vagrant:Vagrant123due to the windows SKU/AMI password complexity requirements!
(5 Minutes) - Configure the
Failing to complete this step will cause the lab to be unreachable.
(5 Minutes) - Authenticate to Azure using
az login. This should bring up a browser that asks you to sign into your Azure account.
(3-20 Minutes) - Bring up the VM’s using Terraform
terraform initto initialize the working directory
terraform.tfvarsfile present with your public IP address whitelisted
terraform applyto check the Terraform plan or
terraform apply --auto-approveto bypass the check
azurerm_virtual_machine.dc: Creation complete after 1m55s azurerm_virtual_machine.wef: Creation complete after 1m54s azurerm_virtual_machine.win10: Creation complete after 1m55s
At this point in time, we’re at this state:
At this point in time, you should be able to open a new terminal window, navigate to
DetectionLab/Azure/Terraform and run
terraform output. You should see something like the following:
ata_url = https://52.191.136.x dc_public_ip = 52.183.119.x fleet_url = https://52.191.170.x:8412 guacamole_url = https://52.191.136.x:8080/guacamole logger_public_ip = 52.191.170.x region = West US 2 splunk_url = https://52.191.170.x:8000 wef_public_ip = 52.191.136.x win10_public_ip = 52.229.34.x
We’re going to use this output in the next step.
We’re going to use Ansible to fininsh provisioning the rest of the Windows hosts.
terraform outputand replace the
x.x.x.xvalues with the public IP of each host
NOTE: I’ve added a script at
DetectionLab/Azure/build_ansible_inventory.sh to help automate this for MacOS and Linux users.
Now that Ansible is configured for provisioning, there are two ways to go about this:
For the provisioning to be successful, the DC has to spin up Active Directory before provisioning of the WEF and WIN10 hosts can begin, otherwise they will fail to join the domain and provisioning will fail.
If you’d like to take the slower but easier route, ensure you’re in the
DetectionLab/Azure/Ansible directory and run
ansible-playbook -v detectionlab.yml. This will provision the hosts one at a time (DC, WEF, then WIN10). However, if you’d like to go the faster route, follow the directions below.
If you’d like to take the faster route, I recommend opening 3 terminal windows to
DetectionLab/Azure/Ansible and following these steps:
ansible-playbook -v detectionlab.yml --tags "dc"
Reboot Afer Domain CreationAnsible step, you can begin provisioning WEF and WIN10
ansible-playbook -v detectionlab.yml --tags "wef"
ansible-playbook -v detectionlab.yml --tags "win10"
If you run into any issues along the way, please open an issue on Github and I’ll do my best to find a solution.
ansible-playbook -vvv detectionlab.yml --tags="hostname-goes-here" --start-at-task="taskname"
terraform outputinto the
As usual, this work is based off the heavy lifting that others have done. My primary sources for this work were:
Thank you to all of the sponsors who made this possible!