AWS Security Essentials

Part 2 Lab Instructions- Create an IAM Group, User, Role, Policy

  1. Create an IAM Group
  2. Create an IAM User
  3. Create an IAM Role
  4. Create an IAM Policy using the visual editor

Part 3 Lab Instructions- Creating a VPC in the cloud, Creating a Security Group, Creating a NACL

Create A Keypair in the AWS console

1. Creating and configuring VPC
2. Launch an instances in our custom VPC

Step 1: Create the VPC

Step 2: Create a Security Group  

 Add an inbound security group rule for http traffic over port 80, ssh over port 22 and https when creating the security group 

Step 3: Launch an Instance into Your VPC    Choose the new vpc we created in part 1 of the lab, add the script below in the user data field, select the security group we created above, select the keypair we created above.

Select an Amazon linux 2, free tier instance and pass the following in user data field:

#!/bin/bash
yum update -y
amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
yum install -y httpd mariadb-server
systemctl start httpd
systemctl enable httpd
usermod -a -G apache ec2-user
chown -R ec2-user:apache /var/www
chmod 2775 /var/www
find /var/www -type d -exec chmod 2775 {} \;
find /var/www -type f -exec chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

Step 4: Assign an Elastic IP Address to Your Instance  - create an elastic ip and assign to the instance

 Step 5: Test the link: modify this url with your public dns information for your instance and paste it into a browser window        http://my.public.dns.amazonaws.com/phpinfo.php

 Step 6: Clean Up  - Clean up will be done at the end of class

3. Create a NACL

Part 4 Lab Instructions- Create a KMS Key, Configure AWS Macie

1. Using KMS Keys with Amazon S3 buckets and files

  1. Create a KMS Key using the console
  2. Create an S3 bucket from the console-use north va region
  3. Create two notepad text files then save it to your desktop
  4. Upload the first notepad object to your bucket
  5. Enable encryption for your bucket
  6. Upload the second notepad file to your bucket
  7. Enable encryption on the first file you uploaded

2. Configuring Amazon Macie

  1. Enable Macie
  2. Integrate Amazon S3 with Macie

Part 5 Lab Instructions- Configure Amazon Inspector

  1. Start your EC2 instance from the EC2 Dashboard
  2. Run and Amazon Inspector Assessment

Part 6 Lab Instructions- Set up API Gateway Demo, Enable Guard Duty

Lab 1. API Gateway Demo

  1. Create A Lambda Function
  2. Integrate API Gateway

Lab 2 enable Guard Duty

Part 7 Lab Instructions-Set up Cloudwatch Alarm

Set up cloud watch alerts and alarms

  1. Enable Billing Alerts
  2. Create A Billing Alarm
  3. Check The Alarm Status

Part 8 Lab Instructions-Demo AWS Cloud Watch Logs, AWS Artifact, AWS Config, AWS Cloud Trail, AWS Trusted Advisor

MASTERING AWS SECURITY PDF