Name created resources more consistently (#242)

* add names

* add all renames with local variables and extend necessary random character strings

* terraform fmt

v2/internal/attacktechniques/aws/credential-access/ec2-get-password-data/main.tf

@@ -18,10 +18,14 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-ec2-get-password-data"
+}
+
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_role" "role" {
-  name = "sample-role-used-by-stratus-for-ec2-password-data"
+  name = "${local.resource_prefix}-role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [

v2/internal/attacktechniques/aws/credential-access/ec2-steal-instance-credentials/main.tf

@@ -19,14 +19,18 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-ec2-steal-credentials"
+}
+
 data "aws_availability_zones" "available" {
   state = "available"
 }
 
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
 
-  name = "stratus-red-team-vpc-ec2-credentials"
+  name = "${local.resource_prefix}-vpc"
   cidr = "10.0.0.0/16"
 
   azs             = [data.aws_availability_zones.available.names[0]]
@@ -57,7 +61,7 @@ resource "aws_network_interface" "iface" {
 }
 
 resource "aws_iam_role" "instance-role" {
-  name = "stratus-ec2-credentials-instance-role"
+  name = "${local.resource_prefix}-role"
   path = "/"
 
   assume_role_policy = <<EOF
@@ -98,7 +102,7 @@ resource "aws_iam_role_policy_attachment" "rolepolicy" {
 }
 
 resource "aws_iam_instance_profile" "instance" {
-  name = "stratus-ec2-credentials-instance"
+  name = "${local.resource_prefix}-instance"
   role = aws_iam_role.instance-role.name
 }
 

v2/internal/attacktechniques/aws/credential-access/secretsmanager-retrieve-secrets/main.tf

@@ -19,7 +19,8 @@ provider "aws" {
 }
 
 locals {
-  num_secrets = 20
+  num_secrets     = 20
+  resource_prefix = "stratus-red-team-retrieve-secret"
 }
 
 resource "random_string" "secrets" {
@@ -30,7 +31,7 @@ resource "random_string" "secrets" {
 
 resource "aws_secretsmanager_secret" "secrets" {
   count = local.num_secrets
-  name  = "stratus-red-team-secret-${count.index}"
+  name  = "${local.resource_prefix}-${count.index}"
 
   recovery_window_in_days = 0
 }

v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-delete/main.tf

@@ -18,20 +18,25 @@ provider "aws" {
   }
 }
 
-resource "aws_cloudtrail" "trail" {
-  name           = "my-cloudtrail-trail-2"
-  s3_bucket_name = aws_s3_bucket.cloudtrail.id
-}
-
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
 locals {
-  bucket-name = "my-cloudtrail-bucket-${random_string.suffix.result}"
+  resource_prefix = "stratus-red-team-cloudtraild"
+}
+
+locals {
+  bucket-name = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
+}
+
+resource "aws_cloudtrail" "trail" {
+  name           = "${local.resource_prefix}-trail-${random_string.suffix.result}"
+  s3_bucket_name = aws_s3_bucket.cloudtrail.id
 }
+
 resource "aws_s3_bucket" "cloudtrail" {
   bucket        = local.bucket-name
   force_destroy = true

v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-event-selectors/main.tf

@@ -18,20 +18,25 @@ provider "aws" {
   }
 }
 
-resource "aws_cloudtrail" "trail" {
-  name           = "my-cloudtrail-trail-4"
-  s3_bucket_name = aws_s3_bucket.cloudtrail.id
-}
-
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
 locals {
-  bucket-name = "my-cloudtrail-bucket-${random_string.suffix.result}"
+  resource_prefix = "stratus-red-team-ctes" # cloudtrail event selectors
+}
+
+locals {
+  bucket-name = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
+}
+
+resource "aws_cloudtrail" "trail" {
+  name           = "${local.resource_prefix}-trail-${random_string.suffix.result}"
+  s3_bucket_name = aws_s3_bucket.cloudtrail.id
 }
+
 resource "aws_s3_bucket" "cloudtrail" {
   bucket        = local.bucket-name
   force_destroy = true

v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-lifecycle-rule/main.tf

@@ -18,20 +18,25 @@ provider "aws" {
   }
 }
 
-resource "aws_cloudtrail" "trail" {
-  name           = "my-cloudtrail-trail-3"
-  s3_bucket_name = aws_s3_bucket.cloudtrail.id
-}
-
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
 locals {
-  bucket-name = "my-cloudtrail-bucket-${random_string.suffix.result}"
+  resource_prefix = "stratus-red-team-ctlr" # cloudtrail lifecycle rule
+}
+
+locals {
+  bucket-name = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
+}
+
+resource "aws_cloudtrail" "trail" {
+  name           = "${local.resource_prefix}-trail-${random_string.suffix.result}"
+  s3_bucket_name = aws_s3_bucket.cloudtrail.id
 }
+
 resource "aws_s3_bucket" "cloudtrail" {
   bucket        = local.bucket-name
   force_destroy = true

v2/internal/attacktechniques/aws/defense-evasion/cloudtrail-stop/main.tf

@@ -18,20 +18,25 @@ provider "aws" {
   }
 }
 
-resource "aws_cloudtrail" "trail" {
-  name           = "my-cloudtrail-trail"
-  s3_bucket_name = aws_s3_bucket.cloudtrail.id
-}
-
 resource "random_string" "suffix" {
-  length    = 16
-  min_lower = 16
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
 locals {
-  bucket-name = "my-cloudtrail-bucket-${random_string.suffix.result}"
+  resource_prefix = "stratus-red-team-ct-stop"
+}
+
+locals {
+  bucket-name = "${local.resource_prefix}-bucket-${random_string.suffix.result}"
+}
+
+resource "aws_cloudtrail" "trail" {
+  name           = "${local.resource_prefix}-trail-${random_string.suffix.result}"
+  s3_bucket_name = aws_s3_bucket.cloudtrail.id
 }
+
 resource "aws_s3_bucket" "cloudtrail" {
   bucket        = local.bucket-name
   force_destroy = true

v2/internal/attacktechniques/aws/defense-evasion/organizations-leave/main.tf

@@ -18,10 +18,14 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-leave-org"
+}
+
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_role" "role" {
-  name = "stratus-red-team-role-leave-organization"
+  name = "${local.resource_prefix}-role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [

v2/internal/attacktechniques/aws/defense-evasion/vpc-remove-flow-logs/main.tf

@@ -18,6 +18,10 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-remove-flow-logs"
+}
+
 resource "aws_vpc" "vpc" {
   cidr_block = "10.0.0.0/16"
 }
@@ -34,7 +38,7 @@ resource "aws_cloudwatch_log_group" "logs" {
 }
 
 resource "aws_iam_role" "role" {
-  name = "example"
+  name = "${local.resource_prefix}-role"
 
   assume_role_policy = <<EOF
 {
@@ -54,7 +58,7 @@ EOF
 }
 
 resource "aws_iam_role_policy" "example" {
-  name = "allow-writing-to-cloudwatch"
+  name = "${local.resource_prefix}-policy"
   role = aws_iam_role.role.id
 
   policy = <<EOF

v2/internal/attacktechniques/aws/discovery/ec2-enumerate-from-instance/main.tf

@@ -19,14 +19,18 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-ec2-enumerate"
+}
+
 data "aws_availability_zones" "available" {
   state = "available"
 }
 
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
 
-  name = "stratus-red-team-vpc-discovery"
+  name = "${local.resource_prefix}-vpc"
   cidr = "10.0.0.0/16"
 
   azs             = [data.aws_availability_zones.available.names[0]]
@@ -57,7 +61,7 @@ resource "aws_network_interface" "iface" {
 }
 
 resource "aws_iam_role" "instance-role" {
-  name = "stratus-discovery-instance-role"
+  name = "${local.resource_prefix}-role"
   path = "/"
 
   assume_role_policy = <<EOF
@@ -83,7 +87,7 @@ resource "aws_iam_role_policy_attachment" "rolepolicy" {
 }
 
 resource "aws_iam_instance_profile" "instance" {
-  name = "stratus-discovery-instance"
+  name = "${local.resource_prefix}-instance"
   role = aws_iam_role.instance-role.name
 }
 

v2/internal/attacktechniques/aws/discovery/ec2-get-user-data/main.tf

@@ -18,10 +18,14 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-get-usr-data"
+}
+
 data "aws_caller_identity" "current" {}
 
 resource "aws_iam_role" "role" {
-  name = "sample-role-used-by-stratus"
+  name = "${local.resource_prefix}-role"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [

v2/internal/attacktechniques/aws/execution/ec2-launch-unusual-instances/main.tf

@@ -21,13 +21,17 @@ provider "aws" {
 data "aws_caller_identity" "current" {}
 
 resource "random_string" "suffix" {
-  length    = 8
-  min_lower = 8
+  length    = 10
+  min_lower = 10
   special   = false
 }
 
+locals {
+  resource_prefix = "stratus-red-team-ec2lui" # ec2 launch unusual instance
+}
+
 resource "aws_iam_role" "role" {
-  name = "sample-role-used-by-stratus-${random_string.suffix.result}"
+  name = "${local.resource_prefix}-role-${random_string.suffix.result}"
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -44,7 +48,7 @@ resource "aws_iam_role" "role" {
 }
 
 resource "aws_iam_policy" "policy" {
-  name = "inline-policy-${random_string.suffix.result}"
+  name = "${local.resource_prefix}-policy-${random_string.suffix.result}"
   policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
@@ -58,7 +62,7 @@ resource "aws_iam_policy" "policy" {
 }
 
 resource "aws_iam_policy_attachment" "attachment" {
-  name       = "iam-policy-attachement-${random_string.suffix.result}"
+  name       = "${local.resource_prefix}-attachment-${random_string.suffix.result}"
   roles      = [aws_iam_role.role.name]
   policy_arn = aws_iam_policy.policy.arn
 }
@@ -70,7 +74,7 @@ data "aws_availability_zones" "available" {
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
 
-  name = "stratus-red-team-vpc-unusual-instances"
+  name = "${local.resource_prefix}-vpc"
   cidr = "10.0.0.0/16"
 
   azs             = [data.aws_availability_zones.available.names[0]]

v2/internal/attacktechniques/aws/execution/ec2-user-data/main.tf

@@ -19,6 +19,9 @@ provider "aws" {
   }
 }
 
+locals {
+  resource_prefix = "stratus-red-team-usr-data"
+}
 
 data "aws_availability_zones" "available" {
   state = "available"
@@ -27,7 +30,7 @@ data "aws_availability_zones" "available" {
 module "vpc" {
   source = "terraform-aws-modules/vpc/aws"
 
-  name = "stratus-red-team-vpc-discovery"
+  name = "${local.resource_prefix}-vpc"
   cidr = "10.0.0.0/16"
 
   azs             = [data.aws_availability_zones.available.names[0]]
@@ -58,7 +61,7 @@ resource "aws_network_interface" "iface" {
 }
 
 resource "aws_iam_role" "instance-role" {
-  name = "stratus-ec2-privilege-escalation-instance-role"
+  name = "${local.resource_prefix}-role"
   path = "/"
 
   assume_role_policy = <<EOF
@@ -84,7 +87,7 @@ resource "aws_iam_role_policy_attachment" "rolepolicy" {
 }
 
 resource "aws_iam_instance_profile" "instance" {
-  name = "stratus-ec2-privilege-escalation-instance"
+  name = "${local.resource_prefix}-instance"
   role = aws_iam_role.instance-role.name
 }