AWS: Building your own AMIs

This method involves using Terraform to bring DetectionLab infrastructure online by first building it locally using Virtualbox/VMware and then importing the resulting virtual machines as AMIs on AWS.

The supplied Terraform configuration can then be used to create EC2 instances and all requisite networking components.

Prerequisites

  • A machine to build DetectionLab with
  • An AWS account
  • AWS user and access keys to use with the AWS CLI
  • Optional but recommended: a separate user for Terraform

Step by step guide

  1. Build the lab by following the README
  2. Configure the AWS command line utility

  3. Create an S3 bucket. You will upload the DetectionLab VMs to this bucket later.

  4. For the VM importation to work, you must create a role named vmimport with a trust relationship policy document that allows VM Import to assume the role, and you must also attach an IAM policy to the role:


5. Edit `/path/to/DetectionLab/Terraform/vm_import/role-policy.json` and insert the name of the bucket you created in step 3 on lines 12-13, replacing `YOUR_BUCKET_GOES_HERE` with the name of your bucket.

6. Use the create-role command to create a role named vmimport and give VM Import/Export access to it:

 ```aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file:///path/to/DetectionLab/Terraform/vm_import/role-policy.json```

7. Export the DetectionLab VMs as single file OVA files if they are not already in that format
8. [Upload the OVAs to the S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/upload-objects.html) you created in step three
9. Edit the `dc.json`, `wef.json` and `win10.json` files and modify the S3Bucket and S3Key headers to match the location of the OVA files in your S3 bucket.
10. Import the VMs from S3 as AMIs by running the following commands:

aws ec2 import-image –description “dc” –license-type byol –disk-containers file:///path/to/DetectionLab/Terraform/vm_import/dc.json aws ec2 import-image –description “wef” –license-type byol –disk-containers file:///path/to/DetectionLab/Terraform/vm_import/wef.json aws ec2 import-image –description “win10” –license-type byol –disk-containers file:///path/to/DetectionLab/Terraform/vm_import/win10.json ``` 11. Check on the status of the importation with the following command:

aws ec2 describe-import-image-tasks --import-task-ids <import-ami-xxxxxxxxxxxxxxxxx>

  1. Copy the file at /DetectionLab/Terraform/terraform.tfvars.example to /DetectionLab/Terraform/terraform.tfvars
  2. Fill out the variables in /DetectionLab/Terraform/terraform.tfvars
  3. Run terraform init to setup the initial Terraform configuration
  4. cd to DetectionLab/Terraform and run terraform apply