AWS Security Essentials
Part 2 Lab Instructions- Create an IAM Group, User, Role, Policy
- Create an IAM Group
- Create an IAM User
- Create an IAM Role
- Create an IAM Policy using the visual editor
Part 3 Lab Instructions- Creating a VPC in the cloud, Creating a Security Group, Creating a NACL
Create A Keypair in the AWS console
1. Creating and configuring VPC
2. Launch an instances in our custom VPC
Step 2: Create a Security Group
Add an inbound security group rule for http traffic over port 80, ssh over port 22 and https when creating the security group
Step 3: Launch an Instance into Your VPC Choose the new vpc we created in part 1 of the lab, add the script below in the user data field, select the security group we created above, select the keypair we created above.
Select an Amazon linux 2, free tier instance and pass the following in user data field:
#!/bin/bash
yum update -y
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
yum install -y httpd mariadb-server
systemctl start httpd
systemctl enable httpd
usermod -a -G apache ec2-user
chown -R ec2-user:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
Step 4: Assign an Elastic IP Address to Your Instance - create an elastic ip and assign to the instance
Step 5: Test the link: modify this url with your public dns information for your instance and paste it into a browser window http://my.public.dns.amazonaws.com/phpinfo.php
Step 6: Clean Up - Clean up will be done at the end of class
3. Create a NACL
- Creating a Network ACL
- Adding and Deleting Rules
- Associating a Subnet with a Network ACL
- Disassociating a Network ACL from a Subnet
- Changing a Subnet's Network ACL
- Deleting a Network ACL - We will delete at the end of class
Part 4 Lab Instructions- Create a KMS Key, Configure AWS Macie
1. Using KMS Keys with Amazon S3 buckets and files
- Create a KMS Key using the console
- Create an S3 bucket from the console-use north va region
- Create two notepad text files then save it to your desktop
- Upload the first notepad object to your bucket
- Enable encryption for your bucket
- Upload the second notepad file to your bucket
- Enable encryption on the first file you uploaded
2. Configuring Amazon Macie
Part 5 Lab Instructions- Configure Amazon Inspector
- Start your EC2 instance from the EC2 Dashboard
- Run and Amazon Inspector Assessment
Part 6 Lab Instructions- Set up API Gateway Demo, Enable Guard Duty
Lab 1. API Gateway Demo
Lab 2 enable Guard Duty
Part 7 Lab Instructions-Set up Cloudwatch Alarm
Set up cloud watch alerts and alarms