About:
This is a sample configuration for implementing a secure network infrastructure in an AWS cloud environment at the Subnet/EC2 level. I utilized Terraform to establish the network security rules and specified a few TCP ports.
Additions:
Automate the deployment of this ruleset with python. Create a script to remove the resources <note: check terraform commands>
🌐Repo:https://github.com/MalcolmTKS/TH-Proj ✅Portfolio: malcolmcybersec-io.pages.dev
# This script automates the deployment of a terraform configuration.
import subprocess
import os
def run_command(command):
try:
subprocess.run(command, check=True, shell=True)
except subprocess.CalledProcessError as e:
print(f"Error executing command: {e}")
exit(1)
def deploy_terraform():
# set to the directory containing TF files
os.chdir("C:\\Users\\**\\Documents\\***.py")
# Initialize, plan, and apply Terraform
commands = [
"terraform init -input=false",
"terraform plan -out=tfplan -input=false",
"terraform apply -input=false tfplan",
"terraform output"
]
for cmd in commands:
print(f"Executing: {cmd}")
run_command(cmd)
if __name__ == "__main__":
deploy_terraform()
# copy/add a new resource block based on your needs/custom config.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.16"
}
}
required_version = ">= 1.2.0"
}
provider "aws" {
region = "****"
}
resource "aws_network_acl_rule" "allow_http_inbound" {
network_acl_id = aws_network_acl.main.td
rule_number = 100
egress = false
protocol = "tcp"
rule_action = "alllow"
cidr_block = "0.0.0.0/0"
from_port = 80
to_port = 80
}
resource "aws_network_acl_rule" "allow_https_inbound" {
network_acl_id = aws_network_acl.main.id
rule_number = 110
egress = false
protocol = "tcp"
rule_action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 443
to_port = 443
}
resource "aws_network_acl_rule" "allow_ssh_inbound" {
network_acl_id = aws_network_acl.main.id
rule_number = 120
egress = false
protocol = "tcp"
rule_action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 22
to_port = 22
}
resource "aws_network_acl_rule" "allow_all_outbound" {
network_acl_id = aws_network_acl.main.id
rule_number = 100
egress = true
protocol = "-1"
rule_action = "allow"
cidr_block = "0.0.0.0/0"
from_port = 0
to_port = 0
# copy/add a new resource block based on your needs/custom config.
resource "aws_security_group" "example" {
name = "dev-security group "
vpc_id = aws_vpc.main.id
tags = {
Name = "dev-security-group"
}
}
# Inbound rule for HTTP
resource "aws_security_group_rule" "allow_http" {
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.main.id
}
# Inbound rule for HTTPS
resource "aws_security_group_rule" "allow_https" {
type = "ingress"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.main.id
}
# Inbound rule for SSH
resource "aws_security_group_rule" "allow_ssh" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.main.id
}
# Outbound rule to allow all outbound traffic
resource "aws_security_group_rule" "allow_all_outbound" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.main.id
}