From e356252a4b4c331c83a571eeae476640905b078b Mon Sep 17 00:00:00 2001
From: Andrew Aiken <andrew.aiken@machinemetrics.com>
Date: Sun, 4 Aug 2024 16:03:32 -0400
Subject: [PATCH] Update SSRF scenario, webserver and terraform code

---
 .gitignore                                    |   1 +
 scenarios/ec2_ssrf/assets/ssrf_app/README.md  |  24 +-
 scenarios/ec2_ssrf/assets/ssrf_app/app.js     |  58 ++++
 scenarios/ec2_ssrf/assets/ssrf_app/app.zip    | Bin 2582 -> 0 bytes
 scenarios/ec2_ssrf/assets/ssrf_app/install.sh |  14 -
 .../ec2_ssrf/assets/ssrf_app/package.json     |  23 ++
 .../ec2_ssrf/assets/ssrf_app/ssrf-demo-app.js |  69 -----
 scenarios/ec2_ssrf/terraform/data.tf          |  31 +++
 scenarios/ec2_ssrf/terraform/data_sources.tf  |   4 -
 scenarios/ec2_ssrf/terraform/ec2.tf           | 250 ++++++++----------
 scenarios/ec2_ssrf/terraform/iam.tf           | 173 ++++++------
 scenarios/ec2_ssrf/terraform/lambda.tf        |  73 +++--
 scenarios/ec2_ssrf/terraform/null_resource.tf |  11 -
 scenarios/ec2_ssrf/terraform/outputs.tf       |  11 +-
 scenarios/ec2_ssrf/terraform/provider.tf      |  28 +-
 scenarios/ec2_ssrf/terraform/s3.tf            |  36 +--
 scenarios/ec2_ssrf/terraform/variables.tf     |  46 ++--
 scenarios/ec2_ssrf/terraform/vpc.tf           |  62 ++---
 18 files changed, 448 insertions(+), 466 deletions(-)
 create mode 100644 scenarios/ec2_ssrf/assets/ssrf_app/app.js
 delete mode 100644 scenarios/ec2_ssrf/assets/ssrf_app/app.zip
 delete mode 100755 scenarios/ec2_ssrf/assets/ssrf_app/install.sh
 create mode 100644 scenarios/ec2_ssrf/assets/ssrf_app/package.json
 delete mode 100644 scenarios/ec2_ssrf/assets/ssrf_app/ssrf-demo-app.js
 create mode 100644 scenarios/ec2_ssrf/terraform/data.tf
 delete mode 100644 scenarios/ec2_ssrf/terraform/data_sources.tf
 delete mode 100644 scenarios/ec2_ssrf/terraform/null_resource.tf

diff --git a/.gitignore b/.gitignore
index bb634c07..1daea1a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ __pycache__
 cloudgoat
 cloudgoat.pub
 output.txt
+.DS_Store
 
 # Configuration files:
 config.yml
diff --git a/scenarios/ec2_ssrf/assets/ssrf_app/README.md b/scenarios/ec2_ssrf/assets/ssrf_app/README.md
index b3c24771..5bdf0204 100644
--- a/scenarios/ec2_ssrf/assets/ssrf_app/README.md
+++ b/scenarios/ec2_ssrf/assets/ssrf_app/README.md
@@ -5,12 +5,7 @@ This app was adopted from https://github.com/sethsec/Nodejs-SSRF-App.git with lo
 # Nodejs-SSRF-App
 Nodejs application intentionally vulnerable to SSRF
 
-#Operating Systems
-Ubuntu 14.04 TLS
-
-Kali 2.0
-
-#Download and Setup
+## Download and Setup
 
 ```ShellSession
 seth@ubuntu:/opt# sudo git clone https://github.com/sethsec/Nodejs-SSRF-App.git
@@ -32,3 +27,20 @@ seth@ubuntu:/opt/Nodejs-SSRF-App# sudo nodejs ssrf-demo-app.js
 ##################################################
 
 ```
+
+## Build and run in a Docker container
+
+```ShellSession
+❯ git clone git@github.com:sethsec/Nodejs-SSRF-App.git
+❯ cd Nodejs-SSRF-App/
+❯ docker build -t "nodejs-ssrf-app" .
+❯ docker run -it -p 8000:8000 nodejs-ssrf-app:latest
+
+##################################################
+#
+#  Server listening for connections on port:8000
+#  Connect to server using the following url:
+#  -- http://[server]:8000/?url=[SSRF URL]
+#
+##################################################
+```
diff --git a/scenarios/ec2_ssrf/assets/ssrf_app/app.js b/scenarios/ec2_ssrf/assets/ssrf_app/app.js
new file mode 100644
index 00000000..56c73310
--- /dev/null
+++ b/scenarios/ec2_ssrf/assets/ssrf_app/app.js
@@ -0,0 +1,58 @@
+//////////////////////////////////////////
+// SSRF Demo App
+// Node.js Application Vulnerable to SSRF
+// Written by Seth Art <sethsec@gmail.com>
+// MIT Licensed
+//////////////////////////////////////////
+
+var needle = require('needle');
+var express = require('express');
+
+// Currently this app is also vulnerable to reflective XSS as well. Kind of an easter egg :)
+
+var app = express();
+var port = 80
+
+app.get('/', function (request, response) {
+  var url = request.query['url'];
+  if (request.query['mime'] == 'plain') {
+    var mime = 'plain';
+  } else {
+    var mime = 'html';
+  };
+
+  console.log('New request: ' + request.url);
+
+  // If the URL is not set, then we will just return the default page.
+  if (url == undefined) {
+    response.writeHead(200, { 'Content-Type': 'text/' + mime });
+    response.write('<h1>Welcome to sethsec\'s SSRF demo.</h1>\n\n');
+    response.write('<h2>I am an application. I want to be useful, so give me a URL to requested for you\n</h2><br><br>\n\n\n');
+    response.end();
+  } else { // If the URL is set, then we will try to request it.
+    needle.get(url, { timeout: 3000 }, function (error, response1) {
+      // If the request is successful, then we will return the response to the user.
+      if (!error && response1.statusCode == 200) {
+        response.writeHead(200, { 'Content-Type': 'text/' + mime });
+        response.write('<h1>Welcome to sethsec\'s SSRF demo.</h1>\n\n');
+        response.write('<h2>I am an application. I want to be useful, so I requested: <font color="red">' + url + '</font> for you\n</h2><br><br>\n\n\n');
+        console.log(response1.body);
+        response.write(response1.body);
+        response.end();
+      } else { // If the request is not successful, then we will return an error to the user.
+        response.writeHead(404, { 'Content-Type': 'text/' + mime });
+        response.write('<h1>Welcome to sethsec\'s SSRF demo.</h1>\n\n');
+        response.write('<h2>I wanted to be useful, but I could not find: <font color="red">' + url + '</font> for you\n</h2><br><br>\n\n\n');
+        response.end();
+        console.log(error)
+      }
+    });
+  }
+})
+
+app.listen(port);
+
+console.log('\n##################################################')
+console.log('#\n#  Server listening for connections on port:' + port);
+console.log('#  Connect to server using the following url: \n#  -- http://[server]:' + port + '/?url=[SSRF URL]')
+console.log('#\n##################################################')
diff --git a/scenarios/ec2_ssrf/assets/ssrf_app/app.zip b/scenarios/ec2_ssrf/assets/ssrf_app/app.zip
deleted file mode 100644
index 5bb5da1005adf3aa3837ecadccc746144e60a73d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2582
zcmZ{mdpy(MAICqrZQ6`(m`hWcOEM~LN#t4>Yvz*Z;!ezcE@5eCs8I^Jr;t%DjZ`e6
zFB66oYN8dsDVn>a@Ll!m_p5%t-#LH09_Re=Jdg7}@AvDx@mN8jjQ{|Efv|*r+|%ih
z=m!4Ec?|%p<?AWGV3ISDhzj;fO0M&3(w8ua#ID4*-@H&wSwAXH5Gpd2Dw1Yy82D>Q
z{v#B;k~iuuvzC(?oXl${*7Js=EIGZl#{-`s?_cXb8D+djhN@R%U-T$nx^iiW6k_61
z@BY|M06u(X3N$ALxuYU$k~$qY3)QE8E>6E|4AFj)n|b!r<)hdbZ75AC$u*OEp(8Ko
zRzENHYhoHD$&)wpaOWaU#TaeR!guO)PWmkw-rF*me(Uc8h;WNM<015tqKJk)DjkAh
z>j>a~yQZ3?J~B=K0L+B|0K~thg_)5F&f3JCfW0uFDN!%`6+z7jZ6qSPvHs?_iN^Bn
zt!+28_tmVwwb$;_2zB|Byy`_iRp}09J&Wd6;lx(lSZiBgJr&m&oK^UwDd%;W-ooZQ
zj_2ai=XMM|ZIWV-XiH-#f6PH|^8!6&c(1|^4bV=6z~yceoM7DxNxG#_CdDHvzKQ_@
zbqrx5o)52+@k&v$tnB@iFx=62Qs!1=U2Kc?vkxL`uJ8UxA{6*XDeNCJ&<>wbA=|xH
z^5{w_vSwdWiipEA`?)vB{z~F@+WsN3`n$Sabu8pd!&5=zo|L!yHV@Wm8N7H>vcsIs
zb=yY<M{ml_Endz)e$Aj*aN*2M1}THd+YQ0#!67&?73dZ%bMesC4|VA4OO*(l0LLqk
zOsqd{HR36KO!MVBGh4Y2&~o*l6+#)yV&XuCv!)a&p25O_ta*`pkL?Yw!Zd7><VkH#
zI`qJxc^>+X6*!6P$2<liLk47a4JT(`Oef;G`}Kf9XaE|GU-6trn%i5^KNI{C^B;NB
zg`!=x+0F;OX`XOm=CSD{p$Un?R2?o>VH9?za#z>cmD@sPKHROAFKV|-H!G@1H7j|J
zs&xcbjw}|!>)nmh<StDoH+#u<_u1^QlfJC2mhsB{6vK@HrDIWN^-bd3E?61}*~nT=
zXWcj}7l^e(3HNmGQ6Gi$xWL9_Mer4-Rzl@kTV%BqVvOylyp>;!n>U@8(rzBfxq;rL
z;l({)FDdLi4h>=`RcPS?;|wBSglzy1Y!Z9$$aKolv;|9wSuENp?crt9%9=>;)e_ul
zFCWU-7?rd+u-G{cl&Wdp1K#jS4AB*%zH{jL90jb66prcL8x?YTGWp1|;O~hFGqAaM
zoL`Fz{A3m7Cn~|jz}V6R<?EJ9u=IJX34I8fK?vz8^IBj?&6+!R+S^1zBDbHbO&qv?
zzvj+F`pTClow&gkJwsT{+)&kA;W{P<$Gh`3YT=mf-XoGmKwPlH-K{D<`k4xr`$WsS
z0%#ml4YY${<)s97E6D=Pp~n0U*djc3zthnj=%;buBbfO`k-x3;0yGTO?w7MNXWb4T
zbbLzDln;R4z`mJ}U`LkhxtcKNbu=HkOzv<It3uHLS5N0+fohJ7C>acsZBglASq^dp
zv2v;Ebz>Dutw&;f!`=&hf!1yOLND-Wb5ij4p0Hllyr&<AP?%efUn-arI|r(Ue>IsK
zD7^x56fO0>cwqE;kS6?a>%Eix^GSrzl`cf!7>N5ozWclfv8Vc8pOH^eiZ4e(h$H1m
z_EH+AMavOR*#_hvRCHia=?(+dwI&tW(2COi7FnY~XDdt-2CY^?GdZ!%#M-SRs}8Mo
zwvv;-zky7(RKJBF08qgIAi;lw;NTz+bvJike|6`80F-wy+jb!NnWhB!CSlbX5H0?I
zR=o<c;Rray(eIn3W><fV&9-pZ#)8#U6&Ze+q~*>rMr#x{Cp<^zY3t=_4`(VJIm0Pa
zq`aSFTZhM-qq5xLJ1R)jY31>LLg6dXGA<dpNv8f17#FX*W~mYU4&Ue^XiZWJC(1$9
zA0D+ps6$Y0IUii)Dm9e--<&hGI@-}1Fj_q5eXsKYB`p|9d&GTbE=|igS=AZKDUsNn
z7|-J{1i4px^6$ncv{c7V^~_@WynKolA>|Ay!#A!~OylnR5tpNMah>{`F6)-j3`R#p
zUYWnp{}^4^8*oMinKHWGTDfzb9<KP2`faN=={!gprIVtj?<Y?XX-7i$Iqo5-s-#wh
zLbz%wC%AxpNs_BF={&bj<Ncto`3$r4yl~crR?T;5qzdfGXN}8x$EqD?vkrq~i^6gO
zjFrz>tHy^XqFh9$|4uVsrnX+7^yT8W)+h>0L=|O>O&20D%&8o)?d4+P3khwlf*5i(
z8@_E@Hbx=Eh%|ySrVwET>xxt!;5!hf*;S{-CpyF)3+GpZSs7_+BQV2;c}H_quf#jg
z+Y=r(&7-w0SJjEdHjNW8T2dNdqlFFIsRe>06CK{dm%=HEofi!qS>zX{;C0t>He%{=
znPa3eQ9dk9w<vk;^U(WG;tP*pQWYiQ)9{%cTfxGOxVu55)d>HR6<SQ#Vl(pg_?3pS
z{fls;zo@qchQ(Fh!{P>BR?pC0M&R7El;1iV=4WQ9F8JKk85W&tdhJwyO>w7%6FY5o
z0utBeaw3KJT<S_$Uxt`dhP8l=SP6TK+BngY5n}clC95>Fo0^l#8S}nL6_wXICcS!{
zj%p4$_Vi&nB-i)M=4IQnbOt?iLgS^scW_1YWOQkghM>oxbM`hcB}E71Zal{T_56T3
zOML!I`K+O`ri_jbdHiaAm+(t+gVr{+1=otIasP%JD|)1!bbOv`$Fkn(ngYwUSldKq
zJ0eImC$si5OMF}|<&~mjeuG&s?lDu(lJ1UA4p{pv0`S??BwNW7H`;RknT$M7pKW)v
zYsAi!NceE~q}6E=iR6j-rs#JHW}V(&nOi0qBU>5|dcIj<M$Wpdkh`O^moRwj8i51A
z|LaE-`PKJrDDW%s+xSm+vKCPIzOx391{&*lilFViYyQ+f*}pddzp~%)S^sJYeg)GG
z{s8~fIK+?jpWxq3`&aNKzK#6b!hc0~r2att)LP&FjsD$>enoE-{%>dc^@OjYli#EA
ZQ(wOQd4jOWx6ldkXAu9VN&X(&e*oK$SIqzb

diff --git a/scenarios/ec2_ssrf/assets/ssrf_app/install.sh b/scenarios/ec2_ssrf/assets/ssrf_app/install.sh
deleted file mode 100755
index 4e97bd83..00000000
--- a/scenarios/ec2_ssrf/assets/ssrf_app/install.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-echo "[*] Installing Node and NPM"
-apt-get update 
-apt-get -y install nodejs npm
-echo "[*] Installing node packages"
-npm install http express needle command-line-args
-echo 
-echo "[*] Install complete!"
-echo
-echo " To start the server:"
-echo "  sudo nodejs ssrf-demo-app.js"
-echo "  sudo nodejs ssrf-demo-app.js -p 8080"
-echo 
diff --git a/scenarios/ec2_ssrf/assets/ssrf_app/package.json b/scenarios/ec2_ssrf/assets/ssrf_app/package.json
new file mode 100644
index 00000000..f789ef64
--- /dev/null
+++ b/scenarios/ec2_ssrf/assets/ssrf_app/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "ssrf_app",
+  "version": "1.0.0",
+  "description": "NodeJS Web App with a SSRF vulnerability",
+  "main": "app.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/sethsec/Nodejs-SSRF-App.git"
+  },
+  "author": "Seth Art",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/sethsec/Nodejs-SSRF-App/issues"
+  },
+  "homepage": "https://github.com/sethsec/Nodejs-SSRF-App#readme",
+  "dependencies": {
+    "express": "^4.19.2",
+    "needle": "^3.3.1"
+  }
+}
diff --git a/scenarios/ec2_ssrf/assets/ssrf_app/ssrf-demo-app.js b/scenarios/ec2_ssrf/assets/ssrf_app/ssrf-demo-app.js
deleted file mode 100644
index 000c8d9f..00000000
--- a/scenarios/ec2_ssrf/assets/ssrf_app/ssrf-demo-app.js
+++ /dev/null
@@ -1,69 +0,0 @@
-//////////////////////////////////////////
-// SSRF Demo App
-// Node.js Application Vulnerable to SSRF
-// Written by Seth Art <sethsec@gmail.com>
-// MIT Licensed
-//////////////////////////////////////////
-
-var http = require('http');
-var needle = require('needle');
-var express = require('express');
-var app = express();
-var commandLineArgs = require('command-line-args');
-
-// Currently this app is also vulnerable to reflective XSS as well. Kind of an easter egg :)
-
-var cli = [
-  { name: 'port', alias: 'p', type: Number, defaultOption:80 }
-]
-var options = commandLineArgs(cli)
-
-app.get('/', function(request, response){
-    var params = request.params;
-    var url = request.query['url'];
-    if (request.query['mime'] == 'plain'){
-	var mime = 'plain';
-    } else {
-	var mime = 'html';
-    };
-
-    console.log('New request: '+request.url);
-
-    // If the URL is not set, then we will just return the default page.
-    if (url == undefined) {
-      response.writeHead(200, {'Content-Type': 'text/'+mime});
-      response.write('<h1>Welcome to sethsec\'s SSRF demo.</h1>\n\n');
-      response.write('<h2>I am an application. I want to be useful, so give me a URL to requested for you\n</h2><br><br>\n\n\n');
-      response.end();
-    } else { // If the URL is set, then we will try to request it.
-      needle.get(url, { timeout: 3000 }, function(error, response1) {
-        // If the request is successful, then we will return the response to the user.
-        if (!error && response1.statusCode == 200) {
-          response.writeHead(200, {'Content-Type': 'text/'+mime});
-          response.write('<h1>Welcome to sethsec\'s SSRF demo.</h1>\n\n');
-          response.write('<h2>I am an application. I want to be useful, so I requested: <font color="red">'+url+'</font> for you\n</h2><br><br>\n\n\n');
-          console.log(response1.body);
-          response.write(response1.body);
-          response.end();
-        } else { // If the request is not successful, then we will return an error to the user.
-          response.writeHead(404, {'Content-Type': 'text/'+mime});
-          response.write('<h1>Welcome to sethsec\'s SSRF demo.</h1>\n\n');
-          response.write('<h2>I wanted to be useful, but I could not find: <font color="red">'+url+'</font> for you\n</h2><br><br>\n\n\n');
-          response.end();
-          console.log('error')
-
-      }
-    });
-  }
-})
-if (options.port) {
-	var port = options.port
-} else {
-	var port = 80
-}
-
-app.listen(port);
-console.log('\n##################################################')
-console.log('#\n#  Server listening for connections on port:'+port);
-console.log('#  Connect to server using the following url: \n#  -- http://[server]:'+port+'/?url=[SSRF URL]')
-console.log('#\n##################################################')
diff --git a/scenarios/ec2_ssrf/terraform/data.tf b/scenarios/ec2_ssrf/terraform/data.tf
new file mode 100644
index 00000000..f3a0472d
--- /dev/null
+++ b/scenarios/ec2_ssrf/terraform/data.tf
@@ -0,0 +1,31 @@
+data "aws_ami" "ec2" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+}
+
+data "archive_file" "lambda_function" {
+  type        = "zip"
+  source_file = "../assets/lambda.py"
+  output_path = "../assets/lambda.zip"
+}
+
+data "archive_file" "app" {
+  type        = "zip"
+  source_dir  = "../assets/ssrf_app/"
+  output_path = "../assets/app.zip"
+}
diff --git a/scenarios/ec2_ssrf/terraform/data_sources.tf b/scenarios/ec2_ssrf/terraform/data_sources.tf
deleted file mode 100644
index cd2b10ab..00000000
--- a/scenarios/ec2_ssrf/terraform/data_sources.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-#AWS Account Id
-data "aws_caller_identity" "aws-account-id" {
-  
-}
\ No newline at end of file
diff --git a/scenarios/ec2_ssrf/terraform/ec2.tf b/scenarios/ec2_ssrf/terraform/ec2.tf
index c347caca..a5ee999b 100644
--- a/scenarios/ec2_ssrf/terraform/ec2.tf
+++ b/scenarios/ec2_ssrf/terraform/ec2.tf
@@ -1,162 +1,140 @@
-#IAM Role
-resource "aws_iam_role" "cg-ec2-role" {
-  name = "cg-ec2-role-${var.cgid}"
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "ec2.amazonaws.com"
-      },
-      "Effect": "Allow",
-      "Sid": ""
-    }
-  ]
-}
-EOF
-  tags = {
-      Name = "cg-ec2-role-${var.cgid}"
-      Stack = "${var.stack-name}"
-      Scenario = "${var.scenario-name}"
-  }
+resource "aws_iam_policy" "ec2_policy" {
+  name        = "cg-ec2-role-policy-${var.cgid}"
+  description = "Policy for the IAM role used by the EC2 instance"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "s3:*",
+          "cloudwatch:*"
+        ]
+        Resource = "*"
+      }
+    ]
+  })
 }
-#Iam Role Policy
-resource "aws_iam_policy" "cg-ec2-role-policy" {
-  name = "cg-ec2-role-policy-${var.cgid}"
-  description = "cg-ec2-role-policy-${var.cgid}"
-  policy = <<POLICY
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "VisualEditor0",
-            "Effect": "Allow",
-            "Action": [
-                "s3:*",
-                "cloudwatch:*"
-            ],
-            "Resource": "*"
+
+resource "aws_iam_role" "ec2_role" {
+  name        = "cg-ec2-role-${var.cgid}"
+  description = "IAM role used by the CloudGoat EC2 instance"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Principal = {
+          Service = "ec2.amazonaws.com"
         }
+        Effect = "Allow"
+      }
     ]
-}
-POLICY
-}
-#IAM Role Policy Attachment
-resource "aws_iam_policy_attachment" "cg-ec2-role-policy-attachment" {
-  name = "cg-ec2-role-policy-attachment-${var.cgid}"
-  roles = [
-      "${aws_iam_role.cg-ec2-role.name}"
+  })
+
+  managed_policy_arns = [
+    aws_iam_policy.ec2_policy.arn
   ]
-  policy_arn = "${aws_iam_policy.cg-ec2-role-policy.arn}"
 }
-#IAM Instance Profile
-resource "aws_iam_instance_profile" "cg-ec2-instance-profile" {
+
+resource "aws_iam_instance_profile" "ec2_instance_profile" {
   name = "cg-ec2-instance-profile-${var.cgid}"
-  role = "${aws_iam_role.cg-ec2-role.name}"
+  role = aws_iam_role.ec2_role.name
 }
-#Security Groups
-resource "aws_security_group" "cg-ec2-ssh-security-group" {
-  name = "cg-ec2-ssh-${var.cgid}"
+
+resource "aws_security_group" "ec2_security_group" {
+  name        = "cg-ec2-ssh-${var.cgid}"
   description = "CloudGoat ${var.cgid} Security Group for EC2 Instance over SSH"
-  vpc_id = "${aws_vpc.cg-vpc.id}"
+  vpc_id      = aws_vpc.vpc.id
+
   ingress {
-      from_port = 22
-      to_port = 22
-      protocol = "tcp"
-      cidr_blocks = var.cg_whitelist
-  }
-  egress {
-      from_port = 0
-      to_port = 0
-      protocol = "-1"
-      cidr_blocks = [
-          "0.0.0.0/0"
-      ]
-  }
-  tags = {
-    Name = "cg-ec2-ssh-${var.cgid}"
-    Stack = "${var.stack-name}"
-    Scenario = "${var.scenario-name}"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = var.cg_whitelist
   }
-}
-resource "aws_security_group" "cg-ec2-http-security-group" {
-  name = "cg-ec2-http-${var.cgid}"
-  description = "CloudGoat ${var.cgid} Security Group for EC2 Instance over HTTP"
-  vpc_id = "${aws_vpc.cg-vpc.id}"
+
   ingress {
-      from_port = 80
-      to_port = 80
-      protocol = "tcp"
-      cidr_blocks = var.cg_whitelist
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = var.cg_whitelist
   }
+
   egress {
-      from_port = 0
-      to_port = 0
-      protocol = "-1"
-      cidr_blocks = [
-          "0.0.0.0/0"
-      ]
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    cidr_blocks = [
+      "0.0.0.0/0"
+    ]
   }
+
   tags = {
-    Name = "cg-ec2-http-${var.cgid}"
-    Stack = "${var.stack-name}"
-    Scenario = "${var.scenario-name}"
+    Name = "cg-ec2-ssh-${var.cgid}"
   }
 }
-#AWS Key Pair
-resource "aws_key_pair" "cg-ec2-key-pair" {
-  key_name = "cg-ec2-key-pair-${var.cgid}"
-  public_key = "${file(var.ssh-public-key-for-ec2)}"
+
+resource "aws_key_pair" "ec2_key_pair" {
+  key_name   = "cg-ec2-key-pair-${var.cgid}"
+  public_key = file(var.ssh_public_key)
 }
-#EC2 Instance
-resource "aws_instance" "cg-ubuntu-ec2" {
-    ami = "ami-0a313d6098716f372"
-    instance_type = "t2.micro"
-    iam_instance_profile = "${aws_iam_instance_profile.cg-ec2-instance-profile.name}"
-    subnet_id = "${aws_subnet.cg-public-subnet-1.id}"
-    associate_public_ip_address = true
-    vpc_security_group_ids = [
-        "${aws_security_group.cg-ec2-ssh-security-group.id}",
-        "${aws_security_group.cg-ec2-http-security-group.id}"
-    ]
-    key_name = "${aws_key_pair.cg-ec2-key-pair.key_name}"
-    root_block_device {
-        volume_type = "gp2"
-        volume_size = 8
-        delete_on_termination = true
-    }
-    provisioner "file" {
-      source = "../assets/ssrf_app/app.zip"
-      destination = "/home/ubuntu/app.zip"
-      connection {
-        type = "ssh"
-        user = "ubuntu"
-        private_key = "${file(var.ssh-private-key-for-ec2)}"
-        host = self.public_ip
-      }
+
+resource "aws_instance" "ubuntu_ec2" {
+  ami                         = data.aws_ami.ec2.id
+  instance_type               = "t3.micro"
+  iam_instance_profile        = aws_iam_instance_profile.ec2_instance_profile.name
+  subnet_id                   = aws_subnet.public_subnet.id
+  associate_public_ip_address = true
+
+  vpc_security_group_ids = [
+    aws_security_group.ec2_security_group.id
+  ]
+
+  key_name = aws_key_pair.ec2_key_pair.key_name
+
+  root_block_device {
+    volume_type           = "gp3"
+    volume_size           = 8
+    delete_on_termination = true
+  }
+
+  metadata_options {
+    http_endpoint               = "enabled"
+    http_tokens                 = "optional"
+    http_put_response_hop_limit = 2
+  }
+
+  provisioner "file" {
+    source      = data.archive_file.app.output_path
+    destination = "/home/ubuntu/app.zip"
+    connection {
+      type        = "ssh"
+      user        = "ubuntu"
+      private_key = file(var.ssh_private_key)
+      host        = self.public_ip
     }
-    user_data = <<-EOF
+  }
+
+  user_data = <<-EOF
         #!/bin/bash
         apt-get update
-        curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
+        curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
         DEBIAN_FRONTEND=noninteractive apt-get -y install nodejs unzip
-        npm install http express needle command-line-args
         cd /home/ubuntu
         unzip app.zip -d ./app
         cd app
-        sudo node ssrf-demo-app.js &
-        echo -e "\n* * * * * root node /home/ubuntu/app/ssrf-demo-app.js &\n* * * * * root sleep 10; node /home/ubuntu/app/ssrf-demo-app.js &\n* * * * * root sleep 20; node /home/ubuntu/app/ssrf-demo-app.js &\n* * * * * root sleep 30; node /home/ubuntu/app/ssrf-demo-app.js &\n* * * * * root sleep 40; node /home/ubuntu/app/ssrf-demo-app.js &\n* * * * * root sleep 50; node /home/ubuntu/app/ssrf-demo-app.js &\n" >> /etc/crontab
-        EOF
-    volume_tags = {
-        Name = "CloudGoat ${var.cgid} EC2 Instance Root Device"
-        Stack = "${var.stack-name}"
-        Scenario = "${var.scenario-name}"
-    }
-    tags = {
-        Name = "cg-ubuntu-ec2-${var.cgid}"
-        Stack = "${var.stack-name}"
-        Scenario = "${var.scenario-name}"
-    }
+        npm install
+        sudo node app.js &
+        echo -e "\n* * * * * root node /home/ubuntu/app/app.js &\n* * * * * root sleep 10; node /home/ubuntu/app/app.js &\n* * * * * root sleep 20; node /home/ubuntu/app/app.js &\n* * * * * root sleep 30; node /home/ubuntu/app/app.js &\n* * * * * root sleep 40; node /home/ubuntu/app/app.js &\n* * * * * root sleep 50; node /home/ubuntu/app/app.js &\n" >> /etc/crontab
+  EOF
+
+  volume_tags = {
+    Name = "CloudGoat ${var.cgid} EC2 Instance Root Device"
+  }
+  tags = {
+    Name = "cg-ubuntu-ec2-${var.cgid}"
+  }
 }
diff --git a/scenarios/ec2_ssrf/terraform/iam.tf b/scenarios/ec2_ssrf/terraform/iam.tf
index 4db6e9a2..475b2b13 100644
--- a/scenarios/ec2_ssrf/terraform/iam.tf
+++ b/scenarios/ec2_ssrf/terraform/iam.tf
@@ -1,108 +1,95 @@
-#IAM Users
-resource "aws_iam_user" "cg-solus" {
+resource "aws_iam_user" "solus" {
   name = "solus-${var.cgid}"
-  tags = {
-    Name = "cg-solus-${var.cgid}"
-    Stack = "${var.stack-name}"
-    Scenario = "${var.scenario-name}"
-  }
 }
-resource "aws_iam_access_key" "cg-solus" {
-  user = "${aws_iam_user.cg-solus.name}"
+resource "aws_iam_access_key" "solus" {
+  user = aws_iam_user.solus.name
 }
-resource "aws_iam_user" "cg-wrex" {
-  name = "wrex-${var.cgid}"
-  tags = {
-    Name = "cg-wrex-${var.cgid}"
-    Stack = "${var.stack-name}"
-    Scenario = "${var.scenario-name}"
-  }
+
+resource "aws_iam_policy" "solus" {
+  name        = "cg-solus-policy-${var.cgid}"
+  description = "IAM policy for the solus user"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid    = "solus"
+        Effect = "Allow"
+        Action = [
+          "lambda:Get*",
+          "lambda:List*"
+        ]
+        Resource = "*"
+      }
+    ]
+  })
 }
-resource "aws_iam_access_key" "cg-wrex" {
-  user = "${aws_iam_user.cg-wrex.name}"
+
+resource "aws_iam_user_policy_attachment" "solus" {
+  user       = aws_iam_user.solus.name
+  policy_arn = aws_iam_policy.solus.arn
 }
-resource "aws_iam_user" "cg-shepard" {
-  name = "shepard-${var.cgid}"
-  tags = {
-    Name = "cg-shepard-${var.cgid}"
-    Stack = "${var.stack-name}"
-    Scenario = "${var.scenario-name}"
-  }
+
+
+resource "aws_iam_user" "wrex" {
+  name = "wrex-${var.cgid}"
 }
-resource "aws_iam_access_key" "cg-shepard" {
-  user = "${aws_iam_user.cg-shepard.name}"
+resource "aws_iam_access_key" "wrex" {
+  user = aws_iam_user.wrex.name
 }
-#IAM User Policies
-resource "aws_iam_policy" "cg-solus-policy" {
-  name = "cg-solus-policy-${var.cgid}"
-  description = "cg-solus-policy-${var.cgid}"
-  policy = <<EOF
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "solus",
-            "Effect": "Allow",
-            "Action": [
-                "lambda:Get*",
-                "lambda:List*"
-            ],
-            "Resource": "*"
-        }
+
+resource "aws_iam_policy" "wrex" {
+  name        = "cg-wrex-policy-${var.cgid}"
+  description = "IAM policy for the wrex user"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid      = "wrex"
+        Effect   = "Allow"
+        Action   = "ec2:*"
+        Resource = "*"
+      }
     ]
+  })
 }
-EOF
+
+resource "aws_iam_user_policy_attachment" "wrex" {
+  user       = aws_iam_user.wrex.name
+  policy_arn = aws_iam_policy.wrex.arn
 }
-resource "aws_iam_policy" "cg-wrex-policy" {
-  name = "cg-wrex-policy-${var.cgid}"
-  description = "cg-wrex-policy-${var.cgid}"
-  policy = <<EOF
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "wrex",
-            "Effect": "Allow",
-            "Action": [
-                "ec2:*"
-            ],
-            "Resource": "*"
-        }
-    ]
+
+
+resource "aws_iam_user" "shepard" {
+  name = "shepard-${var.cgid}"
 }
-EOF
+resource "aws_iam_access_key" "shepard" {
+  user = aws_iam_user.shepard.name
 }
-resource "aws_iam_policy" "cg-shepard-policy" {
-  name = "cg-shepard-policy-${var.cgid}"
-  description = "cg-shepard-policy-${var.cgid}"
-  policy = <<EOF
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "shepard",
-            "Effect": "Allow",
-            "Action": [
-                "lambda:Get*",
-                "lambda:Invoke*",
-                "lambda:List*"
-            ],
-            "Resource": "*"
-        }
+
+resource "aws_iam_policy" "shepard" {
+  name        = "cg-shepard-policy-${var.cgid}"
+  description = "IAM policy for the shepard user"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid    = "shepard"
+        Effect = "Allow"
+        Action = [
+          "lambda:Get*",
+          "lambda:Invoke*",
+          "lambda:List*"
+        ]
+        Resource = "*"
+      }
     ]
+  })
 }
-EOF
-}
-#User Policy Attachments
-resource "aws_iam_user_policy_attachment" "cg-solus-attachment" {
-  user = "${aws_iam_user.cg-solus.name}"
-  policy_arn = "${aws_iam_policy.cg-solus-policy.arn}"
-}
-resource "aws_iam_user_policy_attachment" "cg-wrex-attachment" {
-  user = "${aws_iam_user.cg-wrex.name}"
-  policy_arn = "${aws_iam_policy.cg-wrex-policy.arn}"
+
+resource "aws_iam_user_policy_attachment" "shepard" {
+  user       = aws_iam_user.shepard.name
+  policy_arn = aws_iam_policy.shepard.arn
 }
-resource "aws_iam_user_policy_attachment" "cg-shepard-attachment" {
-  user = "${aws_iam_user.cg-shepard.name}"
-  policy_arn = "${aws_iam_policy.cg-shepard-policy.arn}"
-}
\ No newline at end of file
diff --git a/scenarios/ec2_ssrf/terraform/lambda.tf b/scenarios/ec2_ssrf/terraform/lambda.tf
index 946856ba..72592286 100644
--- a/scenarios/ec2_ssrf/terraform/lambda.tf
+++ b/scenarios/ec2_ssrf/terraform/lambda.tf
@@ -1,47 +1,36 @@
-data "archive_file" "cg-lambda-function" {
-  type = "zip"
-  source_file = "../assets/lambda.py"
-  output_path = "../assets/lambda.zip"
-}
-resource "aws_iam_role" "cg-lambda-role" {
-  name = "cg-lambda-role-${var.cgid}-service-role"
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "lambda.amazonaws.com"
-      },
-      "Effect": "Allow",
-      "Sid": ""
-    }
-  ]
-}
-EOF
-  tags = {
-    Name = "cg-lambda-role-${var.cgid}"
-    Stack = "${var.stack-name}"
-    Scenario = "${var.scenario-name}"
-  }
+resource "aws_iam_role" "lambda" {
+  name        = "cg-lambda-role-${var.cgid}-service-role"
+  description = "Lambda function IAM role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
+        Effect = "Allow"
+      }
+    ]
+  })
 }
-resource "aws_lambda_function" "cg-lambda-function" {
-  filename = "../assets/lambda.zip"
+
+resource "aws_lambda_function" "lambda_function" {
   function_name = "cg-lambda-${var.cgid}"
-  role = "${aws_iam_role.cg-lambda-role.arn}"
-  handler = "lambda.handler"
-  source_code_hash = "${data.archive_file.cg-lambda-function.output_base64sha256}"
-  runtime = "python3.9"
+  description   = "Invoke this Lambda function for the win!"
+  runtime       = "python3.11"
+
+  role = aws_iam_role.lambda.arn
+
+  handler          = "lambda.handler"
+  filename         = data.archive_file.lambda_function.output_path
+  source_code_hash = data.archive_file.lambda_function.output_base64sha256
+
   environment {
-      variables = {
-          EC2_ACCESS_KEY_ID = "${aws_iam_access_key.cg-wrex.id}"
-          EC2_SECRET_KEY_ID = "${aws_iam_access_key.cg-wrex.secret}"
-      }
-  }
-  tags = {
-    Name = "cg-lambda-${var.cgid}"
-    Stack = "${var.stack-name}"
-    Scenario = "${var.scenario-name}"
+    variables = {
+      EC2_ACCESS_KEY_ID = aws_iam_access_key.wrex.id
+      EC2_SECRET_KEY_ID = aws_iam_access_key.wrex.secret
+    }
   }
 }
diff --git a/scenarios/ec2_ssrf/terraform/null_resource.tf b/scenarios/ec2_ssrf/terraform/null_resource.tf
deleted file mode 100644
index c9dec343..00000000
--- a/scenarios/ec2_ssrf/terraform/null_resource.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-#Null Resources
-resource "null_resource" "cg-create-latest-passwords-list-file" {
-  provisioner "local-exec" {
-      command = "touch ../assets/latest-passwords-list.txt"
-  }
-}
-resource "null_resource" "cg-create-sheperds-credentials-file" {
-  provisioner "local-exec" {
-      command = "touch ../assets/admin-user.txt && echo ${aws_iam_access_key.cg-shepard.id} >>../assets/admin-user.txt && echo ${aws_iam_access_key.cg-shepard.secret} >>../assets/admin-user.txt"
-  }
-}
\ No newline at end of file
diff --git a/scenarios/ec2_ssrf/terraform/outputs.tf b/scenarios/ec2_ssrf/terraform/outputs.tf
index aab984b2..5b612e16 100644
--- a/scenarios/ec2_ssrf/terraform/outputs.tf
+++ b/scenarios/ec2_ssrf/terraform/outputs.tf
@@ -1,12 +1,7 @@
-
-#Required: Always output the AWS Account ID
-output "cloudgoat_output_aws_account_id" {
-  value = "${data.aws_caller_identity.aws-account-id.account_id}"
-}
 output "cloudgoat_output_solus_access_key_id" {
-  value = "${aws_iam_access_key.cg-solus.id}"
+  value = aws_iam_access_key.solus.id
 }
 output "cloudgoat_output_solus_secret_key" {
-  value = "${aws_iam_access_key.cg-solus.secret}"
+  value     = aws_iam_access_key.solus.secret
   sensitive = true
-}
\ No newline at end of file
+}
diff --git a/scenarios/ec2_ssrf/terraform/provider.tf b/scenarios/ec2_ssrf/terraform/provider.tf
index 2851ee7d..00ed294e 100644
--- a/scenarios/ec2_ssrf/terraform/provider.tf
+++ b/scenarios/ec2_ssrf/terraform/provider.tf
@@ -1,4 +1,26 @@
+terraform {
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.61.0"
+    }
+    archive = {
+      source  = "hashicorp/archive"
+      version = ">= 2.5.0"
+    }
+  }
+}
+
 provider "aws" {
-  profile = "${var.profile}"
-  region = "${var.region}"
-}
\ No newline at end of file
+  profile = var.profile
+  region  = var.region
+
+  default_tags {
+    tags = {
+      Stack    = var.stack-name
+      Scenario = var.scenario-name
+    }
+  }
+}
diff --git a/scenarios/ec2_ssrf/terraform/s3.tf b/scenarios/ec2_ssrf/terraform/s3.tf
index 1c214863..3ac288a7 100644
--- a/scenarios/ec2_ssrf/terraform/s3.tf
+++ b/scenarios/ec2_ssrf/terraform/s3.tf
@@ -1,29 +1,19 @@
-#Secret S3 Bucket
-locals {
-  # Ensure the bucket suffix doesn't contain invalid characters
-  # "Bucket names can consist only of lowercase letters, numbers, dots (.), and hyphens (-)."
-  # (per https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) 
-  bucket_suffix = replace(var.cgid, "/[^a-z0-9-.]/", "-")
-}
-
-resource "aws_s3_bucket" "cg-secret-s3-bucket" {
-  bucket = "cg-secret-s3-bucket-${local.bucket_suffix}"
+resource "aws_s3_bucket" "secret_bucket" {
+  bucket        = "cg-secret-s3-bucket-${replace(var.cgid, "/[^a-z0-9-.]/", "-")}"
   force_destroy = true
+
   tags = {
-      Name = "cg-secret-s3-bucket-${local.bucket_suffix}"
-      Description = "CloudGoat ${var.cgid} S3 Bucket used for storing a secret"
-      Stack = "${var.stack-name}"
-      Scenario = "${var.scenario-name}"
+    Description = "CloudGoat ${var.cgid} S3 Bucket used for storing a secret"
   }
 }
 
-resource "aws_s3_object" "cg-shepards-credentials" {
-  bucket = "${aws_s3_bucket.cg-secret-s3-bucket.id}"
-  key = "admin-user.txt"
-  source = "../assets/admin-user.txt"
-  tags = {
-    Name = "cg-shepards-credentials-${var.cgid}"
-    Stack = "${var.stack-name}"
-    Scenario = "${var.scenario-name}"
-  }
+resource "aws_s3_object" "shepards_credentials" {
+  bucket  = aws_s3_bucket.secret_bucket.id
+  key     = "/aws/credentials"
+  content = <<-CONTENT
+    [default]
+    aws_access_key_id = ${aws_iam_access_key.shepard.id}
+    aws_secret_access_key = ${aws_iam_access_key.shepard.secret}
+    region = ${var.region}
+  CONTENT
 }
diff --git a/scenarios/ec2_ssrf/terraform/variables.tf b/scenarios/ec2_ssrf/terraform/variables.tf
index 00f0f666..8cf292ee 100644
--- a/scenarios/ec2_ssrf/terraform/variables.tf
+++ b/scenarios/ec2_ssrf/terraform/variables.tf
@@ -1,32 +1,44 @@
-#Required: AWS Profile
 variable "profile" {
+  description = "The AWS profile to use"
+  type        = string
+}
 
+variable "cgid" {
+  description = "CGID variable for unique naming"
+  type        = string
 }
-#Required: AWS Region
+
 variable "region" {
   default = "us-east-1"
+  type    = string
 }
-#Required: CGID Variable for unique naming
-variable "cgid" {
 
-}
 #Required: User's Public IP Address(es)
 variable "cg_whitelist" {
-  default = "../whitelist.txt"
+  description = "User's public IP address(es)"
+  type        = list(string)
 }
-#SSH Public Key
-variable "ssh-public-key-for-ec2" {
-  default = "../cloudgoat.pub"
+
+variable "ssh_public_key" {
+  description = "Path to the public EC2 key"
+  default     = "../cloudgoat.pub"
+  type        = string
 }
-#SSH Private Key
-variable "ssh-private-key-for-ec2" {
-  default = "../cloudgoat"
+
+variable "ssh_private_key" {
+  description = "Path to the private EC2 key"
+  default     = "../cloudgoat"
+  type        = string
 }
-#Stack Name
+
 variable "stack-name" {
-  default = "CloudGoat"
+  description = "Name of the stack"
+  default     = "CloudGoat"
+  type        = string
 }
-#Scenario Name
+
 variable "scenario-name" {
-  default = "ec2-ssrf"
-}
\ No newline at end of file
+  description = "Name of the scenario"
+  default     = "iam_privesc_by_key_rotation"
+  type        = string
+}
diff --git a/scenarios/ec2_ssrf/terraform/vpc.tf b/scenarios/ec2_ssrf/terraform/vpc.tf
index a561d209..655c2693 100644
--- a/scenarios/ec2_ssrf/terraform/vpc.tf
+++ b/scenarios/ec2_ssrf/terraform/vpc.tf
@@ -1,61 +1,43 @@
-resource "aws_vpc" "cg-vpc" {
-  cidr_block = "10.10.0.0/16"
+resource "aws_vpc" "vpc" {
+  cidr_block           = "10.10.0.0/16"
   enable_dns_hostnames = true
   tags = {
-      Name = "CloudGoat ${var.cgid} VPC"
-      Stack = "${var.stack-name}"
-      Scenario = "${var.scenario-name}"
+    Name = "CloudGoat ${var.cgid} VPC"
   }
 }
 #Internet Gateway
-resource "aws_internet_gateway" "cg-internet-gateway" {
-  vpc_id = "${aws_vpc.cg-vpc.id}"
+resource "aws_internet_gateway" "internet_gateway" {
+  vpc_id = aws_vpc.vpc.id
   tags = {
-      Name = "CloudGoat ${var.cgid} Internet Gateway"
-      Stack = "${var.stack-name}"
-      Scenario = "${var.scenario-name}"
+    Name = "CloudGoat ${var.cgid} Internet Gateway"
   }
 }
 #Public Subnets
-resource "aws_subnet" "cg-public-subnet-1" {
+resource "aws_subnet" "public_subnet" {
   availability_zone = "${var.region}a"
-  cidr_block = "10.10.10.0/24"
-  vpc_id = "${aws_vpc.cg-vpc.id}"
+  cidr_block        = "10.10.10.0/24"
+  vpc_id            = aws_vpc.vpc.id
+
   tags = {
-      Name = "CloudGoat ${var.cgid} Public Subnet #1"
-      Stack = "${var.stack-name}"
-      Scenario = "${var.scenario-name}"
-  }
-}
-resource "aws_subnet" "cg-public-subnet-2" {
-  availability_zone = "${var.region}b"
-  cidr_block = "10.10.20.0/24"
-  vpc_id = "${aws_vpc.cg-vpc.id}"
-  tags = {
-      Name = "CloudGoat ${var.cgid} Public Subnet #2"
-      Stack = "${var.stack-name}"
-      Scenario = "${var.scenario-name}"
+    Name = "CloudGoat ${var.cgid} Public Subnet"
   }
 }
+
 #Public Subnet Routing Table
-resource "aws_route_table" "cg-public-subnet-route-table" {
+resource "aws_route_table" "public_subnet" {
+  vpc_id = aws_vpc.vpc.id
   route {
-      cidr_block = "0.0.0.0/0"
-      gateway_id = "${aws_internet_gateway.cg-internet-gateway.id}"
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.internet_gateway.id
   }
-  vpc_id = "${aws_vpc.cg-vpc.id}"
+
   tags = {
-      Name = "CloudGoat ${var.cgid} Route Table for Public Subnet"
-      Stack = "${var.stack-name}"
-      Scenario = "${var.scenario-name}"
+    Name = "CloudGoat ${var.cgid} Route Table"
   }
 }
+
 #Public Subnets Routing Associations
-resource "aws_route_table_association" "cg-public-subnet-1-route-association" {
-  subnet_id = "${aws_subnet.cg-public-subnet-1.id}"
-  route_table_id = "${aws_route_table.cg-public-subnet-route-table.id}"
+resource "aws_route_table_association" "public_subnet" {
+  subnet_id      = aws_subnet.public_subnet.id
+  route_table_id = aws_route_table.public_subnet.id
 }
-resource "aws_route_table_association" "cg-public-subnet-2-route-association" {
-  subnet_id = "${aws_subnet.cg-public-subnet-2.id}"
-  route_table_id = "${aws_route_table.cg-public-subnet-route-table.id}"
-}
\ No newline at end of file