Have you ever deployed 10-30 containers in AWS with the single stroke of a key? (well if you don’t count the Infrastructure as Code (IaC) beforehand) Keep reading to find out how we did exactly this for a training class.
At Secure Ideas, we pretty regularly offer a variety of training opportunities which range from paid classes for companies to free community events (don’t hesitate to contact us if you want us to do training with you). During the workshops, it’s important to make sure students have separate attack targets. Typically students either have their own machines with the individual attack targets locally or they use targets hosted in a cloud environment (i.e. AWS). During a recent workshop we decided to deploy a bunch of targets for the students instead of using local targets.l To do this we used AWS-CDK along with JuiceShop’s docker image to make it happen.
Deploying to AWS’s ECS service allowed us to quickly and easily stand up a lot of containers. All of the containers had public IP addresses and were accessible to the individual students with minimal maintenance. Using AWS-CDK allowed us to make this process repeatable. We still haven’t taken the time to calculate the cost for the span of days that we left the containers running, but this amount should be nominal. Since ECS (and typically all of AWS) is a pay-as-you-use model,you can save money by deleting the environment when you’re not using it. This is easy with the teardown command which we will discuss near the end of this article.
So, to get started you’d typically have to install and setup AWS-CDK and AWS CLI. Luckily, in the spirit of Infrastructure as Code, I’ve already created a repository which’ll set up all the necessary tools for you. All you have to do is run vagrant up (more info from my last blog post on how to set up vagrant) and you’ll have everything you need. 😁
So, clone this repository: https://github.com/ProfessionallyEvil/blog-juiceshop-workshop
vagrant up once you’re in the repository's folder.
After you’re inside the initial vagrant box, you’ll want to run the following commands:
vagrant docker-exec -it -- /bin/bash
This should get you inside the docker container which has all the dependencies you’ll need to deploy with AWS-CDK.
If you already have aws-cli configured on your local machine, then you can skip this step. I’m going to assume you have an AWS account. If you don’t have an account, follow Amazon’s documentation to create one. Remember,you’ll also need to configure aws-cli (the container already has aws-cli installed so you don’t have to install anything additional).
Now that you’ve got the aws-cli setup and you’re in the docker container, all you need to do is run
cdk bootstrap (this prepares your AWS environment to use AWS-CDK) and then
You can see a recording of my deploy in less than 5 minutes below:
Next, to find the IP addresses of your newly deployed containers I’ve created the
get_external_ips.sh script. The script will ask you which cluster you’d like to get the IPs for (respond with the cluster’s number on the far left (i.e. 1, 2, 3, …)) and then subsequently get all the container’s external IP addresses.
In your browser of choice, you can navigate to http://<container_ip>:3000, which’ll show you the JuiceShop web application.
Now have fun with your workshop! 🥳
To remove the deployment from your account, run
cdk destroy. After the prompt, it’ll destroy all the newly created infrastructure.
This declarative style of deployment allows us to consistently launch classes for our students with immutable infrastructure without having to worry about managing servers.
Feel free to open issues on the repository if you have any issues or any ideas for improvement!