juice-shop · Jan 7, 2021 · Jan 7, 2022 · Jan 7, 2022 · Jan 7, 2022 · Jan 8, 2022
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml
diff --git a/.github/workflows/lint-fixer.yml b/.github/workflows/lint-fixer.yml
diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/update-challenges-www.yml b/.github/workflows/update-challenges-www.yml
diff --git a/.github/workflows/update-news-www.yml b/.github/workflows/update-news-www.yml
diff --git a/.github/workflows/zap_scan.yml b/.github/workflows/zap_scan.yml
diff --git a/.gitignore b/.gitignore
@@ -7,14 +7,23 @@ app/
 uploads/complaints/*.*
 !uploads/complaints/.gitkeep
 ftp/legal.md
-package-lock.json
 i18n/*.json
 i18n/*.invalid
 !frontend/src/assets/i18n/*.json
 !data/static/i18n/*.json
 data/chatbot/*.*
 !data/chatbot/.gitkeep
 
+# TF
+secret.auto.tfvars
+**/.terraform/*
+*.tfstate.*
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+tfplan.binary
+
 # Build
 .nyc_output/
 .sass-cache/
@@ -58,3 +67,4 @@ config/*.yml
 !config/unsafe.yml
 !config/tutorial.yml
 !config/oss.yml
+kubeconfig_*
diff --git a/.npmrc b/.npmrc
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,15 @@
-FROM node:12 as installer
-COPY . /juice-shop
-WORKDIR /juice-shop
-RUN npm install --production --unsafe-perm
-RUN npm dedupe
-RUN rm -rf frontend/node_modules
+FROM node:12.18.4-buster
+
+RUN apt-get -y update && apt-get -y install ca-certificates apt-transport-https
+
+RUN echo 'deb     [trusted=yes check-valid-until=no] https://snapshot.debian.org/archive/debian/20211201T215332Z/ buster main \n\
+deb-src [trusted=yes check-valid-until=no] https://snapshot.debian.org/archive/debian/20211201T215332Z/ buster main \n\
+deb     [trusted=yes check-valid-until=no] https://snapshot.debian.org/archive/debian-security/20211201T215332Z/ buster/updates main \n\
+deb-src [trusted=yes check-valid-until=no] https://snapshot.debian.org/archive/debian-security/20211201T215332Z/ buster/updates main' >> /etc/apt/sources.list
+
+RUN apt-get -y update && apt-get -y install \
+    liblog4j2-java=2.11.1-2
 
-FROM node:12-alpine
 ARG BUILD_DATE
 ARG VCS_REF
 LABEL maintainer="Bjoern Kimminich <bjoern.kimminich@owasp.org>" \
@@ -17,13 +21,18 @@ LABEL maintainer="Bjoern Kimminich <bjoern.kimminich@owasp.org>" \
     org.opencontainers.image.licenses="MIT" \
     org.opencontainers.image.version="12.3.0" \
     org.opencontainers.image.url="https://owasp-juice.shop" \
-    org.opencontainers.image.source="https://github.com/bkimminich/juice-shop" \
+    org.opencontainers.image.source="https://github.com/clintonherget/juice-shop" \
     org.opencontainers.image.revision=$VCS_REF \
-    org.opencontainers.image.created=$BUILD_DATE
-WORKDIR /juice-shop
+    org.opencontainers.image.created=$BUILD_DATE \
+    io.snyk.containers.image.dockerfile="/Dockerfile"
+
 RUN addgroup --system --gid 1001 juicer && \
     adduser juicer --system --uid 1001 --ingroup juicer
-COPY --from=installer --chown=juicer /juice-shop .
+COPY --chown=juicer . /juice-shop
+WORKDIR /juice-shop
+RUN npm install --production --unsafe-perm
+RUN npm dedupe
+RUN rm -rf frontend/node_modules
 RUN mkdir logs && \
     chown -R juicer logs && \
     chgrp -R 0 ftp/ frontend/dist/ logs/ data/ i18n/ && \

diff --git a/README.md b/README.md
@@ -1,3 +1,18 @@
+**Snyk Instructions**
+1. Fork this repo to your own Github account
+2. Import your fork into Snyk via Git
+3. Clone your fork to your local system and ``cd`` yourself to that directory in terminal/command prompt
+4. Download and authenticate Snyk CLI if you haven't already (e.g. install NPM, then run ``npm i snyk -g`` followed by ``snyk auth``)
+5. Run ``snyk test`` to scan application dependencies and confirm the scan completes successfully
+6. Run ``snyk monitor`` to monitor application dependencies in Snyk
+7. Ensure you have Docker desktop running, then run ``docker build . -t juice-shop`` . This will build a container image for juice-shop
+8. Run ``snyk container test juice-shop --file=Dockerfile`` to scan container image and confirm the scan completes successfully
+9. Run ``snyk container monitor juice-shop --file=Dockerfile`` to monitor container dependencies in Snyk
+
+**IMPORTANT NOTE**: Running ``npm install`` on your local system is **NOT needed** and likely won't work if you're on the newest version of Node (see Node compatibility chart below)
+
+**Original readme**
+
 # ![Juice Shop Logo](https://raw.githubusercontent.com/bkimminich/juice-shop/master/frontend/src/assets/public/images/JuiceShop_Logo_100px.png) OWASP Juice Shop
 
 [![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-48A646.svg)](https://owasp.org/projects/#sec-flagships)
@@ -40,15 +55,6 @@ overview please visit the official project page:
 
 ## Table of contents
 
-- [Setup](#setup)
-  - [Deploy on Heroku (free ($0/month) dyno)](#deploy-on-heroku-free-0month-dyno)
-  - [From Sources](#from-sources)
-  - [Packaged Distributions](#packaged-distributions)
-  - [Docker Container](#docker-container)
-  - [Vagrant](#vagrant)
-  - [Amazon EC2 Instance](#amazon-ec2-instance)
-  - [Azure Container Instance](#azure-container-instance)
-  - [Google Compute Engine Instance](#google-compute-engine-instance)
 - [Demo](#demo)
 - [Documentation](#documentation)
   - [Node.js version compatibility](#nodejs-version-compatibility)
@@ -61,140 +67,6 @@ overview please visit the official project page:
 - [Contributors](#contributors)
 - [Licensing](#licensing)
 
-## Setup
-
-> You can find some less common installation variations in
-> [the _Running OWASP Juice Shop_ documentation](https://pwning.owasp-juice.shop/part1/running.html).
-
-### Deploy on Heroku (free ($0/month) dyno)
-
-1. [Sign up to Heroku](https://signup.heroku.com/) and
-   [log in to your account](https://id.heroku.com/login)
-2. Click the button below and follow the instructions
-
-[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
-
-> This is the quickest way to get a running instance of Juice Shop! If
-> you have forked this repository, the deploy button will automatically
-> pick up your fork for deployment! As long as you do not perform any
-> DDoS attacks you are free to use any tools or scripts to hack your
-> Juice Shop instance on Heroku!
-
-### From Sources
-
-![GitHub repo size](https://img.shields.io/github/repo-size/bkimminich/juice-shop.svg)
-
-1. Install [node.js](#nodejs-version-compatibility)
-2. Run `git clone https://github.com/bkimminich/juice-shop.git` (or
-   clone [your own fork](https://github.com/bkimminich/juice-shop/fork)
-   of the repository)
-3. Go into the cloned folder with `cd juice-shop`
-4. Run `npm install` (only has to be done before first start or when you
-   change the source code)
-5. Run `npm start`
-6. Browse to <http://localhost:3000>
-
-### Packaged Distributions
-
-[![GitHub release](https://img.shields.io/github/downloads/bkimminich/juice-shop/total.svg)](https://github.com/bkimminich/juice-shop/releases/latest)
-[![SourceForge](https://img.shields.io/sourceforge/dm/juice-shop?label=sourceforge%20downloads)](https://sourceforge.net/projects/juice-shop/)
-[![SourceForge](https://img.shields.io/sourceforge/dt/juice-shop?label=sourceforge%20downloads)](https://sourceforge.net/projects/juice-shop/)
-
-1. Install a 64bit [node.js](#nodejs-version-compatibility) on your
-   Windows, MacOS or Linux machine
-2. Download `juice-shop-<version>_<node-version>_<os>_x64.zip` (or
-   `.tgz`) attached to
-   [latest release](https://github.com/bkimminich/juice-shop/releases/latest)
-3. Unpack and `cd` into the unpacked folder
-4. Run `npm start`
-5. Browse to <http://localhost:3000>
-
-> Each packaged distribution includes some binaries for `sqlite3` and
-> `libxmljs` bound to the OS and node.js version which `npm install` was
-> executed on.
-
-### Docker Container
-
-[![Docker Pulls](https://img.shields.io/docker/pulls/bkimminich/juice-shop.svg)](https://hub.docker.com/r/bkimminich/juice-shop)
-![Docker Stars](https://img.shields.io/docker/stars/bkimminich/juice-shop.svg)
-[![](https://images.microbadger.com/badges/image/bkimminich/juice-shop.svg)](https://microbadger.com/images/bkimminich/juice-shop
-"Get your own image badge on microbadger.com")
-[![](https://images.microbadger.com/badges/version/bkimminich/juice-shop.svg)](https://microbadger.com/images/bkimminich/juice-shop
-"Get your own version badge on microbadger.com")
-
-1. Install [Docker](https://www.docker.com)
-2. Run `docker pull bkimminich/juice-shop`
-3. Run `docker run --rm -p 3000:3000 bkimminich/juice-shop`
-4. Browse to <http://localhost:3000> (on macOS and Windows browse to
-   <http://192.168.99.100:3000> if you are using docker-machine instead
-   of the native docker installation)
-
-### Vagrant
-
-1. Install [Vagrant](https://www.vagrantup.com/downloads.html) and
-   [Virtualbox](https://www.virtualbox.org/wiki/Downloads)
-2. Run `git clone https://github.com/bkimminich/juice-shop.git` (or
-   clone [your own fork](https://github.com/bkimminich/juice-shop/fork)
-   of the repository)
-3. Run `cd vagrant && vagrant up`
-4. Browse to [192.168.33.10:3000](http://192.168.33.10:3000)
-
-### Amazon EC2 Instance
-
-1. In the _EC2_ sidenav select _Instances_ and click _Launch Instance_
-2. In _Step 1: Choose an Amazon Machine Image (AMI)_ choose an _Amazon
-   Linux AMI_ or _Amazon Linux 2 AMI_
-3. In _Step 3: Configure Instance Details_ unfold _Advanced Details_ and
-   copy the script below into _User Data_
-4. In _Step 6: Configure Security Group_ add a _Rule_ that opens port 80
-   for HTTP
-5. Launch your instance
-6. Browse to your instance's public DNS
-
-```
-#!/bin/bash
-yum update -y
-yum install -y docker
-service docker start
-docker pull bkimminich/juice-shop
-docker run -d -p 80:3000 bkimminich/juice-shop
-```
-
-### Azure Container Instance
-
-1. Open and login (via `az login`) to your
-   [Azure CLI](https://azure.github.io/projects/clis/) **or** login to
-   the [Azure Portal](https://portal.azure.com), open the _CloudShell_
-   and then choose _Bash_ (not PowerShell).
-2. Create a resource group by running `az group create --name <group
-   name> --location <location name, e.g. "centralus">`
-3. Create a new container by running `az container create
-   --resource-group <group name> --name <container name> --image
-   bkimminich/juice-shop --dns-name-label <dns name label> --ports 3000
-   --ip-address public`
-4. Your container will be available at `http://<dns name
-   label>.<location name>.azurecontainer.io:3000`
-
-### Google Compute Engine Instance
-
-1. Login to the Google Cloud Console and
-   [open Cloud Shell](https://console.cloud.google.com/home/dashboard?cloudshell=true).
-2. Launch a new GCE instance based on the juice-shop container. Take
-   note of the `EXTERNAL_IP` provided in the output.
-
-```
-gcloud compute instances create-with-container owasp-juice-shop-app --container-image bkimminich/juice-shop
-```
-
-3. Create a firewall rule that allows inbound traffic to port 3000
-
-```
-gcloud compute firewall-rules create juice-rule --allow tcp:3000
-```
-
-4. Your container is now running and available at
-   `http://<EXTERNAL_IP>:3000/`
-
 ## Demo
 
 Feel free to have a look at the latest version of OWASP Juice Shop:

diff --git a/example-secret.auto.tfvars b/example-secret.auto.tfvars
@@ -0,0 +1,2 @@
+access_key = ""
+secret_key = ""
diff --git a/frontend/.gitignore b/frontend/.gitignore
@@ -7,7 +7,6 @@
 
 # dependencies
 /node_modules
-package-lock.json
 
 # IDEs and editors
 /.idea

diff --git a/frontend/package-lock.json b/frontend/package-lock.json
diff --git a/frontend/package.json b/frontend/package.json
@@ -27,7 +27,7 @@
     "@angular/platform-browser": "^10.2.3",
     "@angular/platform-browser-dynamic": "^10.2.3",
     "@angular/router": "^10.2.3",
-    "@fortawesome/fontawesome-svg-core": "^1.2.30",
+    "@fortawesome/fontawesome-svg-core": "~1.2.30",
     "@fortawesome/free-brands-svg-icons": "^5.14.0",
     "@fortawesome/free-regular-svg-icons": "^5.14.0",
     "@fortawesome/free-solid-svg-icons": "^5.14.0",
@@ -47,6 +47,7 @@
     "ngx-clipboard": "^13.0.1",
     "ngx-cookie-service": "^10.0.1",
     "ngx-spinner": "^10.0.1",
+    "ngx-window-token": "^5.0.0",
     "node-sass": "^4.14.1",
     "rxjs": "6.6.2",
     "snarkdown": "^1.2.2",

diff --git a/k8s-src/juice-shop-deploy.yaml b/k8s-src/juice-shop-deploy.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: snyk-juice-shop
+  labels:
+    app: snyk-juice-shop
+spec:
+  selector:
+    matchLabels:
+      app: snyk-juice-shop
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: snyk-juice-shop
+    spec:
+      containers:
+      - name: juice-shop
+        image: clintonherget/snyk-juice-shop
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 3000
+        securityContext:
+          privileged: true
diff --git a/k8s-src/juice-shop-service.yaml b/k8s-src/juice-shop-service.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: snyk-juice-shop
+  labels:
+    app: snyk-juice-shop
+spec:
+  ports:
+    - port: 8080
+      targetPort: 3000
+      protocol: TCP
+  selector:
+    app: snyk-juice-shop
+
diff --git a/main.tf b/main.tf
@@ -0,0 +1,74 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 3.20.0"
+    }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "3.1.0"
+    }
+
+    local = {
+      source  = "hashicorp/local"
+      version = "2.1.0"
+    }
+
+    null = {
+      source  = "hashicorp/null"
+      version = "3.1.0"
+    }
+
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.0.1"
+    }
+  }
+
+  required_version = ">= 0.14"
+}
+
+provider "aws" {
+  region                      = var.region
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+  skip_metadata_api_check     = true
+  access_key                  = var.access_key
+  secret_key                  = var.secret_key
+}
+
+provider "kubernetes" {
+  host                   = module.includes.cluster_host
+  token                  = module.includes.cluster_token
+  cluster_ca_certificate = module.includes.cluster_cert
+}
+
+module "includes" {
+  source = "./terraform/modules/includes"
+
+  sg_wg_one_id = module.sg.workgroup_one_id
+  sg_wg_two_id = module.sg.workgroup_two_id
+}
+
+module "sg"  {
+  source = "./terraform/modules/security-groups"
+  vpc_id = module.includes.vpc_id
+}
+
+module "subnets" {
+  source = "./terraform/modules/subnets"
+
+  region = var.region
+  vpc_id = module.includes.vpc_id
+}
+
+module "storage" {
+  source = "./terraform/modules/storage"
+
+  cluster_name = module.includes.cluster_name
+  rds_sg_id = module.sg.rds_sg_id
+  private_subnet = [module.subnets.subnet_id_main, module.subnets.subnet_id_secondary]
+}
+
+
diff --git a/package-lock.json b/package-lock.json
diff --git a/terraform.tfstate b/terraform.tfstate
diff --git a/terraform/modules/includes/inputs.tf b/terraform/modules/includes/inputs.tf
@@ -0,0 +1,3 @@
+variable "sg_wg_one_id" {}
+
+variable "sg_wg_two_id" {}
diff --git a/terraform/modules/includes/main.tf b/terraform/modules/includes/main.tf
@@ -0,0 +1,79 @@
+resource "random_string" "suffix" {
+  length  = 5
+  special = false
+  upper = false
+}
+
+locals {
+  cluster_name = "snyk-demo-eks-${random_string.suffix.result}"
+}
+
+data "aws_eks_cluster" "cluster" {
+  name = module.eks.cluster_id
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = module.eks.cluster_id
+}
+
+data "aws_availability_zones" "available" {}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "3.2.0"
+
+  name                 = "snyk-demo-vpc"
+  cidr                 = "10.0.0.0/16"
+  azs                  = data.aws_availability_zones.available.names
+  private_subnets      = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets       = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
+  enable_nat_gateway   = true
+  single_nat_gateway   = true
+  enable_dns_hostnames = true
+
+  tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+  }
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+    "kubernetes.io/role/elb"                      = "1"
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb"             = "1"
+  }
+}
+
+module "eks" {
+  source          = "terraform-aws-modules/eks/aws"
+  version         = "17.24.0"
+  cluster_name    = local.cluster_name
+  cluster_version = "1.20"
+  subnets         = module.vpc.private_subnets
+
+  vpc_id = module.vpc.vpc_id
+
+  workers_group_defaults = {
+    root_volume_type = "gp2"
+  }
+
+  worker_groups = [
+    {
+      name                          = "worker-group-1"
+      instance_type                 = "t2.small"
+      additional_userdata           = "echo foo bar"
+      additional_security_group_ids = [var.sg_wg_one_id]
+      asg_desired_capacity          = 2
+    },
+    {
+      name                          = "worker-group-2"
+      instance_type                 = "t2.medium"
+      additional_userdata           = "echo foo bar"
+      additional_security_group_ids = [var.sg_wg_two_id]
+      asg_desired_capacity          = 1
+    },
+  ]
+}
+
diff --git a/terraform/modules/includes/outputs.tf b/terraform/modules/includes/outputs.tf
@@ -0,0 +1,19 @@
+output "cluster_host" {
+  value = data.aws_eks_cluster.cluster.endpoint
+}
+
+output "cluster_token" {
+  value = data.aws_eks_cluster_auth.cluster.token
+}
+
+output "cluster_cert" {
+value = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+}
+
+output "cluster_name" {
+  value = local.cluster_name
+}
+
+output "vpc_id" {
+  value = module.vpc.vpc_id
+}
diff --git a/terraform/modules/security-groups/inputs.tf b/terraform/modules/security-groups/inputs.tf
@@ -0,0 +1,3 @@
+variable "vpc_id" {
+  description = "ID of preconfigured VPC"
+}
diff --git a/terraform/modules/security-groups/main.tf b/terraform/modules/security-groups/main.tf
@@ -0,0 +1,72 @@
+
+resource "aws_security_group" "worker_group_mgmt_one" {
+  name_prefix = "worker_group_mgmt_one"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+    ]
+  }
+}
+
+resource "aws_security_group" "worker_group_mgmt_two" {
+  name_prefix = "worker_group_mgmt_two"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "192.168.0.0/16",
+    ]
+  }
+}
+
+resource "aws_security_group" "all_worker_mgmt" {
+  name_prefix = "all_worker_management"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+      "172.16.0.0/12",
+      "192.168.0.0/16",
+    ]
+  }
+}
+
+resource "aws_security_group" "snyk_rds_sg" {
+  name   = "snyk_demo_rds_sg"
+  vpc_id = var.vpc_id
+
+  tags = {
+    Name = "snyk_demo_rds_sg"
+  }
+
+  # HTTP access from anywhere
+  ingress {
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # outbound internet access
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/modules/security-groups/outputs.tf b/terraform/modules/security-groups/outputs.tf
@@ -0,0 +1,11 @@
+output "workgroup_one_id" {
+  value = aws_security_group.worker_group_mgmt_one.id
+}
+
+output "workgroup_two_id" {
+  value = aws_security_group.worker_group_mgmt_two.id
+}
+
+output "rds_sg_id" {
+  value = aws_security_group.snyk_rds_sg.id
+}
diff --git a/terraform/modules/storage/inputs.tf b/terraform/modules/storage/inputs.tf
@@ -0,0 +1,7 @@
+variable "cluster_name" {
+  description = "cluster name"
+}
+
+variable "rds_sg_id" {}
+
+variable "private_subnet" {}
diff --git a/terraform/modules/storage/main.tf b/terraform/modules/storage/main.tf
@@ -0,0 +1,103 @@
+resource "aws_db_subnet_group" "snyk_rds_subnet_grp" {
+  name       = "snyk_rds_subnet_grp_demo"
+  subnet_ids = var.private_subnet
+
+  tags = {
+    Name = "snyk_rds_subnet_grp_${var.cluster_name}"
+  }
+}
+
+resource "aws_kms_key" "snyk_db_kms_key" {
+  description             = "KMS Key for DB instance ${var.cluster_name}"
+  deletion_window_in_days = 10
+  enable_key_rotation     = true
+
+  tags = {
+    Name = "snyk_db_kms_key_${var.cluster_name}"
+  }
+}
+
+resource "aws_db_instance" "snyk_db" {
+  name                      = replace(var.cluster_name,"-","")
+  allocated_storage         = 20
+  engine                    = "postgres"
+  engine_version            = "10.20"
+  instance_class            = "db.t3.micro"
+  storage_type              = "gp2"
+  password                  = "supersecret"
+  username                  = "snyk"
+  vpc_security_group_ids    = [var.rds_sg_id]
+  db_subnet_group_name      = aws_db_subnet_group.snyk_rds_subnet_grp.id
+  identifier                = "snyk-db-demo"
+  storage_encrypted         = true
+  skip_final_snapshot       = true
+  final_snapshot_identifier = "${var.cluster_name}-db-destroy-snapshot"
+  kms_key_id                = aws_kms_key.snyk_db_kms_key.arn
+  tags = {
+    Name = "snyk_db_${var.cluster_name}"
+  }
+}
+
+resource "aws_ssm_parameter" "snyk_ssm_db_host" {
+  name        = "/snyk-${var.cluster_name}/DB_HOST"
+  description = "Snyk Database"
+  type        = "SecureString"
+  value       = aws_db_instance.snyk_db.endpoint
+
+  tags = {}
+}
+
+resource "aws_ssm_parameter" "snyk_ssm_db_password" {
+  name        = "/snyk-${var.cluster_name}/DB_PASSWORD"
+  description = "Snyk Database Password"
+  type        = "SecureString"
+  value       = aws_db_instance.snyk_db.password
+
+  tags = {}
+}
+
+resource "aws_ssm_parameter" "snyk_ssm_db_user" {
+  name        = "/snyk-${var.cluster_name}/DB_USER"
+  description = "Snyk Database Username"
+  type        = "SecureString"
+  value       = aws_db_instance.snyk_db.username
+
+  tags = {}
+}
+resource "aws_ssm_parameter" "snyk_ssm_db_name" {
+  name        = "/snyk-${var.cluster_name}/DB_NAME"
+  description = "Snyk Database Name"
+  type        = "SecureString"
+  value       = aws_db_instance.snyk_db.name
+
+  tags = {
+    environment = "${var.cluster_name}"
+  }
+}
+
+resource "aws_s3_bucket" "snyk_storage" {
+  bucket = "${var.cluster_name}"
+  tags = {
+    name = "snyk_blob_storage_${var.cluster_name}"
+  }
+}
+
+resource "aws_s3_bucket" "my-new-undeployed-bucket" {
+  bucket = "${var.cluster_name}"
+}
+
+resource "aws_s3_bucket_public_access_block" "snyk_public" {
+  bucket = aws_s3_bucket.my-new-undeployed-bucket.id
+
+  block_public_acls   = false
+  ignore_public_acls = false
+  block_public_policy = false
+}
+
+resource "aws_s3_bucket_public_access_block" "snyk_private" {
+  bucket = aws_s3_bucket.snyk_storage.id
+
+  ignore_public_acls  = true
+  block_public_acls   = true
+  block_public_policy = true
+}
diff --git a/terraform/modules/subnets/main.tf b/terraform/modules/subnets/main.tf
@@ -0,0 +1,19 @@
+resource "aws_subnet" "main" {
+  vpc_id     = var.vpc_id
+  cidr_block = var.cidr_main
+  availability_zone = "${var.region}a"
+
+  tags = {
+    Name = "Main"
+  }
+}
+
+resource "aws_subnet" "secondary" {
+  vpc_id     = var.vpc_id
+  cidr_block = var.cidr_secondary
+  availability_zone = "${var.region}c"
+
+  tags = {
+    Name = "Main"
+  }
+}
diff --git a/terraform/modules/subnets/outputs.tf b/terraform/modules/subnets/outputs.tf
@@ -0,0 +1,7 @@
+output "subnet_id_main" {
+  value = aws_subnet.main.id
+}
+
+output "subnet_id_secondary" {
+  value = aws_subnet.secondary.id
+}
diff --git a/terraform/modules/subnets/variables.tf b/terraform/modules/subnets/variables.tf
@@ -0,0 +1,17 @@
+variable "cidr_main" {
+  type    = string
+  default = "10.0.0.0/24"
+}
+
+variable "cidr_secondary" {
+  type    = string
+  default = "10.0.64.0/19"
+}
+
+variable "vpc_id" {
+  type    = string
+}
+
+variable "region" {
+  type    = string
+}
diff --git a/tf-plan.json b/tf-plan.json
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,12 @@
+variable "region" {
+  type    = string
+  default = "us-east-1"
+}
+
+variable "access_key" {
+  type    = string
+}
+
+variable "secret_key" {
+  type    = string
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		variable "sg_wg_one_id" {}

		variable "sg_wg_two_id" {}