region  = var.region
@@ -9,4 +23,4 @@ provider "aws" {
       Scenario = var.scenario-name
     }
   }
-}
+}

cloudgoat/scenarios/aws/ecs_takeover/terraform/provider.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.2.0"
+  required_version = ">= 1.5"
 
   required_providers {
     aws = {

cloudgoat/scenarios/aws/iam_privesc_by_attachment/terraform/provider.tf

@@ -1,10 +1,13 @@
+## This configures the minimum required Terraform and provider versions.
+## Configure the AWS profile and region specified in the variables as well as default tags.
+
 terraform {
   required_version = ">= 1.5"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 5.61.0"
+      version = ">= 5.0.0"
     }
   }
 }