add a bunch of vulnerable resources

bridgecrewio · Aug 4, 2020 · ffabbcb · ffabbcb
1 parent 4410d4b
commit ffabbcb
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -57,12  57,14 @@ bridgecrew -f cdk.out/cdkgoat.template.json
 
 ### Deploy a CloudFormation stack
 
-Run the following command to deploy the infrastructure into your AWS account. **Warning: This will create vulnerable resources. Deploy with care, and consider deleting the stack each time you finish your work.**
 Run the following command to deploy the infrastructure into your AWS account. **Warning: This will create vulnerable resources. Deploy with care into a non-prod account, and consider deleting the stack each time you finish your work.** The best use of this capability is to compare these results to a [runtime scanner](https://bridgecrew.cloud).
 
 ```bash
 cdk deploy
 ```
 
 Note that you will probably need to change some resource names, especially S3 bucket names, to be unique.
 
 ### Destroy a CloudFormation stack
 
 Run the following command to destroy the stack and its resources. You can also delete the stack from the AWS Console.

diff --git a/app.py b/app.py
@@ -2,10  2,10 @@
 
 from aws_cdk import core
 
-from cdkgoat.cdkgoat_stack import CdkgoatStack
 from cdkgoat.cdkgoat_stack import CdkGoatStack
 
 
 app = core.App()
-CdkgoatStack(app, "cdkgoat")
 CdkGoatStack(app, "cdkgoat")
 
 app.synth()
diff --git a/cdkgoat/cdkgoat_stack.py b/cdkgoat/cdkgoat_stack.py
@@ -1,9  1,41 @@
-from aws_cdk import core
 from aws_cdk import core, \
     aws_s3 as s3, \
     aws_ec2 as ec2, \
     aws_kms as kms, \
     aws_rds as rds
 from aws_cdk.aws_ec2 import Peer, Port
 from aws_cdk.aws_rds import PostgresEngineVersion
 from aws_cdk.core import RemovalPolicy
 
 
-class CdkgoatStack(core.Stack):
 class CdkGoatStack(core.Stack):
 
     def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
         super().__init__(scope, id, **kwargs)
 
-        # The code that defines your stack goes here
         vpc = ec2.Vpc(self,
                       'vpc1'
                       )
 
         bucket_name = 'my-cdk-bucket'
         s3.Bucket(self,
                   bucket_name,
                   bucket_name=bucket_name,
                   access_control=s3.BucketAccessControl.PUBLIC_READ_WRITE,
                   removal_policy=RemovalPolicy.DESTROY)
 
         ec2.Volume(self, 'vol1', availability_zone='us-east-1a', size=core.Size.gibibytes(8))
 
         sg = ec2.SecurityGroup(self,
                                'sg1',
                                vpc=vpc)
         sg.add_ingress_rule(Peer.any_ipv4(), Port.tcp(22))
 
         kms.Key(self, 'kms1')
 
         rds.DatabaseInstance(self,
                              'rds1',
                              engine=rds.DatabaseInstanceEngine.postgres(version=PostgresEngineVersion.VER_12),
                              master_username='root',
                              vpc=vpc,
                              vpc_placement=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC))
diff --git a/requirements.txt b/requirements.txt
@@ -1,19  1,42 @@
 attrs==19.3.0
-aws-cdk.aws-events==1.54.0
-aws-cdk.aws-iam==1.54.0
-aws-cdk.aws-kms==1.54.0
-aws-cdk.aws-s3==1.54.0
-aws-cdk.cloud-assembly-schema==1.54.0
-aws-cdk.core==1.54.0
-aws-cdk.cx-api==1.54.0
-aws-cdk.region-info==1.54.0
 aws-cdk.assets==1.56.0
 aws-cdk.aws-autoscaling==1.56.0
 aws-cdk.aws-autoscaling-common==1.56.0
 aws-cdk.aws-certificatemanager==1.56.0
 aws-cdk.aws-cloudformation==1.56.0
 aws-cdk.aws-cloudwatch==1.56.0
 aws-cdk.aws-codeguruprofiler==1.56.0
 aws-cdk.aws-ec2==1.56.0
 aws-cdk.aws-efs==1.56.0
 aws-cdk.aws-elasticloadbalancing==1.56.0
 aws-cdk.aws-elasticloadbalancingv2==1.56.0
 aws-cdk.aws-events==1.56.0
 aws-cdk.aws-iam==1.56.0
 aws-cdk.aws-kms==1.56.0
 aws-cdk.aws-lambda==1.56.0
 aws-cdk.aws-logs==1.56.0
 aws-cdk.aws-rds==1.56.0
 aws-cdk.aws-route53==1.56.0
 aws-cdk.aws-s3==1.56.0
 aws-cdk.aws-s3-assets==1.56.0
 aws-cdk.aws-sam==1.56.0
 aws-cdk.aws-secretsmanager==1.56.0
 aws-cdk.aws-sns==1.56.0
 aws-cdk.aws-sqs==1.56.0
 aws-cdk.aws-ssm==1.56.0
 aws-cdk.cloud-assembly-schema==1.56.0
 aws-cdk.core==1.56.0
 aws-cdk.custom-resources==1.56.0
 aws-cdk.cx-api==1.56.0
 aws-cdk.region-info==1.56.0
 bc-python-hcl2==0.3.5
 boto3==1.12.43
 botocore==1.15.49
-bridgecrew==1.0.459
 bridgecrew==1.0.465
 cattrs==1.0.0
 certifi==2020.6.20
 chardet==3.0.4
-checkov==1.0.459
 checkov==1.0.465
 colorama==0.4.3
 constructs==3.0.4
 docopt==0.6.2
@@ -28,7  51,6 @@ junit-xml==1.8
 lark-parser==0.7.8
 publication==0.0.3
 python-dateutil==2.8.1
-python-hcl2==0.2.5
 PyYAML==5.3.1
 requests==2.22.0
 s3transfer==0.3.3