-
Notifications
You must be signed in to change notification settings - Fork 78
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #50 from teamssix/main
feat: add aws s3 bucket default encryption disable scenario
- Loading branch information
Showing
7 changed files
with
150 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# AWS S3 Bucket server-side encryption disable scenario | ||
|
||
English | [中文](./README_CN.md) | ||
|
||
## Description | ||
|
||
This is the scenario in which the AWS S3 bucket server-side encryption disable scenario. | ||
|
||
## Deployment Environment | ||
|
||
Execute the following command in the container | ||
|
||
```shell | ||
cd /TerraformGoat/aws/s3/bucket_default_encryption_disable | ||
``` | ||
|
||
Configure AWS Access Credentials | ||
|
||
```shell | ||
aws configure | ||
``` | ||
|
||
> You can see the access key in the AWS [Console --> Security Credentials] | ||
Deploy Vulnerable Environment | ||
|
||
```shell | ||
terraform init | ||
terraform apply | ||
``` | ||
|
||
> When the terminal prompts `Enter a value:`, enter `yes` | ||
After the environment is set up, you can see the created Bucket at Outputs. | ||
|
||
## Steps | ||
|
||
Get the encryption method of the Bucket, if the return content is as follows, then the Bucket encryption is not enabled. | ||
|
||
```shell | ||
> aws s3api get-bucket-encryption --bucket houxian-xxx | ||
|
||
An error occurred (ServerSideEncryptionConfigurationNotFoundError) when calling the GetBucketEncryption operation: The server side encryption configuration was not found | ||
``` | ||
|
||
## Destroy the environment | ||
|
||
```shell | ||
terraform destroy | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# AWS S3 Bucket 服务端加密未开启场景 | ||
|
||
[English](./README.md) | 中文 | ||
|
||
## 描述信息 | ||
|
||
这是一个用于构建 AWS S3 Bucket 服务端加密未开启的场景。 | ||
|
||
## 环境搭建 | ||
|
||
在容器中执行以下命令 | ||
|
||
```shell | ||
cd /TerraformGoat/aws/s3/bucket_default_encryption_disable | ||
``` | ||
|
||
配置 AWS 访问凭证 | ||
|
||
```shell | ||
aws configure | ||
``` | ||
|
||
> 在 AWS 「控制台——》安全凭证」处可以设置并查看你的 `aws_access_key_id` 和 `aws_secret_access_key` | ||
部署靶场 | ||
|
||
```shell | ||
terraform init | ||
terraform apply | ||
``` | ||
|
||
> 在终端提示 `Enter a value:` 时,输入 `yes` 即可 | ||
当命令执行完后,在 Outputs 处可以看到 Bucket 名称。 | ||
|
||
## 操作 | ||
|
||
获取 Bucket 的加密方式,如果返回内容如下所示则说明未开启 Bucket 加密。 | ||
|
||
```shell | ||
> aws s3api get-bucket-encryption --bucket houxian-xxx | ||
|
||
An error occurred (ServerSideEncryptionConfigurationNotFoundError) when calling the GetBucketEncryption operation: The server side encryption configuration was not found | ||
``` | ||
|
||
## 销毁环境 | ||
|
||
```shell | ||
terraform destroy | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
provider "aws" { | ||
region = "us-east-1" | ||
} | ||
|
||
resource "aws_s3_bucket" "huoxian_bucket" { | ||
force_destroy = true | ||
bucket = "houxian-${random_string.random_suffix.result}" | ||
} | ||
|
||
resource "random_string" "random_suffix" { | ||
length = 5 | ||
special = false | ||
upper = false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
output "aws_s3_bucket_name" { | ||
value = aws_s3_bucket.huoxian_bucket.bucket | ||
description = "This is the bucket name of AWS S3 Service." | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
terraform { | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "4.10.0" | ||
} | ||
} | ||
} |