build-attack-destroy-aws #67
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-attack-destroy-aws | |
on: | |
workflow_dispatch: # Manually trigger the workflow | |
schedule: | |
- cron: '30 8 * * *' | |
jobs: | |
build-attack-destroy-aws: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Install System Packages | |
run: | | |
sudo apt update -qq | |
sudo apt install -y openssh-client | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.9' #Available versions here - https://github.com/actions/python-versions/releases easy to change/make a matrix/use pypy | |
architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-central-1 | |
- name: Install SSH key | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: ${{ secrets.AR_SSH_PRIVATE_KEY }} | |
name: ar-github-actions | |
known_hosts: unnecessary | |
if_key_exists: fail | |
- uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: "1.5.7" | |
- name: Install Dependencies using Poetry | |
run: | | |
pip3 install poetry | |
poetry install | |
- name: Copy Attack Range config | |
run: | | |
cp -f configs/github_actions_config_aws.yml attack_range.yml | |
- name: Build Attack Range | |
run: | | |
poetry run python attack_range.py build | |
- name: Simulate Attack | |
run: | | |
poetry run python attack_range.py simulate --target ar-win-ar-github-actions-ar-0 --technique T1003.002 | |
- name: Destroy Attack Range | |
run: | | |
poetry run python attack_range.py destroy | |
- name: Cleanup terraform on failures | |
if: failure() | |
run: | | |
poetry run python attack_range.py destroy |