Skip to content

build-attack-destroy-aws #336

build-attack-destroy-aws

build-attack-destroy-aws #336

name: build-attack-destroy-aws
on:
schedule:
- cron: '30 8 * * *'
jobs:
build-attack-destroy-aws:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Install System Packages
run: |
sudo apt update -qq
sudo apt install -y openssh-client
- uses: actions/setup-python@v2
with:
python-version: '3.9' #Available versions here - https://github.com/actions/python-versions/releases easy to change/make a matrix/use pypy
architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified
- uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.AR_SSH_PRIVATE_KEY }}
name: ar-github-actions
known_hosts: unnecessary
if_key_exists: fail
- uses: hashicorp/setup-terraform@v1
- name: Install Packer
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install packer
- name: Install Dependencies using Poetry
run: |
pip3 install poetry
poetry install
- name: Copy Attack Range config
run: |
cp -f configs/github_actions_config_aws.yml attack_range.yml
- name: Test Terraform Build, Attack, Destroy
run: |
poetry run python attack_range.py build
poetry run python attack_range.py simulate --target ar-win-ar-github-actions-ar-0 --technique T1003.002
poetry run python attack_range.py destroy
- name: Cleanup terraform on failures
if: failure()
run: |
poetry run python attack_range.py destroy