witch/labs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

write down instructions

Browse Source
This commit is contained in:
witch
2025-06-11 19:58:10 -07:00
parent 0574727270
commit 1ff8c54ac1
2 changed files with 29 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
lab-3/LAB-REPORT.md
View File

@ -34,26 +34,29 @@
![screenshot of listing s3 contents](./assets/s3-access-screenshot.jpg) ![screenshot of listing s3 contents](./assets/s3-access-screenshot.jpg)
### Stretch ### Stretch
- [ ] Create a bucket policy that blocks all public access but allows your IAM role - [x] Create a bucket policy that blocks all public access but allows your IAM role
- [ ] Implmented: [guide](https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/)
![restrict to role](./assets/restrict-to-role.jpg)
- [ ] **Experiment** with requiring MFA or VPC conditions. - [ ] **Experiment** with requiring MFA or VPC conditions.
- [ ] MFA conditions - [ ] MFA conditions
* MFA did not work out of the box after setting it in the s3 bucket policy. * MFA did not work out of the box after setting it in the s3 bucket policy.
The ways I found you can configure MFA: The ways I found you can configure MFA:
* [stackoverflow](https://stackoverflow.com/questions/34795780/how-to-use-mfa-with-aws-cli) * [stackoverflow](https://stackoverflow.com/questions/34795780/how-to-use-mfa-with-aws-cli)
* via cli roles * via cli roles
* configuration via ~/.aws/credentials * configuration via ~/.aws/credentials
* 1Password CLI with AWS Plugin * 1Password CLI with AWS Plugin
* I use bitwarden, which also has an AWS Plugin * I use bitwarden, which also has an AWS Plugin
* This is probably what I will gravitate towards for a more * This is probably what I will gravitate towards for a more
long-term setup, because having all of these credentials long-term setup, because having all of these credentials
floating around in various areas on my computer/virtualbox floating around in various areas on my computer/virtualbox
envs gets confusing. Not a fan. envs gets confusing. Not a fan.
* I've seen a lot more recommendations (TBH it's more like 2 vs 0) * I've seen a lot more recommendations (TBH it's more like 2 vs 0)
for 1password for password credential setup. Wonder why? for 1password for password credential setup. Wonder why?
* other apps that handle this * other apps that handle this
* I did not look into this because I didn't want to install * I did not look into this because I didn't want to install
yet another specialized CLI that I didn't understand yet another specialized CLI that I didn't understand
- [ ] VPC - [ ] VPC
- [ ] **Host a static site** - [ ] **Host a static site**
- [ ] Enable a static website hosting (`index.html`) - [ ] Enable a static website hosting (`index.html`)
- [ ] Configure route 53 alias or CNAME for `resume.<yourdomain>` to the bucket endpoint. - [ ] Configure route 53 alias or CNAME for `resume.<yourdomain>` to the bucket endpoint.
@ -67,6 +70,18 @@
3. **Restrict to IP address** 3. **Restrict to IP address**
- [ ] copy pasta json into bucket policy - [ ] copy pasta json into bucket policy
### Further Exploration
1. [ ] Snapshots & AMIs
- [ ] Create an EBS snapshot of `/dev/xvda`
- [ ] Register/create an AMI from that snapshot
- [ ] How do you "version" a server with snapshots? Why is this useful?
- [ ] Launch a new instance from your AMI
2. [ ] Linux & Security Tooling
3. [ ] Scripting & Automation
- [ ] Bash: report world-writable files
- [ ] Python with boto3: list snapshots, start/stop instances
## Further Reading ## Further Reading
- [ ] - [ ]
- [ ] - [ ]

BIN
lab-3/assets/restrict-to-role.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 89 KiB