search

RhinoSecurityLabs / cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
BSD 3-Clause "New" or "Revised" License
2.96k stars 617 forks source link

iam_privesc_by_attachment setup error #183

Closed tmechen closed 4 months ago

tmechen commented 1 year ago

Error:

while creating the iam_privesc_by_attachment scenario

│ Error: collecting instance settings: couldn't find resource
│
│   with aws_instance.cg-super-critical-security-server,
│   on ec2.tf line 56, in resource "aws_instance" "cg-super-critical-security-server":
│   56: resource "aws_instance" "cg-super-critical-security-server" {
│

Problem:

ami = "ami-0a313d6098716f372" not available https://github.com/RhinoSecurityLabs/cloudgoat/blob/e0338d9cd6f66206d0d053b3ee50635ab23ec4f9/scenarios/iam_privesc_by_attachment/terraform/ec2.tf#L58

Fix:

search for latest ami (for example LTS ubuntu 2204)

data "aws_ami" "ubuntu_2204" {
  most_recent = true
  owners      = ["099720109477"]
  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server*"]
  }
}

And using this instead of hardcoded ami in scenarios/iam_privesc_by_attachment/terraform/ec2.tf

ami = data.aws_ami.ubuntu_2204.id
TeneBrae93 commented 4 months ago

@tmechen - Thanks for reporting this issue and apologies for the late response. I just merged PR 254 by @andrew-aiken and confirmed this is fixed now.