To run macOS on AWS you need to create AWS EC2 dedicated hosts of instance type mac1.metal
. By default, you can only create 0
instances of this type. You will need to submit a request to AWS to get this increased from 0
to 3
.
By default AWS limits your account to 32 vCPUs but this environment requires 72 (see table below). You will need to submit a request to AWS to get this increased from 32
to 72
.
By default you get 5 Elastic IPs per region for an account but this project needs 9 Elatic IPs. Breakdown:
Below is a table of all the AWS compute resources needed for this workshop. Depending your target audience size you can adjsut the size allocations for each machine. The SIEM machines and NSM/Arkmie use r5
machines to provide as much memory as possible to keep search times minimal.
It should be noted at the time of this writing that if you plan on running this setup in AWS including the macOS machines even before they are turned on it's $25 per macOS instance. The macOS license states that each instance must be used at least 24 hours. Even, if you use macOS machines for 3 seconds you still end up paying for 24 hours worth of use.
Let's discuss the hour pricing listed in the table below. It should be noted that hourly price listed is only the EC2 computing, the pricing does not include:
# | EC2 type | vCPU | Memory | SSD | Rate per hour | Description |
---|---|---|---|---|---|---|
1 | r5.2xlarge | 8 | 64GB | 100GB | $0.504 | Elastic server |
2 | r5.2xlarge | 8 | 64GB | 100GB | $0.504 | Graylog server |
3 | r5.2xlarge | 8 | 64GB | 100GB | $0.504 | Splunk server |
4 | r5.2xlarge | 4 | 16GB | 100GB | $0.1856 | NSM server |
5 | t2.small | 1 | 2GB | 8GB | $0.023 | Jumpbox |
6 | t2.small | 1 | 2GB | 20GB | $0.023 | red team box - alpha |
7 | t2.small | 1 | 2GB | 20GB | $0.023 | red team box - beta |
8 | t2.large | 2 | 8GB | 20GB | $0.0928 | Logstah ingestor server |
9 | t2.small | 1 | 2GB | 20GB | $0.023 | wiki server |
10 | t2.small | 1 | 2GB | 20GB | $0.0234 | file server |
11 | t2.small | 1 | 2GB | 60GB | $0.0234 | Windows server |
12 | mac1.metal | 12 | 32GB | 60GB | $1.083 | macOS client - alpha |
13 | mac1.metal | 12 | 32GB | 60GB | $1.083 | macOS client - beta |
14 | mac1.metal | 12 | 32GB | 60GB | $1.083 | macOS client - charlie |
15 | dedicated host | - | - | - | $1.083 | Dedicate host for macOS alpha |
15 | dedicated host | - | - | - | $1.083 | Dedicate host for macOS beta |
15 | dedicated host | - | - | - | $1.083 | Dedicate host for macOS charlie |
Total | 72 | 320GB | 748GB | $8.426/hr |
# | Username | Pasword | account type | Description |
---|---|---|---|---|
1 | jso-yeon@hac.local | <group_vars/corp.yml - user_list > |
mail account | e-mail account |
2 | lmanoban@hac.local | <group_vars/corp.yml - user_list > |
mail account | e-mail account |
3 | dengziqi@hac.local | <group_vars/corp.yml - user_list > |
mail account | e-mail admin account |
4 | jso-yeon | <group_vars/corp.yml - user_list > |
SMB share | smb://172.16.50.20/public |
5 | lmanoban | <group_vars/corp.yml - user_list > |
SMB share | smb://172.16.50.20/public |
6 | dengziqi | <group_vars/corp.yml - user_list > |
SMB share | smb://172.16.50.20/private - admin |
7 | jso-yeon | <group_vars/corp.yml - user_list > |
macos Alpha VNC | vnc://172.16.50.130 |
8 | lmanoban | <group_vars/corp.yml - user_list > |
macos Beta VNC | vnc://172.16.50.131 |
9 | dengziqi | <group_vars/corp.yml - user_list > |
macos Charlie VNC | vnc://172.16.50.132 |
10 | ec2-user | <group_vars/corp.yml - vnc_admin_password > |
macos Alpha VNC | vnc://172.16.50.130 |
11 | ec2-user | <group_vars/corp.yml - vnc_admin_password > |
macos Beta VNC | vnc://172.16.50.131 |
12 | ec2-user | <group_vars/corp.yml - vnc_admin_password > |
macos Charlie VNC | vnc://172.16.50.132 |
cd macos-workshop
ssh-keygen -t rsa -b 2048 -C "lmanoban@hac.local" -f files/comp_ssh_keys/id_rsa -q -N ""
The playbook instructions for these instances assume they are publicaly facing and that these instances have public DNS A records that can be used by Let's Encrypt to generate an HTTPS certificate for NGINX.
The playbook instructions for these instances are to setup
cd macos-workshop/terraform
terraform destroy