In earlier posts, I covered the fundamentals of Terraform. The focus was to help red teams learn how to write infrastructure as code using providers, variables, resources, and modules. We also explored why Terraform matters to red teams—from speeding up deployments to improving operational security. If you haven't read Why Red Teams Should Learn Terraform, I’d recommend you read it now.

In upcoming posts, we shift the focus from theory to application. Using our shiny Terraform skills, we will now build fully automated, disposable cloud-based red team infrastructure. The goal is not just to deploy infrastructure, but to do it the red team way: fast, stealthy, and ephemeral.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.

Why automate red team infrastructure?

Manual infrastructure slows down red team operations and increases the risk of mistakes or exposure. Automation makes labs faster to deploy, easier to clean up, and far more consistent—critical for time-sensitive and stealth-focused engagements.

Cloud vs. on-prem infrastructure

Red teams commonly work in two types of infrastructure: on-premise and cloud-based. On-prem infrastructure offer control and realism but is harder to automate. Cloud infrastructure, on the other hand, is faster to deploy, easier to tear down, and ideal for short-term ops.

Note: Not all engagements may permit the use of cloud infrastructure due to compliance or client restrictions.

What we’ll build

Over the next few days, we will walk through building a disposable red team infrastructure in the cloud. This will include:

• Attacker VM(s) – Cloud-based Kali or Ubuntu boxes for operational tooling

• Redirectors – To route and obfuscate traffic to C2 or phishing servers

• Isolated networking – With controlled ingress and egress

• Tight access control – Using key-based or credential-based authentication

Everything will be defined in Terraform and fully reproducible. The final result: red team infrastructure that can be launched with a single command, and just as easily destroyed with another.

Before moving forward, it’s important to quickly recap the prerequisites:

• Terraform installed and configured
  You should have Terraform installed locally, and be comfortable with basic commands like init, plan, apply, and destroy.

• An AWS account with programmatic access
  An IAM user with administrative or appropriate permissions should be configured, along with access keys stored either via environment variables or the AWS CLI.

• AWS CLI configured
  The aws configure command should be used to set up access credentials, you can verify access using commands like aws sts get-caller-identity.

With everything in place, lets gear up to put our Terraform skills to action.

TL;DR
- Automation speeds up deployments, reduces human error, and improves stealth during operations.
- Cloud infra offers speed and flexibility, while on-prem labs offer realism but are harder to automate (even though some engagements may restrict use of cloud infrastructure due to compliance).
- In upcoming posts, we will build infrastructure that will include an attacker VM, redirectors, isolated networking, and access controls—all built with Terraform.
- You should already have Terraform installed, an AWS account with CLI access, and basic command knowledge.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.