setup_mamangement_subnet.md

Install/Setup Management subnet

Check termination protection on jumpbox

1. Services > Compute > EC2 > Instances > Instances
2. Check ${VPC_NAME}_jump_box
3. Actions > Instance settings > Change termination protection
4. Ensure that termination protection is enabled

Setup jumpbox/VPN

The Terraform playbook above will execute the following script files/setup_openvpn.sh to setup an OpenVPN server on the jumpbox.

1. cat ~/.ssh/id_rsa.pub and copy output
2. ssh -i ssh_keys/id_rsa ubuntu@<jumpbox public IPv4>
3. echo '<YOUR SSH pub key>' >> ~/.ssh/authorized_keys
4. sudo su
5. apt update -y && apt upgrade -y && reboot
6. Login into jumpbox using YOUR SSH key
7. Ensure that client.ovpn exists in the home directory
8. sudo su
9. Add VPC subnets to OpenVPN server config
10. echo 'push "route 172.16.21.0 255.255.255.0"' >> /etc/openvpn/server.conf 1. Management subnet
11. echo 'push "route 172.16.43.0 255.255.255.0"' >> /etc/openvpn/server.conf 1. Public subnet
12. echo 'push "route 172.16.50.0 255.255.255.0"' >> /etc/openvpn/server.conf 1. Corp subnet
13. echo 'pull-filter ignore redirect-gateway' >> client.ovpn 1. Tell client to ignore sending all traffic to OpenVPN server
14. systemctl restart openvpn@server.service
15. exit
16. scp ubuntu@<jumpbox public IPv4>:/home/ubuntu/client.ovpn ~/Desktop/client.ovpn
17. Download OpenVPN client config
18. Import the OpenVPN client config into your VPN client

Setup public DNS records

For this workshop we acquired several doamins but the domain to be used by workshop participants is huntapples.com. This public domain will be used to generate Let's Encrypt HTTP certificates for Splunk, Elastic, Graylog, and Arkmie.

References

OpenVPN

• Expanding the scope of the VPN to include additional machines on either the client or server subnet.
• How to Download a File from a Server with SSH / SCP