Showcasing attack vectors like Injection.
Set up a webgoat instance only reachable from within the codecentric VPN.
Sets up
- VPC, subnets, security groups
- Load Balancer
- Instance of WebGoat
- TLS certificate (opt.)
- DNS entry (opt.)
In order to create a TLS certificate and a DNS entry, you need to provide the name of a Route53 hosted zone. Inside this zone, a new subdomain "webgoat" is created for which the TLS certificate is issued.
If you omit the hosted zone, the Load Balancer is configured without TLS.
terraform init
Execute the terraform plan. Optionally restrict ingress to the webgoat instance to ip addresses coming from a cidr block.
terraform apply -var="restrict_to_cidr=1.2.3.4/32"