cloudgoat icon indicating copy to clipboard operation
cloudgoat copied to clipboard
verified publisher icon RhinoSecurityLabs

how to fix this error

Open Rayanekdr opened this issue 6 months ago • 9 comments

Error: Your query returned no results. Please change your search criteria and try again. │ │ with data.aws_ami.ubuntu, │ on data_sources.tf line 4, in data "aws_ami" "ubuntu": │ 4: data "aws_ami" "ubuntu" { │ ╵

[cloudgoat] Error while running terraform plan. exit code: 1 stdout: stderr: Error: No value for required variable

on variables.tf line 1: 1: variable "profile" {

The root module input variable "profile" is not set, and has no default value. Use a -var or -var-file command line argument to provide a value for this variable.

Error: No value for required variable

on variables.tf line 12: 12: variable "cgid" {

The root module input variable "cgid" is not set, and has no default value. Use a -var or -var-file command line argument to provide a value for this variable.

Error: No value for required variable

on variables.tf line 17: 17: variable "cg_whitelist" {

The root module input variable "cg_whitelist" is not set, and has no default value. Use a -var or -var-file command line argument to provide a value for this variable.

Rayanekdr avatar Jun 03 '25 20:06 Rayanekdr

Hello - You need to set your default profile and configure the whitelist first.

cloudgoat config aws

  • Select your AWS profile used for creating CloudGoat scenarios.

cloudgoat config whitelist --auto

  • This will whitelist only your IP to any "public" assets created by the scenario

TeneBrae93 avatar Jun 03 '25 21:06 TeneBrae93

Hello Tyler, thanks for your answer,

I tried it but I'm still getting the same error. There's a comment in issue #362 mentioning that Ubuntu 18.04 AMIs no longer work for the aws/rce_web_app scenario

I attempted to change the image as suggested, but the error still persists.

Bye the way others scenario work perfectly

Hello - You need to set your default profile and configure the whitelist first.

cloudgoat config aws

  • Select your AWS profile used for creating CloudGoat scenarios.

cloudgoat config whitelist --auto

  • This will whitelist only your IP to any "public" assets created by the scenario

Rayanekdr avatar Jun 03 '25 21:06 Rayanekdr

Are you having issues with that same scenario?

TeneBrae93 avatar Jun 03 '25 21:06 TeneBrae93

Yes the issue with rce_web_app

Rayanekdr avatar Jun 03 '25 21:06 Rayanekdr

hey, i'm also facing this issue for the ecs_takeover scenario

Loading whitelist.txt... A whitelist.txt file was found that contains at least one valid IP address or range.

Found previously deployed ecs_takeover scenario.

Initializing the backend... There are some problems with the configuration, described below.

The Terraform configuration must be valid before initialization so that Terraform can determine which modules and providers need to be installed. ╷ │ Error: Invalid default value for variable │ │ on variables.tf line 22, in variable "cg_whitelist": │ 22: default = "my-ip/32" │ │ This default value is not compatible with the variable's type constraint: list of string required. ╵

[cloudgoat] Error while running terraform init. exit code: 1 stdout: Initializing the backend...

stderr: There are some problems with the configuration, described below.

The Terraform configuration must be valid before initialization so that Terraform can determine which modules and providers need to be installed.

Error: Invalid default value for variable

on variables.tf line 22, in variable "cg_whitelist": 22: default = "my-ip/32"

This default value is not compatible with the variable's type constraint: list of string required.

i tried to manually hardcode my public ip in the variables.tf file still it wont work

SaubhagyaDeep avatar Jun 04 '25 06:06 SaubhagyaDeep

@SaubhagyaDeep It needs to be a list of string, you could try setting it as ["X.X.X.X/32"]

The root cause of the issue is not related to the IP whitelist though, related to old version of ubuntu in the data call.

andrew-aiken avatar Jun 06 '25 14:06 andrew-aiken

yeah i did try setting it as a list but no luck. I'm using kali linux so maybe it is causing problems?. I'll try with latest ubuntu.

SaubhagyaDeep avatar Jun 08 '25 17:06 SaubhagyaDeep

I ran into this and fixed it by using an editable install. I use uv but you can probably do this with just pip or whatever.

  1. Pull down the cloudgoat source code with git clone [email protected]:RhinoSecurityLabs/cloudgoat.git
  2. cd into it cd cloudgoat
  3. Create a venv: uv venv
  4. Activate it: source .venv/bin/activate
  5. Do an editable install: uv pip install -e .
  6. Confirm that the cloudgoat on your path is the one in this new directory: which cloudgoat
  7. Set up your aws: cloudgoat config aws
  8. Set up your whitelist: cloudgoat config whitelist
  9. Start your scenario cloudgoat create rce_web_app

I haven't dug deep into it but I think there is some path confusion going on. The cloudgoat readme instructions say to do a pip install cloudgoat which (IIUC) installs the pip wheel to your $path, but the $path is likely different from the current working directory where the config.yml and whitelist.txt files will get written to. Additionally the docs seem to expect to be called with cloudgoat.py and not the cloudgoat installed path binary, so there probably is some assumption about the location of the config files, causing those terraform vars to not be set.

Anyway, using an editable install in python got this working for me.

achantavy avatar Jun 18 '25 03:06 achantavy

Are you having issues with that same scenario?

yes @TeneBrae93

monukaseper-bot avatar Oct 14 '25 07:10 monukaseper-bot