Add IP address whitelist to glue_privesc scenario (#266)

RhinoSecurityLabs · Jun 28, 2024 · 2ab3e1c · 2ab3e1c
1 parent 62ba73e
commit 2ab3e1c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/scenarios/glue_privesc/terraform/sg.tf b/scenarios/glue_privesc/terraform/sg.tf
@@ -6,7 +6,7 @@ resource "aws_security_group" "cg-rds-glue-security-group" {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = var.cg_whitelist
   }
   egress {
     from_port   = 0
@@ -29,13 +29,13 @@ resource "aws_security_group" "cg-ec2-security-group" {
     from_port   = 22
     to_port     = 22
     protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = var.cg_whitelist
   }
   ingress {
     from_port   = 5000
     to_port     = 5000
     protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = var.cg_whitelist
   }
   egress {
     from_port   = 0
@@ -84,4 +84,4 @@ resource "aws_security_group" "cg-rds-security-group" {
     Stack    = var.stack-name
     Scenario = var.scenario-name
   }
-}
+}
diff --git a/scenarios/glue_privesc/terraform/variables.tf b/scenarios/glue_privesc/terraform/variables.tf
@@ -16,7 +16,6 @@ variable "cgid" {
 
 variable "cg_whitelist" {
   description = "User's public IP address(es)"
-  default     = ["0.0.0.0/0"]
   type        = list(string)
 }
 
@@ -60,4 +59,4 @@ variable "rds_password" {
   description = "rds_db_passwrod"
   default     = "bob12cgv"
   type        = string
-}
+}