TerraOak is Oak9's vulnerable IAC code repo. This repo will be used for learning and training purposes on how to implement a cloud security posture.
Before you proceed, WARNING:
⚠️ TerraOak is a test repo for creating Vulnerable resources, please use at your own discrention, Oak9 is not responsible for any damages. DO NOT deploy TerraOak in a production environment or any AWS accounts that contain sensitive information.
TerraOak is a public repo available to the general audience to showcase the Oak9 cli in action. It can be used to test our cli against our dynamic blueprint engine to validate design gaps.
Lets Build a Users API using the below resources and secure using Oak9.
- s3
- dyanmodb
- api-gateway
- lambda
The code in this repo should not be run inside of your company's aws accounts but rather in a playground account.
- pull image from docker hum docker pull oak9/cli
- pass following env vars to the container
- OAK9_API_KEY
- OAK9_PROJECT_ID
- OAK9_DIR = "directory of your terraform code"
Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 4.0 |
- Ensure your create your backend bucket and table for terraform state file. This config will need to reside in a .tf file in the root directory.
https://www.terraform.io/language/settings/backends/s3
- Download github code locally
- Ensure requirements are met
- Run terraform init
- Run terraform plan/apply
- Add a api user with following command
curl -X POST "$(terraform output -raw base_url)/set-user?id=0&name=john&orgid=xyx&plan=enterprise&orgname=xyzdfd&creationdate=82322"
- Retrieve an api user
curl "$(terraform output -raw base_url)/get-user?id=0"
Downloading the TerraOak Cli and the instructions on how to run it can be found here, https://docs.oak9.io/oak9/fundamentals/integrations/cli-integration