From 3c8f4a40f0540f9cfd0b74ad7b3cd0b9ab677aca Mon Sep 17 00:00:00 2001 From: Paul <78918118+burning-pm@users.noreply.github.com> Date: Fri, 9 Jun 2023 09:43:12 -0700 Subject: [PATCH 1/6] Add GCP Atomics Created 4 GCP-based atomics --- atomics/T1078.004/T1078.004.yaml | 49 ++++++++++++++++++++++++++++++ atomics/T1098/T1098.yaml | 52 ++++++++++++++++++++++++++++++++ atomics/T1485/T1485.yaml | 35 +++++++++++++++++++++ atomics/T1562.008/T1562.008.yaml | 29 ++++++++++++++++++ 4 files changed, 165 insertions(+) diff --git a/atomics/T1078.004/T1078.004.yaml b/atomics/T1078.004/T1078.004.yaml index be754fd2..e3a78123 100644 --- a/atomics/T1078.004/T1078.004.yaml +++ b/atomics/T1078.004/T1078.004.yaml @@ -117,3 +117,52 @@ atomic_tests: Remove-AzAutomationRunbook -AutomationAccountName #{automation_account_name} -Name #{runbook_name} -ResourceGroupName #{resource_group} -Force cd $PathToAtomicsFolder/T1078.004/src/T1078.004-2/ terraform destroy -auto-approve + +- name: GCP - Create Custom IAM Role + description: | + This atomic will create a new IAM role. The default role permissions are: *IAM Service Account Get*. The idea for this Atomic came from a Rule published by the Elastic team. + + Identifies an Identity and Access Management (IAM) custom role creation in Google Cloud Platform (GCP). + Custom roles are user-defined, and allow for the bundling of one or more supported permissions to meet specific needs. + Custom roles will not be updated automatically and could lead to privilege creep if not carefully scrutinized. + + This atomic will create a new IAM role. The default role permissions are: *IAM Service Account Get* + + Reference: https://github.com/elastic/detection-rules/blob/main/rules/integrations/gcp/initial_access_gcp_iam_custom_role_creation.toml + + supported_platforms: + - iaas:gcp + input_arguments: + project-id: + description: ID of the GCP Project you to execute the command against. + type: string + default: atomic-test-1 + role-name: + description: The name of the role to be created. + type: string + default: AtomicRedTeamRole + role-description: + description: The description of the role to be created. + type: string + default: Atomic Red Team Custom IAM Role + roles: + description: List of roles to be applied + type: string + default: iam.serviceAccounts.get + executor: + name: sh + elevation_required: false + command: | + gcloud auth login --no-launch-browser + gcloud config set project #{project-id} + gcloud iam roles create #{role-name} --description="#{role-description}" --permissions=#{roles} --project=#{project-id} + cleanup_command: | + gcloud iam roles delete #{role-name} --project=#{project-id} + dependency_executor_name: sh + dependencies: + - description: | + Requires gcloud + prereq_command: | + if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi; + get_prereq_command: | + echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" \ No newline at end of file diff --git a/atomics/T1098/T1098.yaml b/atomics/T1098/T1098.yaml index 82039b5c..8c20e24b 100644 --- a/atomics/T1098/T1098.yaml +++ b/atomics/T1098/T1098.yaml @@ -945,3 +945,55 @@ atomic_tests: else { Write-Host -ForegroundColor Yellow "You must store the password of the current user by running the prerequisite commands first" } +- name: GCP - Delete Service Account Key + description: | + This Atomic will: + - Create a service account + - Create a service account key, + - Store the result of retrieving a single key for that service account as a variable + - Pass that variable for deletion + - Delete the service account + + The idea for this Atomic came from a Rule published by the Elastic team. + + Identifies the deletion of an Identity and Access Management (IAM) service account key in Google Cloud Platform (GCP). + Each service account is associated with two sets of public/private RSA key pairs that are used to authenticate. + If a key is deleted, the application will no longer be able to access Google Cloud resources using that key. A security best practice is to rotate your service account keys regularly. + + Reference: https://github.com/elastic/detection-rules/blob/main/rules/integrations/gcp/impact_gcp_storage_bucket_deleted.toml + supported_platforms: + - iaas:gcp + input_arguments: + project-id: + description: ID of the GCP Project you to execute the command against. + type: string + default: atomic-test-1 + service-name: + description: The name of the service account. + type: string + default: atomic-service-account + key-path: + description: Path to the key to be created from create keys command. + type: string + default: /tmp/key.json + executor: + name: sh + elevation_required: false + command: | + gcloud auth login --no-launch-browser + gcloud config set project #{project-id} + gcloud iam service-accounts create #{service-name} + gcloud iam service-accounts keys create #{key-path} --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com + KEY = gcloud iam service-accounts keys list --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com --format="value(KEY_ID)" --limit=1 + gcloud iam service-accounts keys delete $KEY --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com --quiet + gcloud iam service-accounts delete #{service-name}@#{project-id}.iam.gserviceaccount.com --quiet + cleanup_command: | + rm #{key-path} + dependency_executor_name: sh + dependencies: + - description: | + Requires gcloud + prereq_command: | + if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi; + get_prereq_command: | + echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" \ No newline at end of file diff --git a/atomics/T1485/T1485.yaml b/atomics/T1485/T1485.yaml index 39b83d83..ebb252c0 100644 --- a/atomics/T1485/T1485.yaml +++ b/atomics/T1485/T1485.yaml @@ -66,3 +66,38 @@ atomic_tests: command: | cipher.exe /w:C: name: command_prompt +- name: GCP - Delete Bucket + description: | + This Atomic will create a Google Storage Bucket then delete it. The idea for this Atomic came from a Rule published by the Elastic team. + + Identifies when a Google Cloud Platform (GCP) storage bucket is deleted. An adversary may delete a storage bucket in order to disrupt their target's business operations. + This atomic will create a bucket then delete the bucket. + + Reference: https://github.com/elastic/detection-rules/blob/main/rules/integrations/gcp/impact_gcp_storage_bucket_deleted.toml + supported_platforms: + - iaas:gcp + input_arguments: + project-id: + description: ID of the GCP Project you to execute the command against. + type: string + default: atomic-test-1 + bucket-name: + description: The name of the bucket to delete. + type: string + default: atomic-red-team-bucket + executor: + name: sh + elevation_required: false + command: | + gcloud auth login --no-launch-browser + gcloud config set project #{project-id} + gcloud storage buckets create gs://#{bucket-name} + gcloud storage buckets delete gs://#{bucket-name} + dependency_executor_name: sh + dependencies: + - description: | + Requires gcloud + prereq_command: | + if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi; + get_prereq_command: | + echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml index 56eecc89..d90f9cc2 100644 --- a/atomics/T1562.008/T1562.008.yaml +++ b/atomics/T1562.008/T1562.008.yaml @@ -439,3 +439,32 @@ atomic_tests: Disconnect-ExchangeOnline -Confirm:$false name: powershell elevation_required: false +- name: GCP - Delete Activity Event Log + description: | + GCP provides 4 types of Cloud Audit Logs: Admin Activity, Data Access, System Events, and Policy Denied. + An adversary may attempt to delete logs in order to hide their activity. However, Admin Activity, System Events, and Policy Deny events logs cannot be deleted. + + This Atomic attempts to delete the Activity Event log. An event is generated under the method name of `google.logging.v2.LoggingServiceV2.DeleteLog` with a Serverity of `ERROR`. + supported_platforms: + - iaas:gcp + + input_arguments: + project-id: + description: ID of the GCP Project you to execute the command against. + type: string + default: atomic-project-1 + executor: + name: sh + elevation_required: false + command: | + gcloud auth login --no-launch-browser + gcloud config set project #{project-id} + gcloud logging logs delete projects/#{project-id}/logs/cloudaudit.googleapis.com%2Factivity --quiet + dependency_executor_name: sh + dependencies: + - description: | + Requires gcloud + prereq_command: | + if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi; + get_prereq_command: | + echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" \ No newline at end of file From c844ae9ad52c37379f61b93dc56a37300bdf970a Mon Sep 17 00:00:00 2001 From: Hare Sudhan Date: Fri, 9 Jun 2023 15:52:41 -0400 Subject: [PATCH 2/6] adding terraform files for T1485 adding terraform files for T1485 --- atomics/T1485/T1485.yaml | 38 ++++++++++++++++++---- atomics/T1485/src/T1485-4/T1485-4.tf | 18 ++++++++++ atomics/T1485/src/T1485-4/terraform.tfvars | 3 ++ 3 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 atomics/T1485/src/T1485-4/T1485-4.tf create mode 100644 atomics/T1485/src/T1485-4/terraform.tfvars diff --git a/atomics/T1485/T1485.yaml b/atomics/T1485/T1485.yaml index ebb252c0..6e45e48b 100644 --- a/atomics/T1485/T1485.yaml +++ b/atomics/T1485/T1485.yaml @@ -77,22 +77,28 @@ atomic_tests: supported_platforms: - iaas:gcp input_arguments: - project-id: + project_id: description: ID of the GCP Project you to execute the command against. type: string default: atomic-test-1 - bucket-name: + bucket_name: description: The name of the bucket to delete. type: string default: atomic-red-team-bucket + location: + description: Region to be deployed + type: string + default: US executor: name: sh elevation_required: false command: | - gcloud auth login --no-launch-browser - gcloud config set project #{project-id} - gcloud storage buckets create gs://#{bucket-name} - gcloud storage buckets delete gs://#{bucket-name} + gcloud config set project #{project_id} + gcloud storage buckets delete gs://#{bucket_name} + cleanup_command: | + cd $PathToAtomicsFolder/T1485/src/T1485-4/ + terraform state rm google_storage_bucket.bucket + terraform destroy -auto-approve dependency_executor_name: sh dependencies: - description: | @@ -101,3 +107,23 @@ atomic_tests: if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi; get_prereq_command: | echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" + - description: | + Check if user is logged in + prereq_command: | + gcloud config get-value account + get_prereq_command: | + gcloud auth login --no-launch-browser + - description: | + Check if terraform is installed. + prereq_command: | + terraform version + get_prereq_command: | + echo Please install the terraform. + - description: | + Create dependency resources using terraform + prereq_command: | + stat $PathToAtomicsFolder/T1485/src/T1485-4/terraform.tfstate + get_prereq_command: | + cd $PathToAtomicsFolder/T1485/src/T1485-4/ + terraform init + terraform apply -auto-approve \ No newline at end of file diff --git a/atomics/T1485/src/T1485-4/T1485-4.tf b/atomics/T1485/src/T1485-4/T1485-4.tf new file mode 100644 index 00000000..bd0090c6 --- /dev/null +++ b/atomics/T1485/src/T1485-4/T1485-4.tf @@ -0,0 +1,18 @@ +provider "google" { +} + +variable "project_id" { +} + +variable "bucket_name" { +} + +variable "location" { +} + + +resource "google_storage_bucket" "bucket" { + name = var.bucket_name + location = var.location + project = var.project_id +} diff --git a/atomics/T1485/src/T1485-4/terraform.tfvars b/atomics/T1485/src/T1485-4/terraform.tfvars new file mode 100644 index 00000000..9e17d601 --- /dev/null +++ b/atomics/T1485/src/T1485-4/terraform.tfvars @@ -0,0 +1,3 @@ +project_id = "" +bucket_name = "" +location="" From d50b6d69d84d570851c54675690f83bbd7b2bcac Mon Sep 17 00:00:00 2001 From: Hare Sudhan Date: Fri, 9 Jun 2023 15:54:45 -0400 Subject: [PATCH 3/6] fixing tfvars --- atomics/T1485/src/T1485-4/terraform.tfvars | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/atomics/T1485/src/T1485-4/terraform.tfvars b/atomics/T1485/src/T1485-4/terraform.tfvars index 9e17d601..93018df6 100644 --- a/atomics/T1485/src/T1485-4/terraform.tfvars +++ b/atomics/T1485/src/T1485-4/terraform.tfvars @@ -1,3 +1,3 @@ -project_id = "" +project_id = "" bucket_name = "" -location="" +location = "" From 63a994cf86f93554182642b72dd4add995a79dc9 Mon Sep 17 00:00:00 2001 From: Hare Sudhan Date: Thu, 22 Jun 2023 20:34:28 -0400 Subject: [PATCH 4/6] fix terraform; move gcloud login to deps --- atomics/T1078.004/T1078.004.yaml | 8 ++++++-- atomics/T1098/T1098.yaml | 9 +++++++-- atomics/T1485/T1485.yaml | 4 ---- atomics/T1485/src/T1485-4/T1485-4.tf | 6 +----- atomics/T1485/src/T1485-4/terraform.tfvars | 3 +-- atomics/T1562.008/T1562.008.yaml | 9 +++++++-- 6 files changed, 22 insertions(+), 17 deletions(-) diff --git a/atomics/T1078.004/T1078.004.yaml b/atomics/T1078.004/T1078.004.yaml index e3a78123..3f93cf88 100644 --- a/atomics/T1078.004/T1078.004.yaml +++ b/atomics/T1078.004/T1078.004.yaml @@ -30,12 +30,16 @@ atomic_tests: description: Email of the service account type: string default: gcp-art-service-account-1.json - + - description: | + Check if user is logged in + prereq_command: | + gcloud config get-value account + get_prereq_command: | + gcloud auth login --no-launch-browser executor: name: sh elevation_required: false command: | - gcloud auth login --no-launch-browser gcloud config set project #{project-id} gcloud iam service-accounts create #{service-account-name} gcloud iam service-accounts keys create #{output-key-file} --iam-account=#{service-account-email} diff --git a/atomics/T1098/T1098.yaml b/atomics/T1098/T1098.yaml index 8c20e24b..8312e0d1 100644 --- a/atomics/T1098/T1098.yaml +++ b/atomics/T1098/T1098.yaml @@ -980,7 +980,6 @@ atomic_tests: name: sh elevation_required: false command: | - gcloud auth login --no-launch-browser gcloud config set project #{project-id} gcloud iam service-accounts create #{service-name} gcloud iam service-accounts keys create #{key-path} --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com @@ -996,4 +995,10 @@ atomic_tests: prereq_command: | if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi; get_prereq_command: | - echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" \ No newline at end of file + echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" + - description: | + Check if user is logged in + prereq_command: | + gcloud config get-value account + get_prereq_command: | + gcloud auth login --no-launch-browser \ No newline at end of file diff --git a/atomics/T1485/T1485.yaml b/atomics/T1485/T1485.yaml index 6e45e48b..b71e046a 100644 --- a/atomics/T1485/T1485.yaml +++ b/atomics/T1485/T1485.yaml @@ -85,10 +85,6 @@ atomic_tests: description: The name of the bucket to delete. type: string default: atomic-red-team-bucket - location: - description: Region to be deployed - type: string - default: US executor: name: sh elevation_required: false diff --git a/atomics/T1485/src/T1485-4/T1485-4.tf b/atomics/T1485/src/T1485-4/T1485-4.tf index bd0090c6..8ce389c2 100644 --- a/atomics/T1485/src/T1485-4/T1485-4.tf +++ b/atomics/T1485/src/T1485-4/T1485-4.tf @@ -7,12 +7,8 @@ variable "project_id" { variable "bucket_name" { } -variable "location" { -} - - resource "google_storage_bucket" "bucket" { name = var.bucket_name - location = var.location + location = "US" project = var.project_id } diff --git a/atomics/T1485/src/T1485-4/terraform.tfvars b/atomics/T1485/src/T1485-4/terraform.tfvars index 93018df6..d2dd0d80 100644 --- a/atomics/T1485/src/T1485-4/terraform.tfvars +++ b/atomics/T1485/src/T1485-4/terraform.tfvars @@ -1,3 +1,2 @@ project_id = "" -bucket_name = "" -location = "" +bucket_name = "" \ No newline at end of file diff --git a/atomics/T1562.008/T1562.008.yaml b/atomics/T1562.008/T1562.008.yaml index d90f9cc2..5aa18468 100644 --- a/atomics/T1562.008/T1562.008.yaml +++ b/atomics/T1562.008/T1562.008.yaml @@ -457,7 +457,6 @@ atomic_tests: name: sh elevation_required: false command: | - gcloud auth login --no-launch-browser gcloud config set project #{project-id} gcloud logging logs delete projects/#{project-id}/logs/cloudaudit.googleapis.com%2Factivity --quiet dependency_executor_name: sh @@ -467,4 +466,10 @@ atomic_tests: prereq_command: | if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi; get_prereq_command: | - echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" \ No newline at end of file + echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" + - description: | + Check if user is logged in + prereq_command: | + gcloud config get-value account + get_prereq_command: | + gcloud auth login --no-launch-browser \ No newline at end of file From 098518241ae715cabf4d2dcf4f38b701ae31d6a6 Mon Sep 17 00:00:00 2001 From: Hare Sudhan Date: Thu, 22 Jun 2023 20:37:31 -0400 Subject: [PATCH 5/6] fix T1078.004 --- atomics/T1078.004/T1078.004.yaml | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/atomics/T1078.004/T1078.004.yaml b/atomics/T1078.004/T1078.004.yaml index 3f93cf88..76520c15 100644 --- a/atomics/T1078.004/T1078.004.yaml +++ b/atomics/T1078.004/T1078.004.yaml @@ -30,12 +30,7 @@ atomic_tests: description: Email of the service account type: string default: gcp-art-service-account-1.json - - description: | - Check if user is logged in - prereq_command: | - gcloud config get-value account - get_prereq_command: | - gcloud auth login --no-launch-browser + executor: name: sh elevation_required: false @@ -53,6 +48,12 @@ atomic_tests: if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi; get_prereq_command: | echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" + - description: | + Check if user is logged in + prereq_command: | + gcloud config get-value account + get_prereq_command: | + gcloud auth login --no-launch-browser - name: Azure Persistence Automation Runbook Created or Modified auto_generated_guid: 348f4d14-4bd3-4f6b-bd8a-61237f78b3ac description: | @@ -121,7 +122,6 @@ atomic_tests: Remove-AzAutomationRunbook -AutomationAccountName #{automation_account_name} -Name #{runbook_name} -ResourceGroupName #{resource_group} -Force cd $PathToAtomicsFolder/T1078.004/src/T1078.004-2/ terraform destroy -auto-approve - - name: GCP - Create Custom IAM Role description: | This atomic will create a new IAM role. The default role permissions are: *IAM Service Account Get*. The idea for this Atomic came from a Rule published by the Elastic team. @@ -157,7 +157,6 @@ atomic_tests: name: sh elevation_required: false command: | - gcloud auth login --no-launch-browser gcloud config set project #{project-id} gcloud iam roles create #{role-name} --description="#{role-description}" --permissions=#{roles} --project=#{project-id} cleanup_command: | @@ -169,4 +168,10 @@ atomic_tests: prereq_command: | if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi; get_prereq_command: | - echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" \ No newline at end of file + echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install" + - description: | + Check if user is logged in + prereq_command: | + gcloud config get-value account + get_prereq_command: | + gcloud auth login --no-launch-browser From f10b65a2ea2fa12babbf57f49aeeca6ebee03212 Mon Sep 17 00:00:00 2001 From: Hare Sudhan Date: Thu, 22 Jun 2023 21:20:14 -0400 Subject: [PATCH 6/6] add terraform files for T1098-17 --- atomics/T1098/T1098.yaml | 37 +++++++++++++-------- atomics/T1098/src/T1098-17/T1098-17.tf | 18 ++++++++++ atomics/T1098/src/T1098-17/terraform.tfvars | 2 ++ 3 files changed, 43 insertions(+), 14 deletions(-) create mode 100644 atomics/T1098/src/T1098-17/T1098-17.tf create mode 100644 atomics/T1098/src/T1098-17/terraform.tfvars diff --git a/atomics/T1098/T1098.yaml b/atomics/T1098/T1098.yaml index 8312e0d1..e4a09540 100644 --- a/atomics/T1098/T1098.yaml +++ b/atomics/T1098/T1098.yaml @@ -964,30 +964,25 @@ atomic_tests: supported_platforms: - iaas:gcp input_arguments: - project-id: + project_id: description: ID of the GCP Project you to execute the command against. type: string default: atomic-test-1 - service-name: + service_name: description: The name of the service account. type: string default: atomic-service-account - key-path: - description: Path to the key to be created from create keys command. - type: string - default: /tmp/key.json executor: name: sh elevation_required: false command: | - gcloud config set project #{project-id} - gcloud iam service-accounts create #{service-name} - gcloud iam service-accounts keys create #{key-path} --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com - KEY = gcloud iam service-accounts keys list --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com --format="value(KEY_ID)" --limit=1 - gcloud iam service-accounts keys delete $KEY --iam-account=#{service-name}@#{project-id}.iam.gserviceaccount.com --quiet - gcloud iam service-accounts delete #{service-name}@#{project-id}.iam.gserviceaccount.com --quiet + gcloud config set project #{project_id} + KEY=`gcloud iam service-accounts keys list --iam-account=#{service_name}@#{project_id}.iam.gserviceaccount.com --format="value(KEY_ID)" --limit=1` + gcloud iam service-accounts keys delete $KEY --iam-account=#{service_name}@#{project_id}.iam.gserviceaccount.com --quiet cleanup_command: | - rm #{key-path} + cd $PathToAtomicsFolder/T1098/src/T1098-17/ + terraform state rm google_service_account_key.key + terraform destroy -auto-approve dependency_executor_name: sh dependencies: - description: | @@ -1001,4 +996,18 @@ atomic_tests: prereq_command: | gcloud config get-value account get_prereq_command: | - gcloud auth login --no-launch-browser \ No newline at end of file + gcloud auth login --no-launch-browser + - description: | + Check if terraform is installed. + prereq_command: | + terraform version + get_prereq_command: | + echo Please install the terraform. + - description: | + Create dependency resources using terraform + prereq_command: | + stat $PathToAtomicsFolder/T1098/src/T1098-17/terraform.tfstate + get_prereq_command: | + cd $PathToAtomicsFolder/T1098/src/T1098-17/ + terraform init + terraform apply -auto-approve \ No newline at end of file diff --git a/atomics/T1098/src/T1098-17/T1098-17.tf b/atomics/T1098/src/T1098-17/T1098-17.tf new file mode 100644 index 00000000..d617b39a --- /dev/null +++ b/atomics/T1098/src/T1098-17/T1098-17.tf @@ -0,0 +1,18 @@ +provider "google" { +} + +variable "project_id" { +} + +variable "service_name" { +} + +resource "google_service_account" "service_account" { + account_id = var.service_name + project = var.project_id +} + +resource "google_service_account_key" "key" { + service_account_id = google_service_account.service_account.name + public_key_type = "TYPE_X509_PEM_FILE" +} diff --git a/atomics/T1098/src/T1098-17/terraform.tfvars b/atomics/T1098/src/T1098-17/terraform.tfvars new file mode 100644 index 00000000..97a3bad6 --- /dev/null +++ b/atomics/T1098/src/T1098-17/terraform.tfvars @@ -0,0 +1,2 @@ +project_id = "" +service_name = "" \ No newline at end of file