From 2ab3e1c93093173750e274166805e7bda3b3729f Mon Sep 17 00:00:00 2001 From: John De Armas Date: Thu, 27 Jun 2024 19:42:25 -0700 Subject: [PATCH] Add IP address whitelist to glue_privesc scenario (#266) --- scenarios/glue_privesc/terraform/sg.tf | 8 ++++---- scenarios/glue_privesc/terraform/variables.tf | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/scenarios/glue_privesc/terraform/sg.tf b/scenarios/glue_privesc/terraform/sg.tf index bd1a270e..7d299cdf 100644 --- a/scenarios/glue_privesc/terraform/sg.tf +++ b/scenarios/glue_privesc/terraform/sg.tf @@ -6,7 +6,7 @@ resource "aws_security_group" "cg-rds-glue-security-group" { from_port = 0 to_port = 0 protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = var.cg_whitelist } egress { from_port = 0 @@ -29,13 +29,13 @@ resource "aws_security_group" "cg-ec2-security-group" { from_port = 22 to_port = 22 protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = var.cg_whitelist } ingress { from_port = 5000 to_port = 5000 protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = var.cg_whitelist } egress { from_port = 0 @@ -84,4 +84,4 @@ resource "aws_security_group" "cg-rds-security-group" { Stack = var.stack-name Scenario = var.scenario-name } -} \ No newline at end of file +} diff --git a/scenarios/glue_privesc/terraform/variables.tf b/scenarios/glue_privesc/terraform/variables.tf index 57ac3def..0bbbfbaf 100644 --- a/scenarios/glue_privesc/terraform/variables.tf +++ b/scenarios/glue_privesc/terraform/variables.tf @@ -16,7 +16,6 @@ variable "cgid" { variable "cg_whitelist" { description = "User's public IP address(es)" - default = ["0.0.0.0/0"] type = list(string) } @@ -60,4 +59,4 @@ variable "rds_password" { description = "rds_db_passwrod" default = "bob12cgv" type = string -} \ No newline at end of file +}