# ER6 Infrastructure Project

# Evaluations Enterprise Round 6

# Requirements

Name	Version
terraform	>=1.1.0
aws	~> 5.29.0

# Providers

Name	Version
aws	~> 5.29.0

# Modules

Name	Source	Version
a-addc-srv1	../modules/aws/base-vm-win	n/a
a-file-srv1	../modules/aws/base-vm	n/a
a-macos-desk1	../modules/aws/base-vm-macos	n/a
a-mail-srv1	../modules/aws/base-vm	n/a
a-win11-desk1	../modules/aws/base-vm	n/a
a-win11-desk2	../modules/aws/base-vm	n/a
b-addc-srv1	../modules/aws/base-vm-win	n/a
b-file-srv1	../modules/aws/base-vm	n/a
b-file-srv1-add-volume	../modules/aws/add-volume	n/a
b-kvm-srv1	../modules/aws/base-vm	n/a
b-mail-srv1	../modules/aws/base-vm	n/a
b-win11-desk1	../modules/aws/base-vm	n/a
b-win11-desk2	../modules/aws/base-vm	n/a
choco-mirror-srv1	../modules/aws/base-vm	n/a
defaults	../../modules/aws/defaults	n/a
openvpn-client	../../modules/aws/vpn-client	n/a
protections-addc-srv1	../modules/aws/base-vm-win	n/a
protections-file-srv1	../modules/aws/base-vm	n/a
protections-file-srv1-add-volume	../modules/aws/add-volume	n/a
protections-linux-srv1	../modules/aws/base-vm	n/a
protections-macos-desk1	../modules/aws/base-vm-macos	n/a
protections-mail-srv1	../modules/aws/base-vm	n/a
protections-win11-desk1	../modules/aws/base-vm	n/a
protections-win11-desk2	../modules/aws/base-vm	n/a
red-kali1	../modules/aws/base-vm	n/a
redirect-srv1	../modules/aws/base-vm	n/a
redirect-srv2	../modules/aws/base-vm	n/a
redirect-srv3	../modules/aws/base-vm	n/a
redirect-srv4	../modules/aws/base-vm	n/a
remote-worker-srv1	../modules/aws/base-vm-win	n/a
remote-worker-srv2	../modules/aws/base-vm-win	n/a
support-dns-srv1	../modules/aws/base-vm	n/a
win-jumpbox1	../modules/aws/base-vm	n/a

# Resources

Name	Type
aws_default_route_table.attacker-rtb	resource
aws_default_route_table.victim-rtb	resource
aws_dynamodb_table.dynamodb-terraform-state-lock	resource
aws_ec2_managed_prefix_list.attacker	resource
aws_ec2_managed_prefix_list.ext-benev	resource
aws_ec2_managed_prefix_list.victim	resource
aws_eip.attacker-nat-eip	resource
aws_eip.victim-nat-eip	resource
aws_internet_gateway.attacker-igw	resource
aws_internet_gateway.victim-igw	resource
aws_key_pair.ssh-key-pair	resource
aws_nat_gateway.attacker-nat	resource
aws_nat_gateway.victim-nat	resource
aws_network_interface.redirect1-b	resource
aws_network_interface.redirect2-b	resource
aws_network_interface.redirect3-b	resource
aws_network_interface.redirect4-b	resource
aws_network_interface.redirect4-c	resource
aws_route_table.attacker-rtb-public	resource
aws_route_table.victim-rtb-public	resource
aws_route_table_association.rtba-attacker	resource
aws_route_table_association.rtba-attacker-nat	resource
aws_route_table_association.rtba-victim	resource
aws_route_table_association.rtba-victim-nat	resource
aws_route_table_association.rtba-vpn	resource
aws_s3_object.enterpriseround6	resource
aws_security_group.allow-outbound-attacker	resource
aws_security_group.allow-outbound-victim	resource
aws_security_group.attacker	resource
aws_security_group.block-outbound-attacker	resource
aws_security_group.block-outbound-victim	resource
aws_security_group.victim-a	resource
aws_security_group.victim-b	resource
aws_security_group.victim-protections	resource
aws_security_group_rule.outbound-allow-attacker	resource
aws_security_group_rule.outbound-allow-victim	resource
aws_security_group_rule.outbound-lockdown-attacker	resource
aws_security_group_rule.outbound-lockdown-victim	resource
aws_subnet.attacker	resource
aws_subnet.attacker-nat	resource
aws_subnet.ext-benev-redirect1	resource
aws_subnet.ext-benev-redirect2	resource
aws_subnet.ext-benev-redirect3	resource
aws_subnet.ext-benev-redirect4	resource
aws_subnet.victim-a	resource
aws_subnet.victim-b	resource
aws_subnet.victim-nat	resource
aws_subnet.victim-protections	resource
aws_subnet.vpn	resource
aws_vpc.attacker	resource
aws_vpc.victim	resource
aws_vpc_ipv4_cidr_block_association.attacker-redirect-cidr	resource
aws_vpc_ipv4_cidr_block_association.b_cidr	resource
aws_vpc_ipv4_cidr_block_association.ext-benev-redirect1-cidr	resource
aws_vpc_ipv4_cidr_block_association.ext-benev-redirect2-cidr	resource
aws_vpc_ipv4_cidr_block_association.ext-benev-redirect3-cidr	resource
aws_vpc_ipv4_cidr_block_association.ext-benev-redirect4-cidr	resource
aws_vpc_ipv4_cidr_block_association.nat_cidr	resource
aws_vpc_ipv4_cidr_block_association.protections_cidr	resource
aws_vpc_ipv4_cidr_block_association.vpn_cidr	resource
aws_vpc_peering_connection.red2victim-pcx	resource
aws_vpc_security_group_ingress_rule.main	resource
aws_ec2_managed_prefix_list.outbound	data source
aws_s3_bucket.vendors	data source

# Inputs

Name	Description	Type	Default	Required
aws-bucket-name	Name of S3 bucket for managing Terraform state across vendor ranges	`string`	n/a	yes
aws-region	AWS region to use, (default: us-east-1)	`string`	`"us-east-1"`	no
aws-region-az	AWS availability zone to use, (default: us-east-1a)	`string`	`"us-east-1a"`	no
aws-shared-credentials	AWS credentials to use with Terraform	`list(string)`	n/a	yes
category	Category of resource group, (similar to name, used for ansible automation)	`string`	n/a	yes
charge_code	String charge code for ER6 resources	`string`	n/a	yes
deploy_mac_hosts	Should mac hosts be deployed. NOTE: Only the literal lowercase string yes will enable mac deployment.	`string`	`"no"`	no
description	Description for the resource group	`string`	`"ER6"`	no
dev_linux_password	Default developer password for Linux hosts	`string`	n/a	yes
dev_linux_username	Default developer username for Linux hosts	`string`	n/a	yes
dev_win_admin_password	Default password for Windows 11 developer resources	`string`	n/a	yes
dev_win_admin_username	Default username for Windows 11 developer resources	`string`	n/a	yes
environment	(Optional) Environment tag of resource group	`string`	`"Development"`	no
local_domain_admin_password	Default password for local domain admins	`string`	n/a	yes
local_domain_admin_username	Default username for local domain admins	`string`	n/a	yes
name-prefix	String prefix for resource names	`string`	n/a	yes
shutdown_ok	Whether the resource can be safely disabled or shutdown	`string`	`"vendor-schedule"`	no
ssh_private_key_path	Path to SSH private key to use for Linux ssh systems (public and private key must be matching pair)	`string`	n/a	yes
ssh_public_key_path	Path to SSH public key to use for Linux ssh systems (public and private key must be matching pair)	`string`	n/a	yes
win_desk_password	Default password for Windows 11 Desktops	`string`	n/a	yes
win_desk_username	Default username for Windows 11 Desktops	`string`	n/a	yes
win_domain_name	Domain name for AD, e.g. reddev.org	`string`	n/a	yes
win_netbios_name	Netbios name for AD, e.g. reddev	`string`	n/a	yes
win_srv_admin_password	Default password for Windows Server administrators	`string`	n/a	yes
win_srv_admin_username	Default username for Windows Server administrators	`string`	n/a	yes

# Outputs

Name	Description
cacert	output cert and key separately to simplify redirecting to file used to generate vpn profiles
cakey	n/a
endpointid	n/a
mac-info	n/a
rdp_data	n/a
vpn	n/a