The AECID Testbed is a simulated enterprise network with numerous vulnerabilities. Attacks in this testbed are executed automatically and cover a variety of tactics and techniques of the MITRE enterprise framework.
In scenario1(videoserver) some attacks need actions executed from admin-pc. In order to make those hosts accessible by attackm8, the mgmt-host is allowed to have password-login via ssh. This is insecure in environments where the mgmt-host is hosted with a public ip(public cloudprovider).
I can think of possible solutions like:
create another jumphost, that is only for the simulation and has no floating-ip
add the inet-network to the adminpcs so that they are dual-homed and can directly accessed by attackm8
Currently the adminpc's are in the lan-network. Create admin-networks. Admins are allowed to access all networks. Add the network to the terragrunt/bootstrap
The variables.pkr.hcl files in the packer folders have the old names as default values for the flavor variables. This should be eventually updated to the new naming conventions (e.g. d2-2 instead of m1.small).
For terragrunt init to work, provider need to be changed in the versions.tf files from terraform-providers/openstack to terraform-provider-openstack/openstack