This is not an officially supported Google product.
This code creates PoC demo environment for Cloud IDS. This demo code is not built for production workload.
This demo uses terraform to setup Cloud IDS in a project and two compute instance to simulate network threats detected by Cloud IDS using Google Cloud Services like Cloud IDS, Cloud Compute Engine and Cloud Logging.
The image below describes the architecture of Cloud IDS demo.
Main resources:
- Cloud IDS endpoint
- Two Compute Instance
victim-machine- Act as a victim server machineattacker-machine- Act as a malicious attcker machine, targeting the victim machinenetwork-components- VPC network, subnet, private vpc connect, cloud NAT and cloud router
The following steps should be executed in Cloud Shell in the Google Cloud Console.
Follow the steps in this guide.
Clone this github repository go to the root of the repository.
git clone http://github.com/GoogleCloudPlatform/cloud-ids-demo
cd cloud-ids-demo
This terraform deployment requires the following variables.
- demo_project_id = "YOUR_PROJECT_ID"
- vpc_network_name = "cloud-ids-vpc"
- network_region = "us-east1"
- network_zone = "us-east1-b"
From the root folder of this repo, run the following commands:
export TF_VAR_demo_project_id=[YOUR_PROJECT_ID]
terraform init
terraform apply -auto-approve
Note: VPC network name, Region and Zone are give a default value. If you wish to deploy the resources in a different region or change VPC name, update the corresponding variables in variable.tf file.
Once terraform finishes provisioning all resources, you will see its outputs. Please take note of outputs, it can be used to simulate manual attacks.
Navigate to Cloud Console >> Network Security >> Cloud IDS >> Dashboard to check the simulated attacks performed by attacker machine over victim machine and detected by Cloud IDS.
From the root folder of this repo, run the following command:
terraform destroy