Skip to content

Commit 286c70a

Browse files
author
netevert
committed
miscellaneous fixes
1 parent b51800f commit 286c70a

File tree

3 files changed

+47
-50
lines changed

3 files changed

+47
-50
lines changed

lab/main.tf

Lines changed: 34 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -9,19 +9,19 @@ provider "azurerm" {
99

1010
# Create lab virtual network
1111
resource "azurerm_virtual_network" "vnet" {
12-
name = "${var.prefix}-vnet"
12+
name = "${var.resource_group_name}-vnet"
1313
address_space = ["10.0.0.0/16"]
1414
location = var.location
15-
resource_group_name = var.prefix
15+
resource_group_name = var.resource_group_name
1616
dns_servers = ["10.0.1.4", "8.8.8.8"]
1717
tags = var.tags
1818
}
1919

2020
# Create network security group and rules
2121
resource "azurerm_network_security_group" "nsg" {
22-
name = "${var.prefix}-nsg"
22+
name = "${var.resource_group_name}-nsg"
2323
location = var.location
24-
resource_group_name = var.prefix
24+
resource_group_name = var.resource_group_name
2525
tags = var.tags
2626
depends_on = [azurerm_virtual_network.vnet]
2727

@@ -100,32 +100,32 @@ resource "azurerm_network_security_group" "nsg" {
100100

101101
# Create lab subnet
102102
resource "azurerm_subnet" "subnet" {
103-
name = "${var.prefix}-subnet"
104-
resource_group_name = var.prefix
103+
name = "${var.resource_group_name}-subnet"
104+
resource_group_name = var.resource_group_name
105105
virtual_network_name = azurerm_virtual_network.vnet.name
106106
address_prefixes = ["10.0.1.0/24"]
107107
depends_on = [azurerm_network_security_group.nsg]
108108
}
109109

110110
# Create public ip for domain controller 1
111111
resource "azurerm_public_ip" "dc1_publicip" {
112-
name = "${var.workstations.dc1}-publicip"
112+
name = "${var.resource_group_name}-dc-publicip"
113113
location = var.location
114-
resource_group_name = var.prefix
114+
resource_group_name = var.resource_group_name
115115
allocation_method = "Dynamic"
116116
tags = var.tags
117117
depends_on = [azurerm_subnet.subnet]
118118
}
119119

120120
# Create network interface for domain controller 1
121121
resource "azurerm_network_interface" "dc1_nic" {
122-
name = "${var.workstations.dc1}-nic"
122+
name = "${var.resource_group_name}-dc-nic"
123123
location = var.location
124-
resource_group_name = var.prefix
124+
resource_group_name = var.resource_group_name
125125
tags = var.tags
126126

127127
ip_configuration {
128-
name = "${var.workstations.dc1}-nic-conf"
128+
name = "${var.resource_group_name}-dc-nic-conf"
129129
subnet_id = azurerm_subnet.subnet.id
130130
private_ip_address_allocation = "Static"
131131
private_ip_address = "10.0.1.4"
@@ -136,11 +136,11 @@ resource "azurerm_network_interface" "dc1_nic" {
136136

137137
# Deploy domain controller 1
138138
resource "azurerm_virtual_machine" "dc1" {
139-
name = var.workstations.dc1
139+
name = "${var.resource_group_name}-dc"
140140
location = var.location
141-
resource_group_name = var.prefix
141+
resource_group_name = var.resource_group_name
142142
network_interface_ids = [azurerm_network_interface.dc1_nic.id]
143-
vm_size = var.workstations.vm_size
143+
vm_size = var.vm_config.vm_size
144144
tags = var.tags
145145

146146
# This means the OS Disk will be deleted when Terraform destroys the Virtual Machine
@@ -155,14 +155,14 @@ resource "azurerm_virtual_machine" "dc1" {
155155
}
156156

157157
storage_os_disk {
158-
name = "${var.workstations.dc1}-disk1"
158+
name = "${var.resource_group_name}-dc-disk1"
159159
caching = "ReadWrite"
160160
create_option = "FromImage"
161161
managed_disk_type = "Standard_LRS"
162162
}
163163

164164
os_profile {
165-
computer_name = var.workstations.dc1
165+
computer_name = "${var.resource_group_name}-dc"
166166
admin_username = var.accounts.dc1_admin_user
167167
admin_password = var.accounts.dc1_admin_password
168168
}
@@ -191,31 +191,31 @@ resource "azurerm_virtual_machine_extension" "create_ad" {
191191
tags = var.tags
192192
protected_settings = <<PROT
193193
{
194-
"fileUris": ["https://raw.githubusercontent.com/BlueTeamLabs/sentinel-attack/dev/v.1.4.3/lab/files/create-ad.ps1"],
195-
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File create-ad.ps1 ${var.accounts.dc1_admin_password} ${var.prefix}.com ${var.prefix}"
194+
"fileUris": ["https://github.com/BlueTeamLabs/sentinel-attack/blob/master/lab/files/create-ad.ps1"],
195+
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File create-ad.ps1 ${var.accounts.dc1_admin_password} ${var.resource_group_name}.com ${var.resource_group_name}"
196196
}
197197
PROT
198198
depends_on = [azurerm_virtual_machine.dc1]
199199
}
200200

201201
# Create public IP for workstation 1
202202
resource "azurerm_public_ip" "pc1_publicip" {
203-
name = "${var.workstations.pc1}-publicip"
203+
name = "${var.resource_group_name}-pc-publicip"
204204
location = var.location
205-
resource_group_name = var.prefix
205+
resource_group_name = var.resource_group_name
206206
allocation_method = "Dynamic"
207207
tags = var.tags
208208
depends_on = [azurerm_virtual_machine_extension.create_ad]
209209
}
210210

211211
# Create network interface for workstation 1
212212
resource "azurerm_network_interface" "pc1_nic" {
213-
name = "${var.workstations.pc1}-nic"
213+
name = "${var.resource_group_name}-pc-nic"
214214
location = var.location
215-
resource_group_name = var.prefix
215+
resource_group_name = var.resource_group_name
216216
tags = var.tags
217217
ip_configuration {
218-
name = "${var.workstations.pc1}-nic-conf"
218+
name = "${var.resource_group_name}-pc-nic-conf"
219219
subnet_id = azurerm_subnet.subnet.id
220220
private_ip_address_allocation = "dynamic"
221221
public_ip_address_id = azurerm_public_ip.pc1_publicip.id
@@ -225,33 +225,33 @@ resource "azurerm_network_interface" "pc1_nic" {
225225

226226
# Create workstation 1
227227
resource "azurerm_virtual_machine" "pc1" {
228-
name = var.workstations.pc1
228+
name = "${var.resource_group_name}-pc"
229229
location = var.location
230-
resource_group_name = var.prefix
230+
resource_group_name = var.resource_group_name
231231
network_interface_ids = [azurerm_network_interface.pc1_nic.id]
232-
vm_size = var.workstations.vm_size
232+
vm_size = var.vm_config.vm_size
233233
tags = var.tags
234234

235235
# This means the OS Disk will be deleted when Terraform destroys the Virtual Machine
236236
# This may not be optimal in all cases.
237237
delete_os_disk_on_termination = true
238238

239239
storage_image_reference {
240-
publisher = var.workstations.os_manufacturer
241-
offer = var.workstations.os_type
242-
sku = var.workstations.os_sku
243-
version = var.workstations.os_version
240+
publisher = var.vm_config.os_manufacturer
241+
offer = var.vm_config.os_type
242+
sku = var.vm_config.os_sku
243+
version = var.vm_config.os_version
244244
}
245245

246246
storage_os_disk {
247-
name = "${var.workstations.pc1}-disk1"
247+
name = "${var.resource_group_name}-pc-disk1"
248248
caching = "ReadWrite"
249249
create_option = "FromImage"
250250
managed_disk_type = "Standard_LRS"
251251
}
252252

253253
os_profile {
254-
computer_name = var.workstations.pc1
254+
computer_name = "${var.resource_group_name}-pc"
255255
admin_username = var.accounts.pc1_admin_user
256256
admin_password = var.accounts.pc1_admin_password
257257
}
@@ -280,8 +280,8 @@ resource "azurerm_virtual_machine_extension" "utils_pc1" {
280280
tags = var.tags
281281
protected_settings = <<PROT
282282
{
283-
"fileUris": ["https://raw.githubusercontent.com/BlueTeamLabs/sentinel-attack/dev/v.1.4.3/lab/files/install-utilities.ps1"],
284-
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File install-utilities.ps1 ${var.prefix}.com ${var.accounts.dc1_admin_password} ${var.prefix}.com\\${var.accounts.dc1_admin_user}"
283+
"fileUris": ["https://github.com/BlueTeamLabs/sentinel-attack/blob/master/lab/files/install-utilities.ps1"],
284+
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File install-utilities.ps1 ${var.resource_group_name}.com ${var.accounts.dc1_admin_password} ${var.resource_group_name}.com\\${var.accounts.dc1_admin_user}"
285285
}
286286
PROT
287287
depends_on = [azurerm_virtual_machine.pc1]

lab/variables.tf

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -25,29 +25,30 @@ variable "accounts" {
2525
type = map(string)
2626

2727
default = {
28-
# workstation accounts
28+
# workstation account
2929
pc1_admin_user = ""
3030
pc1_admin_password = ""
31+
32+
# domain controller account
33+
dc1_admin_user = ""
34+
dc1_admin_password = ""
3135
}
3236
}
3337

34-
variable "workstations" {
38+
variable "vm_config" {
3539
type = map(string)
3640

3741
default = {
38-
# Image configurations
42+
# vm image configuration
3943
os_manufacturer = "MicrosoftWindowsDesktop"
4044
os_type = "Windows-10"
4145
os_sku = "rs5-pro"
4246
os_version = "latest"
4347
vm_size = "Standard_B2ms"
44-
45-
# Naming configurations
46-
pc1 = "test-vm"
4748
}
4849
}
4950

50-
variable "prefix" {
51+
variable "resource_group_name" {
5152
type = string
5253
default = "testlab"
5354
}

lab/variables.tfvars.txt

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,31 +6,27 @@ authentication = {
66
}
77

88
location = "" # eg. westus
9-
prefix = "" # eg. azure-sentinel-lab; NOTE: ensure this is identical to the resource group within which Sentinel-ATT&CK has been deployed
9+
resource_group_name = "" # eg. azure-sentinel-lab; NOTE: ensure this is identical to the resource group within which Sentinel-ATT&CK has been deployed
1010

1111
tags = {
1212
environment = "" # eg. dev, testing, staging
1313
}
1414

1515
accounts = {
16-
# workstation accounts
16+
# workstation account
1717
pc1_admin_user = ""
1818
pc1_admin_password = ""
1919

20-
# DC account
20+
# domain controller account
2121
dc1_admin_user = ""
2222
dc1_admin_password = ""
2323
}
2424

25-
workstations = {
26-
# Image configurations
25+
vm_config = {
26+
# vm image configuration
2727
os_manufacturer = "" # eg. MicrosoftWindowsDesktop
2828
os_type = "" # eg. Windows-10
2929
os_sku = "" # eg. rs5-pro
3030
os_version = "" # eg. latest
3131
vm_size = "" # eg. Standard_B1ms
32-
33-
# Naming configurations
34-
pc1 = "" # eg. pc-test
35-
dc1 = ""
3632
}

0 commit comments

Comments
 (0)