-1

We are building some penetration testing stations (both attack & target) for a hackathon in AWS VPC and I need a way to control the following in a live setting:

  • VPN connection access: if someone does something bad, or misbehaves in the forums, we need a way to revoke their access immediately

  • EC2 state reset (we will probably use Ansible for this)

What I envision is a nice clean dashboard with squares for each user and a kill switch. The app itself is outside scope of the Q but you get my idea.

Is there a way to control AWS like this from a web app? Is CDK capable of handling this? It doesn't appear as though Terraform is suitable.

BitShift
  • 95
  • 6

1 Answers1

1

Since it sounds like you already have plans to use Ansible. I would suggest using Ansible for all related tasks. It sounds like the VPN connections will be using AWS VPN, which also has modules in Ansible. A full list of all Ansible Cloud Modules can be found here

As for having a web dashboard, you'll need another tool for something like that. The two that come to mind are Rundeck Community or AWX, the open-source upstream of Ansible Tower. Both provide a Web API that would allow you to send requests.

Once you have either of those set up you can choose to either use their built-in web interface or roll your own. In either case, you don't need to have a button for every user, instead, you can just pass their username to the Ansible Playbook as a variable.

Aaron Chamberlain
  • 341
  • 1
  • 3
  • 13
  • This sounds like a really good solution. I was afraid that Ansible might not deliver on all the aspects I need, but alas it appears that may be mistaken. In any case, conclusions are still premature. I'll go and look at how this could work, then accept the answer if it comes good :) thanks so much! – BitShift Apr 26 '21 at 07:02