attack_range icon indicating copy to clipboard operation
attack_range copied to clipboard

Published 20 hours ago verified publisher icon splunk

Cannot Destroy - Packer AWS Query Returns No Results On Existing AR

Open ivang-coder opened this issue 11 months ago • 1 comments

Hi Team,

Issue Description While using AR Docker on Macbook Air M2 and successfully deploying Attack Range on a standalone AWS, we're having issues destroying that AR environment by using the standard command python attack_range.py destroy, see the log output below.

Meanwhile, there are no issues with AWS Account access and the standard commands with actions like "build", "stop", "resume" and "show" run successfully.

Log output of the command python attack_range.py destroy

(attack-range-py3.10) root@da518bbc86a1:/attack_range# python attack_range.py destroy
...
module.networkModule.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-055542d5bc6b8d3cc]
╷
│ Error: Your query returned no results. Please change your search criteria and try again.
│ 
│   with module.linux-server.data.aws_ami.linux_server_packer[0],
│   on modules/linux-server/resources.tf line 2, in data "aws_ami" "linux_server_packer":
│    2: data "aws_ami" "linux_server_packer" {
│ 
╵
╷
│ Error: Your query returned no results. Please change your search criteria and try again.
│ 
│   with module.nginx-server.data.aws_ami.nginx_server_packer[0],
│   on modules/nginx-server/resources.tf line 3, in data "aws_ami" "nginx_server_packer":
│    3: data "aws_ami" "nginx_server_packer" {
│ 
╵
╷
│ Error: Your query returned no results. Please change your search criteria and try again.
│ 
│   with module.splunk-server.data.aws_ami.splunk_server_packer[0],
│   on modules/splunk-server/resources.tf line 3, in data "aws_ami" "splunk_server_packer":
│    3: data "aws_ami" "splunk_server_packer" {
│ 
╵
╷
│ Error: Your query returned no results. Please change your search criteria and try again.
│ 
│   with module.windows-server.data.aws_ami.windows_ami_packer[1],
│   on modules/windows/resources.tf line 5, in data "aws_ami" "windows_ami_packer":
│    5: data "aws_ami" "windows_ami_packer" {
│ 
╵
╷
│ Error: Your query returned no results. Please change your search criteria and try again.
│ 
│   with module.windows-server.data.aws_ami.windows_ami_packer[0],
│   on modules/windows/resources.tf line 5, in data "aws_ami" "windows_ami_packer":
│    5: data "aws_ami" "windows_ami_packer" {
│ 
╵

Could you advise how to resolve this issue, please?

ivang-coder avatar Mar 06 '24 00:03 ivang-coder

A solution (more like a workaround) has been found.

Solution Summary

By replacing the "aws_ami" data source with "aws_ami_ids" and commenting the "most_recent = true" statement out, Terraform is now able to complete the playrun invoked by python attack_range.py destroycommand.

Solution Details

To replicate the solution, amend the tf files as per below

vi terraform/aws/modules/linux-server/resources.tf

line 2, data "aws_ami_ids" "linux_server_packer" { line 4, # most_recent = true #(line commented) line 13 data "aws_ami_ids" "linux_server" { line 15 # most_recent = true #(line commented) line 31, ami = var.general.use_prebuilt_images_with_packer == "1" ? data.aws_ami_ids.linux_server_packer[count.index].id : data.aws_ami_ids.linux_server[count.index].id

vi terraform/aws/modules/nginx-server/resources.tf

line 3, data "aws_ami_ids" "nginx_server_packer" { line 5, # most_recent = true #(line commented) line 14 data "aws_ami_ids" "nginx_server" { line 16 # most_recent = true #(line commented) line 32, ami = var.general.use_prebuilt_images_with_packer == "1" ? data.aws_ami_ids.nginx_server_packer[0].id : data.aws_ami_ids.nginx_server[0].id

vi terraform/aws/modules/splunk-server/resources.tf

line 3, data "aws_ami_ids" "splunk_server_packer" { line 5, # most_recent = true #(line commented) line 14, data "aws_ami_ids" "splunk_server" { line 16, # most_recent = true #(line commented) line 91, ami = var.general.use_prebuilt_images_with_packer == "1" ? data.aws_ami_ids.splunk_server_packer[0].id : data.aws_ami_ids.splunk_server[0].id

vi terraform/aws/modules/windows/resources.tf

line 5, data "aws_ami_ids" "windows_ami_packer" { line 7, # most_recent = true #(line commented) line 16, data "aws_ami_ids" "windows_ami" { line 18, # most_recent = true #(line commented) line 35, ami = var.general.use_prebuilt_images_with_packer == "1" ? data.aws_ami_ids.windows_ami_packer[count.index].id : data.aws_ami_ids.windows_ami[count.index].id

Team, can you see if the workaround can be considered a solution and a candidate for the merge request?

Regards, Ivan

ivang-coder avatar Apr 09 '24 05:04 ivang-coder

I'm not able to reproduce your issue. I would recommend to not use packer. Our plan is to remove packer in a future release.

P4T12ICK avatar Aug 12 '24 13:08 P4T12ICK