bootcamp/Week-5/scripts/lab-1.json at master · devsecops/bootcamp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "DevSecOps Bootcamp CloudFormation Template: Creates a vulnerable application running on a single instance.",
  "Parameters": {
    "StudentId": {
      "Type": "String",
      "Description": "Your student id, e.g., student1"
    },
    "KeyName": {
      "Type": "AWS::EC2::KeyPair::KeyName",
      "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance"
    },
    "SubnetId": {
      "Type": "AWS::EC2::Subnet::Id",
      "Description": "A subnet ID where the app will run"
    },
    "VpcId": {
      "Type": "AWS::EC2::VPC::Id",
      "Description": "A VPC ID where the app will run"
    },
    "InstanceType": {
      "Description": "WebServer EC2 instance type",
      "Type": "String",
      "Default": "m3.medium"
    },
    "AmiId": {
      "Description": "The AMI (Amazon Machine Image) ID",
      "Type": "AWS::EC2::Image::Id"
    },
    "AppSecurityGroup": {
      "Description": "The Web application security group ID",
      "Type": "AWS::EC2::SecurityGroup::Id"
    }
  },
  "Resources": {
    "WebServerInstance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "NetworkInterfaces": [
          {
            "AssociatePublicIpAddress": "true",
            "DeviceIndex": "0",
            "GroupSet": [
              {
                "Ref": "AppSecurityGroup"
              }
            ],
            "SubnetId": {
              "Ref": "SubnetId"
            }
          }
        ],
        "ImageId": {
          "Ref": "AmiId"
        },
        "InstanceType": {
          "Ref": "InstanceType"
        },
        "KeyName": {
          "Ref": "KeyName"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": {
              "Ref": "StudentId"
            }
          }
        ],
        "UserData": {
          "Fn::Base64": {
            "Fn::Join": [
              "",
              [
                "#!/bin/bash -xe\n",
                "rpm -ivh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm\n",
                "yum -y install git git-core zlib zlib-devel gcc-c++ patch readline readline-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison curl sqlite-devel\n",
                "yum -y install nodejs mariadb mariadb-server mariadb-devel\n",
                "systemctl enable mariadb.service\n",
                "systemctl start mariadb.service\n",
                "rpm -ivh https://s3-us-west-2.amazonaws.com/dso-public-bucket/ruby-2.3.1-1.el7.x86_64.rpm\n",
                "cd /home/ec2-user\n",
                "echo \"export GEM_HOME=~/.gem\" >> .bash_profile\n",
                "echo \"export GEM_PATH=~/.gem\" >> .bash_profile\n",
                "echo \"export RAILS_ENV=mysql\" >> .bash_profile\n",
                "echo \"export PATH=~/.gem/bin:$PATH\" >> .bash_profile\n",
                "su -l -c \"git clone https://github.com/OWASP/railsgoat.git\" ec2-user\n",
                "su -l -c \"gem install bundler\" ec2-user\n",
                "su -l -c \"cd railsgoat && bundle install && bundle exec rake db:setup\" ec2-user\n",
                "su -l -c \"cd railsgoat && bundle exec rails server -b 0.0.0.0 -p 8080 &\" ec2-user\n",
                "\n"
              ]
            ]
          }
        }
      }
    }
  }
}