By @chvancooten, Ansible role for Elastic Security deployment by @nodauf
Provisioning scripts for an Active Directory lab environment. Designed to be deployed to Azure using the Azure cloud shell.
The lab is provisioned automatically using Terraform and Ansible. First, Terraform deploys all the infrastructure and prepares the machines for provisioning. It then kicks off a role-based Ansible playbook from the Debian attacker machine to provision the Windows-based machines. The full process takes about 15 to 20 minutes to complete.
💸 Note: The machine sizes are moderately large by default ('Standard_B4ms'). In my testing the bill was approx. €10 per day of active use, your mileage may vary. Change the appropriate 'size' settings in
terraform.tfvars
to change machine sizes.
terraform.tfvars.example
to terraform.tfvars
in the Terraform
directory, and configure the variables appropriately.terraform init
.terraform apply
(or terraform apply --auto-approve
to skip the approval check).Once deployment and provisioning have finished, the output variables (public IP / DNS name, administrative passwords, machine names, etc.) will be displayed. You are now ready to connect to the labs!
terraform destroy
to tear down the environment.The labs consist of a selection of machines:
One public IP is exposed for the whole lab. The IP ranges defined in the ip-whitelist
are allowed to access the following ports on this IP address, which are bound to the following services using a load balancer:
Another public IP is used for outbound Internet connectivity for all lab machines.
At a later point I might add the following: