From 26c716c494b43b9d7ab13247c646d5f623902b05 Mon Sep 17 00:00:00 2001 From: DevDev-Automation Date: Wed, 8 Oct 2025 12:36:15 -0400 Subject: [PATCH 1/5] Initial fixes to utilize AWS Instance credentials --- images/pkr.hcl/builders/aws.pkr.hcl | 20 ++++++++++++++++++-- interact/account-helpers/aws.sh | 3 +-- interact/axiom-account | 18 +++++++++--------- modules/nuclei.json | 2 +- providers/aws-functions.sh | 28 +++++++++++++++++++++------- 5 files changed, 50 insertions(+), 21 deletions(-) diff --git a/images/pkr.hcl/builders/aws.pkr.hcl b/images/pkr.hcl/builders/aws.pkr.hcl index 87ebc989..f63b8548 100644 --- a/images/pkr.hcl/builders/aws.pkr.hcl +++ b/images/pkr.hcl/builders/aws.pkr.hcl @@ -20,11 +20,27 @@ variable "default_disk_size" { } source "amazon-ebs" "packer" { - access_key = var.aws_access_key - secret_key = var.aws_secret_access_key + #access_key = var.aws_access_key + #secret_key = var.aws_secret_access_key region = var.region ami_name = var.snapshot_name instance_type = var.default_size + security_group_id = var.security_group_id + associate_public_ip_address = true + ssh_interface = "private_ip" + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + http_put_response_hop_limit = 1 + } + imds_support = "v2.0" # enforces imdsv2 support on the resulting AMI + + subnet_filter { + filters = { + "tag:Name": "Assessment Operations" + } + } launch_block_device_mappings { device_name = "/dev/sda1" diff --git a/interact/account-helpers/aws.sh b/interact/account-helpers/aws.sh index 20fae757..14cc5a04 100755 --- a/interact/account-helpers/aws.sh +++ b/interact/account-helpers/aws.sh @@ -142,8 +142,7 @@ echo -e -n "${Green}Please enter a security group name above or press enter to c read SECURITY_GROUP # Get all available AWS regions -all_regions=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text) - +all_regions=$(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text) echo -e "${BGreen}Creating or reusing the security group '$SECURITY_GROUP' in ALL AWS regions...${Color_Off}" # We will track the "last" group_id and group_owner_id found or created diff --git a/interact/axiom-account b/interact/axiom-account index b1db6a0a..76002ccf 100755 --- a/interact/axiom-account +++ b/interact/axiom-account @@ -399,15 +399,15 @@ if [[ "$provider" == "aws" ]]; then aws_secret_access_key="$(jq -r '.aws_secret_access_key' "$AXIOM_PATH"/axiom.json)" aws_region="$(jq -r '.region' "$AXIOM_PATH"/axiom.json)" - if [[ -n "$aws_access_key" && -n "$aws_secret_access_key" ]]; then - echo -e "${BGreen}Configuring AWS CLI with credentials from axiom.json...${Color_Off}" - aws configure set aws_access_key_id "$aws_access_key" - aws configure set aws_secret_access_key "$aws_secret_access_key" - aws configure set region "$aws_region" - else - echo -e "${BRed}No AWS credentials found in axiom.json. Please set them manually.${Color_Off}" - bootstrap - fi + #if [[ -n "$aws_access_key" && -n "$aws_secret_access_key" ]]; then + # echo -e "${BGreen}Configuring AWS CLI with credentials from axiom.json...${Color_Off}" + # aws configure set aws_access_key_id "$aws_access_key" + # aws configure set aws_secret_access_key "$aws_secret_access_key" + # aws configure set region "$aws_region" + #else + # echo -e "${BRed}No AWS credentials found in axiom.json. Please set them manually.${Color_Off}" + # bootstrap + #fi # Check if AWS CLI is authenticated if ! aws sts get-caller-identity &> /dev/null; then diff --git a/modules/nuclei.json b/modules/nuclei.json index 8bbfa4c5..596b5d0b 100644 --- a/modules/nuclei.json +++ b/modules/nuclei.json @@ -5,7 +5,7 @@ "folder": "/home/op/nuclei-templates" }, { - "command": "/home/op/go/bin/nuclei -update -silent ; cat input | /home/op/go/bin/nuclei -t _folder_ -jsonl -o output", + "command": "/home/op/go/bin/nuclei -update -silent ; cat input | /home/op/go/bin/nuclei -jsonl -o output", "ext": "jsonl", "folder": "/home/op/nuclei-templates" } diff --git a/providers/aws-functions.sh b/providers/aws-functions.sh index 852c1f64..51da111d 100644 --- a/providers/aws-functions.sh +++ b/providers/aws-functions.sh @@ -14,6 +14,7 @@ create_instance() { user_data="$5" disk="$6" + # Default disk size to 20 if not provided if [[ -z "$disk" || "$disk" == "null" ]]; then disk="20" @@ -23,9 +24,20 @@ create_instance() { security_group_name="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.security_group_name')" security_group_id="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.security_group_id')" + subnet_id="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.subnet_id')" + + # Check if subnet_id was specified + if [[ "$subnet_id" != "null" ]]; then + subnet_id_option="--subnet-id $subnet_id" + # + security_group_name="null" + else + echo "Warning: subnet_id not specified in axiom.json, using default subnet." + subnet_id_option="" + fi # Determine whether to use security_group_name or security_group_id - if [[ -n "$security_group_name" && "$security_group_name" != "null" ]]; then + if [[ -z "$subnet_id" && -n "$security_group_name" && "$security_group_name" != "null" ]]; then security_group_option="--security-groups $security_group_name" elif [[ -n "$security_group_id" && "$security_group_id" != "null" ]]; then security_group_option="--security-group-ids $security_group_id" @@ -41,6 +53,8 @@ create_instance() { --instance-type "$size" \ --region "$region" \ $security_group_option \ + $subnet_id_option \ + --associate-public-ip-address \ --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=$name}]" \ --user-data "$user_data" \ $disk_option 2>&1 >> /dev/null @@ -92,7 +106,7 @@ instances() { local tempdir tempdir=$(mktemp -d) local regions - regions=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text) + regions=$(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text) # Fetch describe-instances for each region in parallel for region in $regions; do @@ -331,7 +345,7 @@ get_image_id() { if [[ "$all_regions" == "--all-regions" ]]; then tempdir=$(mktemp -d) - for r in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do + for r in $(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text); do ( aws ec2 describe-images --owners self --region "$r" \ --query "Images[*].[Name,ImageId]" --output json \ @@ -358,7 +372,7 @@ get_snapshots() { tmp=$(mktemp -d) printf "%-40s %-8s %-s\n" "Name" "Size(GB)" "Regions" - for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do + for region in $(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text); do ( aws ec2 describe-images --owners self --region "$region" \ --query "Images[*].[Name,BlockDeviceMappings[0].Ebs.VolumeSize]" --output text \ @@ -516,12 +530,12 @@ transfer_snapshot() { # Get data about regions # used by axiom-regions list_regions() { - aws ec2 describe-regions --query "Regions[*].RegionName" | jq -r '.[]' + aws ec2 describe-regions --region-names us-east-1 --query "Regions[*].RegionName" | jq -r '.[]' } # used by axiom-regions regions() { - aws ec2 describe-regions --query "Regions[*].RegionName" | jq -r '.[]' + aws ec2 describe-regions --region-names us-east-1 --query "Regions[*].RegionName" | jq -r '.[]' } ################################################################### @@ -601,7 +615,7 @@ delete_instances() { name_array=($names) local regions - regions=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text) + regions="us-east-1" # Fetch minimized instance data per region in parallel for region in $regions; do From 381e7ecfdcb04af9cf0368f0f150e0779c0fd128 Mon Sep 17 00:00:00 2001 From: DevDev-Automation Date: Tue, 10 Feb 2026 15:30:01 -0500 Subject: [PATCH 2/5] Add support for AWS IAM Profiles and Ec2InstanceMetadata credential sources --- images/pkr.hcl/builders/aws.pkr.hcl | 52 +++++++---- interact/account-helpers/aws.sh | 132 +++++++++++++++++++++++----- interact/axiom-account | 24 ++--- providers/aws-functions.sh | 72 +++++++++------ 4 files changed, 200 insertions(+), 80 deletions(-) diff --git a/images/pkr.hcl/builders/aws.pkr.hcl b/images/pkr.hcl/builders/aws.pkr.hcl index f63b8548..8a819323 100644 --- a/images/pkr.hcl/builders/aws.pkr.hcl +++ b/images/pkr.hcl/builders/aws.pkr.hcl @@ -10,6 +10,10 @@ variable "op_random_password" { type = string } +variable "security_group_id" { + type = string +} + variable "snapshot_name" { type = string } @@ -19,29 +23,43 @@ variable "default_disk_size" { default = 20 } +variable "associate_public_ip_address" { + type = bool + default = false +} + +variable "aws_access_key" { + type = string + default = null +} + +variable "aws_secret_access_key" { + type = string + default = null +} + +variable "aws_vpc_id" { + type = string +} + +variable "aws_subnet_id" { + type = string +} + + source "amazon-ebs" "packer" { - #access_key = var.aws_access_key - #secret_key = var.aws_secret_access_key + access_key = var.aws_access_key != null ? var.aws_access_key : null + secret_key = var.aws_secret_access_key != null ? var.aws_secret_access_key : null + profile = var.aws_profile != null ? var.aws_profile : null region = var.region + vpc_id = var.aws_vpc_id + subnet_id = var.aws_subnet_id + security_group_id = var.security_group_id ami_name = var.snapshot_name instance_type = var.default_size - security_group_id = var.security_group_id - associate_public_ip_address = true + associate_public_ip_address = var.associate_public_ip_address ssh_interface = "private_ip" - metadata_options { - http_endpoint = "enabled" - http_tokens = "required" - http_put_response_hop_limit = 1 - } - imds_support = "v2.0" # enforces imdsv2 support on the resulting AMI - - subnet_filter { - filters = { - "tag:Name": "Assessment Operations" - } - } - launch_block_device_mappings { device_name = "/dev/sda1" volume_type = "gp2" diff --git a/interact/account-helpers/aws.sh b/interact/account-helpers/aws.sh index 14cc5a04..9e89cc64 100755 --- a/interact/account-helpers/aws.sh +++ b/interact/account-helpers/aws.sh @@ -84,26 +84,89 @@ fi function awssetup(){ -echo -e -n "${Green}Please enter your AWS Access Key ID (required): \n>> ${Color_Off}" -read ACCESS_KEY -while [[ "$ACCESS_KEY" == "" ]]; do - echo -e "${BRed}Please provide an AWS Access KEY ID, your entry contained no input.${Color_Off}" - echo -e -n "${Green}Please enter your token (required): \n>> ${Color_Off}" - read ACCESS_KEY -done - -echo -e -n "${Green}Please enter your AWS Secret Access Key (required): \n>> ${Color_Off}" -read SECRET_KEY -while [[ "$SECRET_KEY" == "" ]]; do - echo -e "${BRed}Please provide an AWS Secret Access Key, your entry contained no input.${Color_Off}" - echo -e -n "${Green}Please enter your token (required): \n>> ${Color_Off}" - read SECRET_KEY +while true; do + echo -e -n "${Green}Do you plan to authenticate using and AWS Access and Secret Keys? y/n: \n>> ${Color_Off}" + read ACCESS_KEY_AUTH + + if [[ "$ACCESS_KEY_AUTH" == "y" ]] || [[ "$ACCESS_KEY_AUTH" == "yes" ]]; then + + echo -e -n "${Green}Please enter your AWS Access Key ID (required): \n>> ${Color_Off}" + read ACCESS_KEY + while [[ "$ACCESS_KEY" == "" ]]; do + echo -e "${BRed}Please provide an AWS Access KEY ID, your entry contained no input.${Color_Off}" + echo -e -n "${Green}Please enter your token (required): \n>> ${Color_Off}" + read ACCESS_KEY + done + + echo -e -n "${Green}Please enter your AWS Secret Access Key (required): \n>> ${Color_Off}" + read SECRET_KEY + while [[ "$SECRET_KEY" == "" ]]; do + echo -e "${BRed}Please provide an AWS Secret Access Key, your entry contained no input.${Color_Off}" + echo -e -n "${Green}Please enter your token (required): \n>> ${Color_Off}" + read SECRET_KEY + done + + aws configure set aws_access_key_id "$ACCESS_KEY" + aws configure set aws_secret_access_key "$SECRET_KEY" + break + + elif [[ "$ACCESS_KEY_AUTH" == "n" ]] || [[ "$ACCESS_KEY_AUTH" == "no" ]]; then + # Print available aws profiles + echo -e "${BGreen}Printing Available Profiles:${Color_Off}" + (aws configure list-profiles) | column -t + + # Prompt user to choose a profile + echo -e -n "${Green}Please choose a profile.\n>> ${Color_Off}" + read PROFILE + + # Export so subsequent commands can use the correct profile + export AWS_PROFILE=$PROFILE + break + else + echo -e "${BRed}Invalid response. Please enter 'y' for yes or 'n' for no.${Color_Off}" + fi done -aws configure set aws_access_key_id "$ACCESS_KEY" -aws configure set aws_secret_access_key "$SECRET_KEY" aws configure set output json +# Find all available VPCs +aws_vpcs="$(aws ec2 describe-vpcs)" + +# Check for Default VPC +if [ "$(jq -rC '.Vpcs | any(.IsDefault == true)' <<< "$aws_vpcs")" == true ]; then + echo -e "${Green}It appears the default VPC is available. Automatically using to build Images. ${Color_Off}" + aws_vpc_id="$(jq -C '.Vpcs[] | select(.IsDefault == true).VpcId' <<< $aws_vpcs)" + +else + # Print available aws VPCs + echo -e "${BGreen}Printing Available VPCs:${Color_Off}" + ( + jq -rC '.Vpcs | map({VpcId, "Name":(.Tags | if any(.Key == "Name") then (.[] | select(.Key == "Name").Value) else "null" end), OwnerId, IsDefault, State, CidrBlock}) | (.[0] | keys_unsorted), (.[] | [.[]]) | @tsv' <<< $aws_vpcs + ) | column -t + + # Prompt user to select a VPC + echo -e -n "${Green}Please choose a VpcId to deploy instances to.\n>> ${Color_Off}" + read aws_vpc_id +fi + +# Find all available subnets within selected VPC +aws_subnets="$(aws ec2 describe-subnets --filters "Name=vpc-id,Values=$aws_vpc_id")" + +# Check for Default Subnets +if [ "$(jq -rC '.Subnets | any(.DefaultForAz == true)' <<< "$aws_subnets")" == true ]; then + echo "Found Default Subnet" +else + # Print available aws Subnets + echo -e "${BGreen}Printing Available Subnets:${Color_Off}" + ( + jq -rC '.Subnets | map({SubnetId,"Name":(.Tags | if any(.Key == "Name") then (.[] | select(.Key == "Name").Value | gsub(" ";"")) else "null" end), CidrBlock, OwnerId, State})| (.[0] | keys_unsorted), (.[] | [.[]]) | @tsv' <<< $aws_subnets + ) | column -t + + # Prompt user to select a Subnet + echo -e -n "${Green}Please choose a SubnetId to build instances within.\n>> ${Color_Off}" + read aws_subnet_id +fi + default_region="us-west-2" echo -e -n "${Green}Please enter your default region (you can always change this later with axiom-region select \$region): Default '$default_region', press enter \n>> ${Color_Off}" read region @@ -126,7 +189,11 @@ if [[ "$disk_size" == "" ]]; then echo -e "${Blue}Selected default option '20'${Color_Off}" fi -aws configure set default.region "$region" +if [ -z "${PROFILE}" ]; then + aws configure set default.region "$region" +else + aws configure set "$PROFILE.region" "$region" +fi # Print available security groups echo -e "${BGreen}Printing Available Security Groups:${Color_Off}" @@ -141,10 +208,6 @@ echo -e "${BGreen}Printing Available Security Groups:${Color_Off}" echo -e -n "${Green}Please enter a security group name above or press enter to create a new security group with a random name \n>> ${Color_Off}" read SECURITY_GROUP -# Get all available AWS regions -all_regions=$(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text) -echo -e "${BGreen}Creating or reusing the security group '$SECURITY_GROUP' in ALL AWS regions...${Color_Off}" - # We will track the "last" group_id and group_owner_id found or created # so the script can still store them as before. last_group_id="" @@ -157,6 +220,23 @@ if [[ "$SECURITY_GROUP" == "" ]]; then echo -e "${BGreen}No Security Group provided, will create a new one: '$SECURITY_GROUP' in each region.${Color_Off}" fi +while true; do + echo -e -n "${Green}Create or reuse the security group '$SECURITY_GROUP' in ALL AWS regions? y/n: \n>> ${Color_Off}" + read REGION_SELECTION + + if [[ "$REGION_SELECTION" == "y" ]] || [[ "$REGION_SELECTION" == "yes" ]]; then + all_regions=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text) + echo -e "${BGreen}Creating or reusing the security group '$SECURITY_GROUP' in ALL AWS regions...${Color_Off}" + break + elif [[ "$REGION_SELECTION" == "n" ]] || [[ "$REGION_SELECTION" == "no" ]]; then + all_regions=$(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text) + echo -e "${BGreen}Creating or reusing the security group '$SECURITY_GROUP' in only the AWS $region region...${Color_Off}" + break + else + echo -e "${BRed}Invalid response. Please enter 'y' for yes or 'n' for no.${Color_Off}" + fi +done + first_group_id="" first_owner_id="" @@ -240,10 +320,15 @@ else exit 1 fi -data="$(echo "{\"aws_access_key\":\"$ACCESS_KEY\",\"aws_secret_access_key\":\"$SECRET_KEY\",\"group_owner_id\":\"$group_owner_id\",\"security_group_name\":\"$SECURITY_GROUP\",\"security_group_id\":\"$last_group_id\",\"region\":\"$region\",\"provider\":\"aws\",\"default_size\":\"$size\",\"default_disk_size\":\"$disk_size\"}")" +if [ -z "${PROFILE}" ]; then + data="{\"aws_access_key\":\"$ACCESS_KEY\",\"aws_secret_access_key\":\"$SECRET_KEY\",\"aws_vpc_id\":\"$aws_vpc_id\",\"aws_subnet_id\":\"$aws_subnet_id\",\"group_owner_id\":\"$group_owner_id\",\"security_group_name\":\"$SECURITY_GROUP\",\"security_group_id\":\"$last_group_id\",\"region\":\"$region\",\"provider\":\"aws\",\"default_size\":\"$size\",\"default_disk_size\":\"$disk_size\"}" +else + data="{\"aws_profile\":\"$PROFILE\",\"aws_vpc_id\":\"$aws_vpc_id\",\"aws_subnet_id\":\"$aws_subnet_id\",\"group_owner_id\":\"$group_owner_id\",\"security_group_name\":\"$SECURITY_GROUP\",\"security_group_id\":\"$last_group_id\",\"region\":\"$region\",\"provider\":\"aws\",\"default_size\":\"$size\",\"default_disk_size\":\"$disk_size\"}" +fi + echo -e "${BGreen}Profile settings below: ${Color_Off}" -echo "$data" | jq '.aws_secret_access_key = "*************************************"' +echo "$data" | jq 'if .aws_secret_access_key? then .aws_secret_access_key="*************************************" else . end' echo -e "${BWhite}Press enter if you want to save these to a new profile, type 'r' if you wish to start again.${Color_Off}" read ans @@ -268,4 +353,3 @@ $AXIOM_PATH/interact/axiom-account "$title" } awssetup - diff --git a/interact/axiom-account b/interact/axiom-account index 76002ccf..760f12ba 100755 --- a/interact/axiom-account +++ b/interact/axiom-account @@ -398,16 +398,20 @@ if [[ "$provider" == "aws" ]]; then aws_access_key="$(jq -r '.aws_access_key' "$AXIOM_PATH"/axiom.json)" aws_secret_access_key="$(jq -r '.aws_secret_access_key' "$AXIOM_PATH"/axiom.json)" aws_region="$(jq -r '.region' "$AXIOM_PATH"/axiom.json)" - - #if [[ -n "$aws_access_key" && -n "$aws_secret_access_key" ]]; then - # echo -e "${BGreen}Configuring AWS CLI with credentials from axiom.json...${Color_Off}" - # aws configure set aws_access_key_id "$aws_access_key" - # aws configure set aws_secret_access_key "$aws_secret_access_key" - # aws configure set region "$aws_region" - #else - # echo -e "${BRed}No AWS credentials found in axiom.json. Please set them manually.${Color_Off}" - # bootstrap - #fi + aws_profile="$(jq -r '.aws_profile' "$AXIOM_PATH"/axiom.json)" + + if [[ "$aws_access_key" != "null" && "$aws_secret_access_key" != "null" ]]; then + echo -e "${BGreen}Configuring AWS CLI with credentials from axiom.json...${Color_Off}" + aws configure set aws_access_key_id "$aws_access_key" + aws configure set aws_secret_access_key "$aws_secret_access_key" + aws configure set region "$aws_region" + elif [[ "$aws_profile" != "null" ]]; then + echo -e "${BGreen}Configuring AWS CLI to use profile from axiom.json...${Color_Off}" + export AWS_PROFILE="$aws_profile" + else + echo -e "${BRed}No AWS credentials found in axiom.json. Please set them manually.${Color_Off}" + bootstrap + fi # Check if AWS CLI is authenticated if ! aws sts get-caller-identity &> /dev/null; then diff --git a/providers/aws-functions.sh b/providers/aws-functions.sh index 232a4703..2711ba48 100644 --- a/providers/aws-functions.sh +++ b/providers/aws-functions.sh @@ -2,6 +2,12 @@ AXIOM_PATH="$HOME/.axiom" +# Set AWS_PROFILE if configured +aws_profile="$(jq -r '.aws_profile' "$AXIOM_PATH"/axiom.json)" +if [[ "$aws_profile" != "null" ]]; then + export AWS_PROFILE="$aws_profile" +fi + ################################################################### # Create Instance is likely the most important provider function :) # needed for init and fleet @@ -14,7 +20,6 @@ create_instance() { user_data="$5" disk="$6" - # Default disk size to 20 if not provided if [[ -z "$disk" || "$disk" == "null" ]]; then disk="20" @@ -24,28 +29,26 @@ create_instance() { security_group_name="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.security_group_name')" security_group_id="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.security_group_id')" - subnet_id="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.subnet_id')" - - # Check if subnet_id was specified - if [[ "$subnet_id" != "null" ]]; then - subnet_id_option="--subnet-id $subnet_id" - # - security_group_name="null" - else - echo "Warning: subnet_id not specified in axiom.json, using default subnet." - subnet_id_option="" - fi + subnet_id="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.aws_subnet_id')" + associate_public_ip_address="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.associate_public_ip_address')" # Determine whether to use security_group_name or security_group_id - if [[ -z "$subnet_id" && -n "$security_group_name" && "$security_group_name" != "null" ]]; then - security_group_option="--security-groups $security_group_name" - elif [[ -n "$security_group_id" && "$security_group_id" != "null" ]]; then + if [[ -n "$security_group_id" && "$security_group_id" != "null" ]]; then security_group_option="--security-group-ids $security_group_id" + elif [[ -n "$security_group_name" && "$security_group_name" != "null" ]]; then + security_group_option="--security-groups $security_group_name" else echo "Error: Both security_group_name and security_group_id are missing or invalid in axiom.json." return 1 fi + # Determine whether to associate a public ip address + if [[ -n "$associate_public_ip_address" && "$associate_public_ip_address" == "true" ]]; then + public_ip_option="--associate-public-ip-address" + else + public_ip_option="--no-associate-public-ip-address" + fi + # Launch the instance using the determined security group option aws ec2 run-instances \ --image-id "$image_id" \ @@ -53,8 +56,8 @@ create_instance() { --instance-type "$size" \ --region "$region" \ $security_group_option \ - $subnet_id_option \ - --associate-public-ip-address \ + $public_ip_option \ + --subnet-id "$subnet_id" \ --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=$name}]" \ --user-data "$user_data" \ $disk_option 2>&1 >> /dev/null @@ -106,11 +109,11 @@ instances() { local tempdir tempdir=$(mktemp -d) local regions - regions=$(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text) + regions=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text) # Fetch describe-instances for each region in parallel for region in $regions; do - aws ec2 describe-instances --region "$region" --output json > "$tempdir/$region.json" & + aws ec2 describe-instances --region "$region" --output json > "$tempdir/$region.json" 2>/dev/null & done wait @@ -345,10 +348,10 @@ get_image_id() { if [[ "$all_regions" == "--all-regions" ]]; then tempdir=$(mktemp -d) - for r in $(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text); do + for r in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do ( aws ec2 describe-images --owners self --region "$r" \ - --query "Images[*].[Name,ImageId]" --output json \ + --query "Images[*].[Name,ImageId]" --output json 2>/dev/null \ | jq -r --arg query "$query" --arg region "$r" '.[] | select(.[0] | startswith($query)) | "\(. [1]) \($region)"' > "$tempdir/$r.txt" ) & done @@ -372,10 +375,10 @@ get_snapshots() { tmp=$(mktemp -d) printf "%-40s %-8s %-s\n" "Name" "Size(GB)" "Regions" - for region in $(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text); do + for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do ( aws ec2 describe-images --owners self --region "$region" \ - --query "Images[*].[Name,BlockDeviceMappings[0].Ebs.VolumeSize]" --output text \ + --query "Images[*].[Name,BlockDeviceMappings[0].Ebs.VolumeSize]" --output text 2>/dev/null \ | awk -v r="$region" '{OFS="\t"; print $1, $2, r}' >> "$tmp/all.txt" ) & done @@ -530,12 +533,12 @@ transfer_snapshot() { # Get data about regions # used by axiom-regions list_regions() { - aws ec2 describe-regions --region-names us-east-1 --query "Regions[*].RegionName" | jq -r '.[]' + aws ec2 describe-regions --query "Regions[*].RegionName" | jq -r '.[]' } # used by axiom-regions regions() { - aws ec2 describe-regions --region-names us-east-1 --query "Regions[*].RegionName" | jq -r '.[]' + aws ec2 describe-regions --query "Regions[*].RegionName" | jq -r '.[]' } ################################################################### @@ -615,7 +618,7 @@ delete_instances() { name_array=($names) local regions - regions="us-east-1" + regions=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text) # Fetch minimized instance data per region in parallel for region in $regions; do @@ -702,17 +705,26 @@ create_instances() { security_group_name="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.security_group_name')" security_group_id="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.security_group_id')" + subnet_id="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.aws_subnet_id')" + associate_public_ip_address="$(cat "$AXIOM_PATH/axiom.json" | jq -r '.associate_public_ip_address')" # Determine whether to use security_group_name or security_group_id - if [[ -n "$security_group_name" && "$security_group_name" != "null" ]]; then - security_group_option="--security-groups $security_group_name" - elif [[ -n "$security_group_id" && "$security_group_id" != "null" ]]; then + if [[ -n "$security_group_id" && "$security_group_id" != "null" ]]; then security_group_option="--security-group-ids $security_group_id" + elif [[ -n "$security_group_name" && "$security_group_name" != "null" ]]; then + security_group_option="--security-groups $security_group_name" else echo "Error: Both security_group_name and security_group_id are missing or invalid in axiom.json." return 1 fi + # Determine whether to associate a public ip address + if [[ -n "$associate_public_ip_address" && "$associate_public_ip_address" == "true" ]]; then + public_ip_option="--associate-public-ip-address" + else + public_ip_option="--no-associate-public-ip-address" + fi + disk_option="--block-device-mappings DeviceName=/dev/xvda,Ebs={VolumeSize=$disk,VolumeType=gp2,DeleteOnTermination=true}" count="${#names[@]}" @@ -724,6 +736,8 @@ create_instances() { --instance-type "$size" \ --region "$region" \ $security_group_option \ + $public_ip_option \ + --subnet-id "$subnet_id" \ --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=$name}]" \ $disk_option \ --user-data "$user_data") From 2f6717d5b95a848c8a2f81021f9eaf3474913035 Mon Sep 17 00:00:00 2001 From: DevDev-Automation Date: Tue, 10 Feb 2026 15:51:14 -0500 Subject: [PATCH 3/5] Revert pipe errors to /dev/null changes --- providers/aws-functions.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/providers/aws-functions.sh b/providers/aws-functions.sh index 2711ba48..768e0ee3 100644 --- a/providers/aws-functions.sh +++ b/providers/aws-functions.sh @@ -113,7 +113,7 @@ instances() { # Fetch describe-instances for each region in parallel for region in $regions; do - aws ec2 describe-instances --region "$region" --output json > "$tempdir/$region.json" 2>/dev/null & + aws ec2 describe-instances --region "$region" --output json > "$tempdir/$region.json" & done wait @@ -351,7 +351,7 @@ get_image_id() { for r in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do ( aws ec2 describe-images --owners self --region "$r" \ - --query "Images[*].[Name,ImageId]" --output json 2>/dev/null \ + --query "Images[*].[Name,ImageId]" --output json \ | jq -r --arg query "$query" --arg region "$r" '.[] | select(.[0] | startswith($query)) | "\(. [1]) \($region)"' > "$tempdir/$r.txt" ) & done @@ -378,7 +378,7 @@ get_snapshots() { for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do ( aws ec2 describe-images --owners self --region "$region" \ - --query "Images[*].[Name,BlockDeviceMappings[0].Ebs.VolumeSize]" --output text 2>/dev/null \ + --query "Images[*].[Name,BlockDeviceMappings[0].Ebs.VolumeSize]" --output text \ | awk -v r="$region" '{OFS="\t"; print $1, $2, r}' >> "$tmp/all.txt" ) & done From cd393d9e2db75652bad82218df5b7627e1d27020 Mon Sep 17 00:00:00 2001 From: DevDev-Automation Date: Wed, 4 Mar 2026 15:20:53 -0500 Subject: [PATCH 4/5] Revert nuclei module change --- modules/nuclei.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nuclei.json b/modules/nuclei.json index 596b5d0b..8bbfa4c5 100644 --- a/modules/nuclei.json +++ b/modules/nuclei.json @@ -5,7 +5,7 @@ "folder": "/home/op/nuclei-templates" }, { - "command": "/home/op/go/bin/nuclei -update -silent ; cat input | /home/op/go/bin/nuclei -jsonl -o output", + "command": "/home/op/go/bin/nuclei -update -silent ; cat input | /home/op/go/bin/nuclei -t _folder_ -jsonl -o output", "ext": "jsonl", "folder": "/home/op/nuclei-templates" } From c0abbf61d18f44b7eac67faf0b35d7bae828399d Mon Sep 17 00:00:00 2001 From: DevDev-Automation Date: Wed, 4 Mar 2026 15:54:50 -0500 Subject: [PATCH 5/5] Ensure specified region is used, not just us-east-1 --- interact/account-helpers/aws.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interact/account-helpers/aws.sh b/interact/account-helpers/aws.sh index 9e89cc64..caeb4051 100755 --- a/interact/account-helpers/aws.sh +++ b/interact/account-helpers/aws.sh @@ -229,7 +229,7 @@ while true; do echo -e "${BGreen}Creating or reusing the security group '$SECURITY_GROUP' in ALL AWS regions...${Color_Off}" break elif [[ "$REGION_SELECTION" == "n" ]] || [[ "$REGION_SELECTION" == "no" ]]; then - all_regions=$(aws ec2 describe-regions --region-names us-east-1 --query "Regions[].RegionName" --output text) + all_regions=$(aws ec2 describe-regions --region-names "$region" --query "Regions[].RegionName" --output text) echo -e "${BGreen}Creating or reusing the security group '$SECURITY_GROUP' in only the AWS $region region...${Color_Off}" break else