Monkey Island: Running the monkey on AWS EC2 instances
If your network is deployed on Amazon Web Services (with EC2 instances), and you'd like to run the Infection Monkey in order to test it. You can easily run the monkey on various instances within your network - in a secure fashion, without feeding the Island with any credentials or running shell commands on the machines you want to test.
Assuming your network is already set up in AWS EC2, follow these quick steps to get up and running.
In order to run the Monkeys directly from the Monkey Island server, you need to deploy the Monkey Island server to an AWS EC2 instance in the same network which you want to test. For information about deploying the Monkey Island server, see [https://github.com/guardicore/monkey/wiki/setup](our setup documentation).
In order for the Island to successfully view your instances, you'll need to set appropriate IAM roles to your instances. You can read more about IAM roles in Amazon's documentation, but it's not necessary in order to follow this setup.
Go to the AWS IAM roles dashboard and create a new IAM role for EC2, with the AmazonEC2RoleforSSM permission. In the end it should like something like this:
For each instance you'd like to access from the island, apply the new IAM role you've just created to the instance. For example:
When you run the monkey island on an AWS instance, the island detects it's running on AWS and present the following option in the "Run Monkey" page, like so:
And then you can choose one of the available instances as "patient zero" like so:
- Click on "Run on AWS"
- Choose the relevant Network Interface
- Select the machines you'd like to run the Monkey on
- Click "Run on Selected Machines", and watch the monkey go! 🐒
