diff --git a/nodes/aws/main.tf b/nodes/aws/main.tf index 4fd2121..f4377e8 100644 --- a/nodes/aws/main.tf +++ b/nodes/aws/main.tf @@ -4,8 +4,8 @@ provider "aws" { } resource "aws_instance" "exit-node" { - ami = "ami-0f65671a86f061fcd" - instance_type = "t2.micro" + ami = "${var.ami}" + instance_type = "${var.size}" key_name = "proxycannon" vpc_security_group_ids = ["${aws_security_group.exit-node-sec-group.id}"] subnet_id = "${var.subnet_id}" diff --git a/nodes/aws/variables.tf b/nodes/aws/variables.tf index 4808505..1365e6b 100644 --- a/nodes/aws/variables.tf +++ b/nodes/aws/variables.tf @@ -7,6 +7,16 @@ variable "count" { default = 2 } +# AMI image to use for exit nodes +variable "ami" { + default = "ami-0f65671a86f061fcd" +} + +# Size of EC2 VM to spin up for exit nodes +variable "size" { + default = "t2.micro" +} + # launch all exit nodes in the same subnet id # this should be the same subnet id that your control server is in # you can get this value from the AWS console when viewing the details of the control-server instance diff --git a/setup/install.sh b/setup/install.sh index 72f17cc..4810256 100755 --- a/setup/install.sh +++ b/setup/install.sh @@ -8,7 +8,7 @@ # update and install deps apt update apt -y upgrade -apt -y install unzip git openvpn easy-rsa +apt -y install zip unzip git openvpn easy-rsa # install terraform wget https://releases.hashicorp.com/terraform/0.11.10/terraform_0.11.10_linux_amd64.zip @@ -21,6 +21,14 @@ rm -rf terraform mkdir ~/.aws touch ~/.aws/credentials +################################## +# update subnet id in variables.tf +################################## +MAC=`curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/` +SUBNETID=`curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC/subnet-id` +sed -i "s/subnet-XXXXXXXX/$SUBNETID/" ../nodes/aws/variables.tf + + ################ # setup openvpn ################ @@ -77,10 +85,13 @@ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # post install instructions ############################ -echo "Copy /etc/openvpn/easy-rsa/keys/ta.key, /etc/openvpn/easy-rsa/keys/ca.crt, /etc/openvpn/easy-rsa/keys/client01.crt, /etc/openvpn/easy-rsa/keys/client01.key, and ~/proxycannon-client.conf to your workstation." - +echo "A folder containing the OpenVPN client config has been created at /home/$SUDO_USER/proxycannon-vpn-client." +echo "Download these files by running the following from your workstation (including the trailing period): " +echo +echo "scp -i proxycannon.pem $SUDO_USER@$EIP:/home/$SUDO_USER/proxycannon-vpn-client/* ." +echo echo "####################### OpenVPN client config [proxycannon-client.conf] ################################" -cat ~/proxycannon-client.conf +cat ~/proxycannon-vpn-client/proxycannon-client.conf echo "####################### Be sure to add your AWS API keys and SSH keys to the following locations ###################" echo "copy your aws ssh private key to ~/.ssh/proxycannon.pem and chmod 600"