/
FISSendCommandAttack.kt
103 lines (92 loc) · 4.57 KB
/
FISSendCommandAttack.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package software.amazon.awsssmchaosrunner.attacks.fis
import org.json.JSONObject
import software.amazon.awssdk.services.fis.FisClient
import software.amazon.awssdk.services.fis.model.CreateExperimentTemplateActionInput
import software.amazon.awssdk.services.fis.model.CreateExperimentTemplateTargetInput
import java.time.Duration
private const val ACTION_ID = "aws:ssm:send-command"
private const val EC2_RESOURCE_TYPE = "aws:ec2:instance"
class FISSendCommandAttack(
override val fis: FisClient,
override val attackConfiguration: FISAttack.Companion.AttackConfiguration,
private val actionConfiguration: ActionConfiguration,
private val documentArn: String,
public val params: JSONObject
) : FISAttack {
override val actionInputList: Map<String, CreateExperimentTemplateActionInput>
get() {
return mutableMapOf(this.documentArn.split("/")[1] to
getActionInput(actionConfiguration,
this.documentArn,
this.params))
}
// From https://docs.aws.amazon.com/fis/latest/APIReference/API_CreateExperimentTemplateTargetInput.html
override val targetInput: CreateExperimentTemplateTargetInput = createTargetInput(attackConfiguration)
companion object {
private fun getActionInput(
configuration: ActionConfiguration,
documentArn: String,
documentParams: JSONObject
): CreateExperimentTemplateActionInput {
return CreateExperimentTemplateActionInput.builder()
.actionId(ACTION_ID)
.parameters(
mutableMapOf("duration" to configuration.duration,
"documentArn" to documentArn,
"documentParameters" to documentParams.toString()))
.targets(mutableMapOf("Instances" to TARGET_INSTANCE_KEY)).build()
}
private fun createTargetInput(configuration: FISAttack.Companion.AttackConfiguration):
CreateExperimentTemplateTargetInput {
return CreateExperimentTemplateTargetInput.builder()
.resourceType(EC2_RESOURCE_TYPE)
.resourceTags(configuration.targets)
.selectionMode(configuration.targetsSelectionMode)
.build()
}
private fun documentParams(configuration: ActionConfiguration): JSONObject {
val params = mutableMapOf<String, String>()
params.putAll(configuration.otherParameters)
if (configuration.name == "KillProcess") {
return JSONObject(params)
}
params["DurationSeconds"] = Duration.parse(configuration.duration).seconds.toString()
return JSONObject(params)
}
// From https://docs.aws.amazon.com/fis/latest/userguide/actions-ssm-agent.html
private val documentArns = mapOf(
"CPUStress" to "AWSFIS-Run-CPU-Stress",
"IOStress" to "AWSFIS-Run-IO-Stress",
"KillProcess" to "AWSFIS-Run-Kill-Process",
"MemoryStress" to "AWSFIS-Run-Memory-Stress",
"NetworkBlackholePort" to "AWSFIS-Run-Network-Blackhole-Port",
"NetworkLatency" to "AWSFIS-Run-Network-Latency",
"NetworkLatencySources" to "AWSFIS-Run-Network-Latency-Sources",
"NetworkPacketLoss" to "AWSFIS-Run-Network-Packet-Loss",
"NetworkPacketLossSources" to "AWSFIS-Run-Network-Packet-Loss-Sources"
)
private fun getAttackDocumentArn(attackName: String, region: String): String {
return "arn:aws:ssm:$region::document/${documentArns[attackName]}"
}
data class ActionConfiguration(
val name: String,
val duration: String,
val awsRegion: String,
val otherParameters: Map<String, String>
)
fun getAttack(
fis: FisClient,
attackConfiguration: FISAttack.Companion.AttackConfiguration,
actionConfiguration: ActionConfiguration
): FISSendCommandAttack {
if (actionConfiguration.name !in documentArns.keys) {
throw NotImplementedError("${actionConfiguration.name} is not a valid FISAttack")
}
return FISSendCommandAttack(fis,
attackConfiguration,
actionConfiguration,
getAttackDocumentArn(actionConfiguration.name, actionConfiguration.awsRegion),
documentParams(actionConfiguration))
}
}
}