DocsRelease Notes
Docs

./HAVOC Network Resources

Details about AWS network resources created in a ./HAVOC deployment

Suggest Edits

When creating a new ./HAVOC deployment, several network resources are created in your AWS account. Below is a list of the network resources that are created.

The Terraform configuration file that is used to create the network resources is available here: https://github.com/havocsh/havoc/blob/main/havoc_deploy/aws/terraform/network.tf

Virtual Private Cloud (VPC)

Deployment VPC

  • CIDR Block: 172.16.0.0/16
  • Tags: Name = var.deployment_name

A Virtual Private Cloud (VPC) is created with the specified CIDR block to isolate the ./HAVOC deployment's network resources.

Subnets

Deployment Subnet 0

  • CIDR Block: 172.16.0.0/24
  • Availability Zone: Determined by AWS availability zones data source.
  • Tags: Name = "${var.deployment_name}_subnet_0"

Deployment Subnet 1

  • CIDR Block: 172.16.1.0/24
  • Availability Zone: Determined by AWS availability zones data source.
  • Tags: Name = "${var.deployment_name}_subnet_1"

Two subnets are created within the VPC to distribute resources across different availability zones.

Security Groups

Listener LB Default Security Group

  • Name: "${var.deployment_name}-listener-lb-default"
  • Description: Allow traffic from Load Balancer (LB) to ECS.
  • VPC: VPC specified in the deployment.

Tasks Default Security Group

  • Name: "${var.deployment_name}-tasks-default"
  • Description: Allow traffic from LB to ECS.
  • VPC: VPC specified in the deployment.

Two security groups are created to control inbound and outbound traffic for the ./HAVOC resources.

Security Group Rules

Tasks Ingress Rule

  • Security Group: Tasks Default Security Group
  • Referenced Security Group: Listener LB Default Security Group
  • IP Protocol: All traffic (-1)

Tasks Egress Rule

  • Security Group: Tasks Default Security Group
  • CIDR IPv4: 0.0.0.0/0
  • IP Protocol: All traffic (-1)

Ingress and egress rules are defined to allow communication between security groups and outbound internet access.

Internet Gateway

Internet Gateway (IGW)

A single Internet Gateway (IGW) is created and attached to the Deployment VPC to enable communication between the VPC and the public internet.

Route Configuration

Internet Access Route

  • Route Table: Main route table of the Deployment VPC
  • Destination CIDR Block: 0.0.0.0/0 (All traffic)
  • Gateway: Internet Gateway (IGW)

A route is configured to route all traffic (0.0.0.0/0) through the Internet Gateway, providing internet access to resources within the VPC.

These network resources are essential for setting up the networking infrastructure required for the ./HAVOC application to operate securely and efficiently within the AWS environment.

Updated about 2 years ago