diff --git a/terraform/modules/infrastructure/assets/network/gateways.tf b/terraform/modules/infrastructure/assets/network/gateways.tf index abc7ec8..5e87439 100644 --- a/terraform/modules/infrastructure/assets/network/gateways.tf +++ b/terraform/modules/infrastructure/assets/network/gateways.tf @@ -1,13 +1,13 @@ resource "aws_internet_gateway" "gw" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id } resource "aws_nat_gateway" "nat-a" { - allocation_id = "${aws_eip.nat-a.id}" - subnet_id = "${aws_subnet.attacker_subnet.id}" + allocation_id = aws_eip.nat-a.id + subnet_id = aws_subnet.attacker_subnet.id } resource "aws_nat_gateway" "nat-b" { - allocation_id = "${aws_eip.nat-b.id}" - subnet_id = "${aws_subnet.target_subnet.id}" + allocation_id = aws_eip.nat-b.id + subnet_id = aws_subnet.target_subnet.id } diff --git a/terraform/modules/infrastructure/assets/network/routes.tf b/terraform/modules/infrastructure/assets/network/routes.tf index c7a308e..f2bd9d9 100644 --- a/terraform/modules/infrastructure/assets/network/routes.tf +++ b/terraform/modules/infrastructure/assets/network/routes.tf @@ -1,9 +1,9 @@ resource "aws_route_table" "public-a" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" - gateway_id = "${aws_internet_gateway.gw.id}" + gateway_id = aws_internet_gateway.gw.id } tags = { @@ -13,17 +13,17 @@ resource "aws_route_table" "public-a" { } resource "aws_route_table_association" "public-a" { - subnet_id = "${aws_subnet.attacker_subnet.id}" - route_table_id = "${aws_route_table.public-a.id}" + subnet_id = aws_subnet.attacker_subnet.id + route_table_id = aws_route_table.public-a.id } resource "aws_route_table" "public-b" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" - gateway_id = "${aws_internet_gateway.gw.id}" + gateway_id = aws_internet_gateway.gw.id } tags = { @@ -33,16 +33,16 @@ resource "aws_route_table" "public-b" { } resource "aws_route_table_association" "public-b" { - subnet_id = "${aws_subnet.target_subnet.id}" - route_table_id = "${aws_route_table.public-b.id}" + subnet_id = aws_subnet.target_subnet.id + route_table_id = aws_route_table.public-b.id } resource "aws_route_table" "private-a" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" - nat_gateway_id = "${aws_nat_gateway.nat-a.id}" + nat_gateway_id = aws_nat_gateway.nat-a.id } tags = { @@ -52,16 +52,16 @@ resource "aws_route_table" "private-a" { } resource "aws_route_table_association" "private-a" { - subnet_id = "${aws_subnet.private-a.id}" - route_table_id = "${aws_route_table.private-a.id}" + subnet_id = aws_subnet.private-a.id + route_table_id = aws_route_table.private-a.id } resource "aws_route_table" "private-b" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" - nat_gateway_id = "${aws_nat_gateway.nat-b.id}" + nat_gateway_id = aws_nat_gateway.nat-b.id } tags = { @@ -71,13 +71,13 @@ resource "aws_route_table" "private-b" { } resource "aws_route_table_association" "private-b" { - subnet_id = "${aws_subnet.private-b.id}" - route_table_id = "${aws_route_table.private-b.id}" + subnet_id = aws_subnet.private-b.id + route_table_id = aws_route_table.private-b.id } // public-b //resource "aws_route" "internet_access" { -// route_table_id = "${aws_vpc.main.main_route_table_id}" +// route_table_id = aws_vpc.main.main_route_table_id // destination_cidr_block = "0.0.0.0/0" -// gateway_id = "${aws_internet_gateway.gw.id}" +// gateway_id = "aws_internet_gateway.gw.id" //} \ No newline at end of file diff --git a/terraform/modules/infrastructure/assets/network/subnets.tf b/terraform/modules/infrastructure/assets/network/subnets.tf index 5194d61..4862837 100644 --- a/terraform/modules/infrastructure/assets/network/subnets.tf +++ b/terraform/modules/infrastructure/assets/network/subnets.tf @@ -1,7 +1,7 @@ resource "aws_subnet" "attacker_subnet" { - vpc_id = "${aws_vpc.main.id}" - cidr_block = "${var.cidr}" - availability_zone = "${data.aws_availability_zones.available.names[1]}" + vpc_id = aws_vpc.main.id + cidr_block = var.cidr + availability_zone = data.aws_availability_zones.available.names[1] map_public_ip_on_launch = true tags = { @@ -15,10 +15,10 @@ resource "aws_subnet" "attacker_subnet" { } resource "aws_subnet" "target_subnet" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id cidr_block = "192.168.39.0/24" - availability_zone = "${data.aws_availability_zones.available.names[0]}" -// map_public_ip_on_launch = true + availability_zone = data.aws_availability_zones.available.names[0] + map_public_ip_on_launch = false tags = { name = "target_subnet" @@ -30,10 +30,10 @@ resource "aws_subnet" "target_subnet" { } resource "aws_subnet" "malware_subnet" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id cidr_block = "192.168.40.0/24" - availability_zone = "${data.aws_availability_zones.available.names[1]}" - map_public_ip_on_launch = true + availability_zone = data.aws_availability_zones.available.names[1] + map_public_ip_on_launch = false tags = { name = "malware_subnet" @@ -46,10 +46,10 @@ resource "aws_subnet" "malware_subnet" { } resource "aws_subnet" "honeypot_subnet" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id cidr_block = "192.168.41.0/24" - availability_zone = "${data.aws_availability_zones.available.names[1]}" - map_public_ip_on_launch = true + availability_zone = data.aws_availability_zones.available.names[1] + map_public_ip_on_launch = false tags = { name = "malware_subnet" @@ -62,9 +62,9 @@ resource "aws_subnet" "honeypot_subnet" { } resource "aws_subnet" "private-a" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id cidr_block = "192.168.42.0/24" - availability_zone = "${data.aws_availability_zones.available.names[0]}" + availability_zone = data.aws_availability_zones.available.names[0] tags = { name = "not-in-use-private-a" @@ -77,9 +77,9 @@ resource "aws_subnet" "private-a" { } resource "aws_subnet" "private-b" { - vpc_id = "${aws_vpc.main.id}" + vpc_id = aws_vpc.main.id cidr_block = "192.168.43.0/24" - availability_zone = "${data.aws_availability_zones.available.names[1]}" + availability_zone = data.aws_availability_zones.available.names[1] tags = { name = "not-in-use-private-b" diff --git a/terraform/modules/infrastructure/assets/secdevops/attackers.tf b/terraform/modules/infrastructure/assets/secdevops/attackers.tf index ffa7056..482d297 100644 --- a/terraform/modules/infrastructure/assets/secdevops/attackers.tf +++ b/terraform/modules/infrastructure/assets/secdevops/attackers.tf @@ -6,13 +6,13 @@ locals { } resource "aws_instance" "kali" { - count = "${var.kali_ct}" - ami = "${data.aws_ami.kali.id}" - instance_type = "${var.instance_type_kali}" - subnet_id = "${element(local.pen_subnet_ids, count.index)}" + count = var.kali_ct + ami = data.aws_ami.kali.id + instance_type = var.instance_type_kali + subnet_id = element(local.pen_subnet_ids, count.index) vpc_security_group_ids = ["${aws_security_group.kali.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - user_data = "${file("../../modules/infrastructure/cloud-init/kali.yml")}" + key_name = aws_key_pair.circleci_key.key_name + user_data = file("../../modules/infrastructure/cloud-init/kali.yml") root_block_device { delete_on_termination = true @@ -26,12 +26,12 @@ resource "aws_instance" "kali" { } resource "aws_instance" "commando" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.commando.id}" - instance_type = "${var.instance_type_win}" - subnet_id = "${element(local.pen_subnet_ids, count.index)}" + count = var.docker_ct + ami = data.aws_ami.commando.id + instance_type = var.instance_type_win + subnet_id = element(local.pen_subnet_ids, count.index) vpc_security_group_ids = ["${aws_security_group.windows.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + key_name = aws_key_pair.circleci_key.key_name root_block_device { delete_on_termination = true @@ -45,14 +45,14 @@ resource "aws_instance" "commando" { } resource "aws_instance" "r7vm" { - count = "${var.kali_ct}" + count = var.kali_ct - ami = "${data.aws_ami.r7.id}" - instance_type = "${var.instance_type_kali}" + ami = data.aws_ami.r7.id + instance_type = var.instance_type_kali - subnet_id = "${element(local.pen_subnet_ids, count.index)}" + subnet_id = element(local.pen_subnet_ids, count.index) vpc_security_group_ids = ["${aws_security_group.kali.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + key_name = aws_key_pair.circleci_key.key_name root_block_device { delete_on_termination = true @@ -67,12 +67,12 @@ resource "aws_instance" "r7vm" { } resource "aws_instance" "commandov2" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.commandov2.id}" - instance_type = "${var.instance_type_commandov2}" - subnet_id = "${element(local.pen_subnet_ids, count.index)}" + count = var.docker_ct + ami = data.aws_ami.commandov2.id + instance_type = var.instance_type_commandov2 + subnet_id = element(local.pen_subnet_ids, count.index) vpc_security_group_ids = ["${aws_security_group.kali.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + key_name = aws_key_pair.circleci_key.key_name root_block_device { delete_on_termination = true volume_size = 160 diff --git a/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf b/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf index f3e145f..e114344 100644 --- a/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf +++ b/terraform/modules/infrastructure/assets/secdevops/aws_key_pairs.tf @@ -1,4 +1,4 @@ resource "aws_key_pair" "circleci_key" { key_name = "v2" - public_key = "${file("../../keys/circleci_terraform.pub")}" + public_key = file("../../keys/circleci_terraform.pub") } diff --git a/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf b/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf index ea5a96f..6b971d6 100644 --- a/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf +++ b/terraform/modules/infrastructure/assets/secdevops/ctf.playground.tf @@ -1,27 +1,29 @@ locals { fbctf_subnets_ids = [ - "${var.attacker_subnet_id}", "${var.target_subnet_id}", ] } resource "aws_instance" "fbctf" { - count = "${var.fbctf_ct}" + count = var.fbctf_ct - ami = "${data.aws_ami.ubuntu1604.id}" - instance_type = "${var.instance_type_docker}" + ami = data.aws_ami.ubuntu1604.id + instance_type = var.instance_type_docker - subnet_id = "${element(local.fbctf_subnets_ids, count.index)}" + subnet_id = element(local.fbctf_subnets_ids, count.index) vpc_security_group_ids = ["${aws_security_group.fbctf.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + key_name = aws_key_pair.circleci_key.key_name + + #user_data = "${file("var.fbctf_user_data")}" + + - user_data = "${file("${var.fbctf_user_data}")}" root_block_device { volume_type = "gp2" - volume_size = "${var.fbctf_root_vol_size}" + volume_size = var.fbctf_root_vol_size delete_on_termination = "true" } diff --git a/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf b/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf index 43b2ce9..9616a9f 100644 --- a/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf +++ b/terraform/modules/infrastructure/assets/secdevops/detection.lab.tf @@ -7,12 +7,12 @@ locals { resource "aws_instance" "dl-wef" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.detection-wef.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.cyberRange_detection_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.windows.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + count = var.docker_ct + ami = data.aws_ami.detection-wef.id + instance_type = var.instance_type_tpot + subnet_id = element(local.cyberRange_detection_subnets_ids, count.index) + vpc_security_group_ids = [aws_security_group.windows.id] + key_name = aws_key_pair.circleci_key.key_name private_ip = "192.168.38.103" root_block_device { @@ -26,12 +26,12 @@ resource "aws_instance" "dl-wef" { } resource "aws_instance" "dl-dc" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.detection-dc.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.cyberRange_detection_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.windows.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + count = var.docker_ct + ami = data.aws_ami.detection-dc.id + instance_type = var.instance_type_tpot + subnet_id = element(local.cyberRange_detection_subnets_ids, count.index) + vpc_security_group_ids = [aws_security_group.windows.id] + key_name = aws_key_pair.circleci_key.key_name private_ip = "192.168.38.102" root_block_device { @@ -44,12 +44,12 @@ resource "aws_instance" "dl-dc" { } } resource "aws_instance" "dl-win10" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.detection-dc.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.cyberRange_detection_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.windows.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + count = var.docker_ct + ami = data.aws_ami.detection-dc.id + instance_type = var.instance_type_tpot + subnet_id = element(local.cyberRange_detection_subnets_ids, count.index) + vpc_security_group_ids = [aws_security_group.windows.id] + key_name = aws_key_pair.circleci_key.key_name private_ip = "192.168.38.104" root_block_device { @@ -63,17 +63,17 @@ resource "aws_instance" "dl-win10" { } resource "aws_instance" "dl-logger" { - count = "${var.docker_ct}" - instance_type = "${var.instance_type_tpot}" - ami = "${data.aws_ami.logger_ami.image_id}" + count = var.docker_ct + instance_type = var.instance_type_tpot + ami = data.aws_ami.logger_ami.image_id tags = { Name = "dl.logger" } - subnet_id = "${element(local.cyberRange_detection_subnets_ids, count.index)}" - vpc_security_group_ids = ["${aws_security_group.logger.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + subnet_id = element(local.cyberRange_detection_subnets_ids, count.index) + vpc_security_group_ids = [aws_security_group.logger.id] + key_name = aws_key_pair.circleci_key.key_name private_ip = "192.168.38.105" diff --git a/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf b/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf index 8434a64..8031133 100644 --- a/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf +++ b/terraform/modules/infrastructure/assets/secdevops/honeyPots.tf @@ -1,23 +1,22 @@ locals { subnets_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", + "${var.honeypot_subnet_id}", ] } resource "aws_instance" "tpot-full-build" { - count = "${var.tpot_ct}" + count = var.tpot_ct - ami = "${data.aws_ami.debianstretch.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.subnets_ids, count.index)}" + ami = data.aws_ami.debianstretch.id + instance_type = var.instance_type_tpot + subnet_id = element(local.subnets_ids, count.index) vpc_security_group_ids = ["${aws_security_group.tpot.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" - user_data = "${file("../../modules/infrastructure/cloud-init/tpot.setup.yml")}" + key_name = aws_key_pair.circleci_key.key_name + user_data = file("../../modules/infrastructure/cloud-init/tpot.setup.yml") root_block_device { volume_type = "gp2" - volume_size = "${var.tpot_root_vol_size}" + volume_size = var.tpot_root_vol_size delete_on_termination = "true" } @@ -30,17 +29,17 @@ resource "aws_instance" "tpot-full-build" { resource "aws_instance" "tpot" { - count = "${var.tpot_ct}" + count = var.tpot_ct - ami = "${data.aws_ami.tpot.id}" - instance_type = "${var.instance_type_tpot}" - subnet_id = "${element(local.subnets_ids, count.index)}" + ami = data.aws_ami.tpot.id + instance_type = var.instance_type_tpot + subnet_id = element(local.subnets_ids, count.index) vpc_security_group_ids = ["${aws_security_group.tpot.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + key_name = aws_key_pair.circleci_key.key_name root_block_device { volume_type = "gp2" - volume_size = "${var.tpot_root_vol_size}" + volume_size = var.tpot_root_vol_size delete_on_termination = "true" } diff --git a/terraform/modules/infrastructure/assets/secdevops/malware.tf b/terraform/modules/infrastructure/assets/secdevops/malware.tf index 7678c3c..fbe7f38 100644 --- a/terraform/modules/infrastructure/assets/secdevops/malware.tf +++ b/terraform/modules/infrastructure/assets/secdevops/malware.tf @@ -1,17 +1,16 @@ locals { malware_subnet_ids = [ - "${var.attacker_subnet_id}", - "${var.target_subnet_id}", + "${var.malware_subnet_id}", ] } resource "aws_instance" "flarevm-win7" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.flare.id}" + count = var.docker_ct + ami = data.aws_ami.flare.id instance_type = "t2.xlarge" - subnet_id = "${element(local.malware_subnet_ids, count.index)}" + subnet_id = element(local.malware_subnet_ids, count.index) vpc_security_group_ids = ["${aws_security_group.malware.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + key_name = aws_key_pair.circleci_key.key_name root_block_device { delete_on_termination = true volume_size = 150 @@ -27,12 +26,12 @@ resource "aws_instance" "flarevm-win7" { resource "aws_instance" "cuckoo_guest" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.win7.id}" - instance_type = "${var.instance_type_win}" - subnet_id = "${element(local.malware_subnet_ids, count.index)}" + count = var.docker_ct + ami = data.aws_ami.win7.id + instance_type = var.instance_type_win + subnet_id = element(local.malware_subnet_ids, count.index) vpc_security_group_ids = ["${aws_security_group.malware.id}"] - key_name = "${aws_key_pair.circleci_key.key_name}" + key_name = aws_key_pair.circleci_key.key_name root_block_device { delete_on_termination = true volume_size = 150 @@ -48,11 +47,11 @@ resource "aws_instance" "cuckoo_guest" { } resource "aws_instance" "cuckoo-host-ubuntu" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.cuckoo-host.id}" - instance_type = "${var.instance_type_kali}" - subnet_id = "${element(local.malware_subnet_ids, count.index)}" - key_name = "${aws_key_pair.circleci_key.key_name}" + count = var.docker_ct + ami = data.aws_ami.cuckoo-host.id + instance_type = var.instance_type_kali + subnet_id = element(local.malware_subnet_ids, count.index) + key_name = aws_key_pair.circleci_key.key_name vpc_security_group_ids = ["${aws_security_group.malware.id}"] tags = { @@ -67,13 +66,13 @@ resource "aws_instance" "cuckoo-host-ubuntu" { resource "aws_instance" "remnux" { - count = "${var.docker_ct}" - ami = "${data.aws_ami.remnux.id}" - instance_type = "${var.instance_type_kali}" - subnet_id = "${element(local.malware_subnet_ids, count.index)}" - key_name = "${aws_key_pair.circleci_key.key_name}" + count = var.docker_ct + ami = data.aws_ami.remnux.id + instance_type = var.instance_type_kali + subnet_id = element(local.malware_subnet_ids, count.index) + key_name = aws_key_pair.circleci_key.key_name vpc_security_group_ids = ["${aws_security_group.malware.id}"] - user_data = "${file("../../modules/infrastructure/cloud-init/remnux.ssh.enable.yml")}" + user_data = file("../../modules/infrastructure/cloud-init/remnux.ssh.enable.yml") tags = { // todo: tag standardization Name = "remnux-6.0" diff --git a/terraform/modules/infrastructure/assets/secdevops/range_users.tf b/terraform/modules/infrastructure/assets/secdevops/range_users.tf index dadb306..cb8b2b4 100644 --- a/terraform/modules/infrastructure/assets/secdevops/range_users.tf +++ b/terraform/modules/infrastructure/assets/secdevops/range_users.tf @@ -11,13 +11,13 @@ resource "aws_iam_user" "cloudgoat" { } resource "aws_iam_access_key" "cloudgoat" { - user = "${aws_iam_user.cloudgoat.name}" + user = aws_iam_user.cloudgoat.name // pgp_key = "mQENBF2Y3n8BCAC6tFVgnQdw5KyVN01ngB8bv8r3joVNO8+/fSaOBvRF43F0M/KLtXnHqi/Wues1Y4Z/ByAJjsuTFUN2bsTVjboxWesugOPTh+HGXGB3SwXKuDlVVxD3/H9oxgB6g5lN3u1o1mdmg9FADKYYWn0/pmqwF87L4jusdNYy99ImJKYBfncuTat2ZXwND6VIMXAlvXkrpRqxL40aEY621CyPRV1gl8tLqVVWppHwd8NAQcWgQKWF7dthEqWd5svdWjkh8DCp9Wr2uieBXBs7uf4wHxD22s0MluLWjao8DEQ4SdgKhGToAngHDl0xYTgQk6teN3Pz87Af4EnIe2veJi2dEa67ABEBAAG0I3FnYXhlZXZ2IDxxZ2F4ZWV2dkBzaGFya2xhc2Vycy5jb20+iQFUBBMBCAA+FiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQeXod5qmKb3Fd/wgApZXuTsb1h5OL7RxRkebGXgzVAq2BwEtejlbLZmJ3EDWySNi+/xhMiDSLPXPto2Dzn9F5N65xT8ezw30xN/ydDcAb1C3nvTgtY/u2Lllai83Ae27hls8iZEf9FfzkeJPv5Kg0TSwfSa+WrSuZyYPBcNLhM7Iurv3qJKFDLJ1g31dJmT69mbk70uhtfhpjquU9pxu+GIC66Q2m9Mc5qUphOdzFCr9iU+mOqkRHCGnOzAgsYZySmhVYhvdILGqqHuou7GSqQEtLZ4wh9iCHjnwux9eBAdYklewP4ATzII+Ul+r49AsqTMP7wtqKCrNNpRSJUrko/Y8gdWdA+gm7GRhUjbkBDQRdmN5/AQgAvZG7t9fz8Gz/03zVu7mBqBsqS0ztxow14sfovImUBh5/Uw27fpV1MGGfz/hFBQSWSv58CnUlOOSiFUUQktsZPw+FwsMDHkF5rEzRpcBYXbLVTvajv0qE8pKlBUPsyPs+yLeH9oaVCc0wL8GDgwJVEWeOMxD+H+9hWnvrZiQ0dFgkJjSNE8rM/9mjzzLKodjGpFAKfa1IQXFz7+PUt1T4+gnMkXz8r6TvmidAhcvURg2TFBTRgS/5vMK6wZVUTN8Hfc1KePKvhgzlQpRXKL1VotykgA5VkP2lrCK+UbX+RWtlLRlizjfhSz6zNdGb3Ea/JPIcWGUZPNJ53xHddwrlKQARAQABiQE8BBgBCAAmFiEEiD+RXRgaYU/GYJMLeXod5qmKb3EFAl2Y3n8CGwwFCQPCZwAACgkQeXod5qmKb3EJaQgAr/T9p4UzcMZFfz+DD1rW0EC72lMILCZ78hclFJ7IFfBnraNvEwNP/5TvhR1XG/A1rOOdH6KrSH0Su09XyOvA/OqLlz5RM9l0J2zmbwfw1fmecYjpOg7vsTkaCr5PZjv9PLUlvoOu3YKatrd0D/x8SqdGXb9zMIJiqc36FlRI0V+tohGtln/8uFszhWl+DmBiJyBqHaeaEVkUAMRYnmD3b2EJCjlwLAn7/9kgU1EbFSj0ZJQwYg28Lr6IQIswxG0ai0iGTG/cm88fzowhNo3dOPmci4VM1iOVTF2DY9gokqks/RTADrxS0xq0CU5xmkL8l47uftuIZWqQV92kzbiLFA==" } resource "aws_iam_user_policy" "cloudgoat" { name = "cloudgoat" - user = "${aws_iam_user.cloudgoat.name}" + user = aws_iam_user.cloudgoat.name policy = <