write down instructions

lab-3/LAB-REPORT.md

@@ -34,7 +34,9 @@
   ![screenshot of listing s3 contents](./assets/s3-access-screenshot.jpg)
 
 ### Stretch
-- [ ] Create a bucket policy that blocks all public access but allows your IAM role
+- [x] Create a bucket policy that blocks all public access but allows your IAM role
+  - [ ] Implmented: [guide](https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/)
+  ![restrict to role](./assets/restrict-to-role.jpg)
 - [ ] **Experiment** with requiring MFA or VPC conditions.
   - [ ] MFA conditions
     * MFA did not work out of the box after setting it in the s3 bucket policy. 
@@ -54,6 +56,7 @@
         * I did not look into this because I didn't want to install
           yet another specialized CLI that I didn't understand
   - [ ] VPC
+
 - [ ] **Host a static site**
   - [ ] Enable a static website hosting (`index.html`)
   - [ ] Configure route 53 alias or CNAME for `resume.<yourdomain>` to the bucket endpoint.
@@ -67,6 +70,18 @@
   3. **Restrict to IP address**
     - [ ] copy pasta json into bucket policy
 
+### Further Exploration
+1. [ ] Snapshots & AMIs
+  - [ ] Create an EBS snapshot of `/dev/xvda`
+  - [ ] Register/create an AMI from that snapshot
+    - [ ] How do you "version" a server with snapshots? Why is this useful?
+  - [ ] Launch a new instance from your AMI
+2. [ ] Linux & Security Tooling
+3. [ ] Scripting & Automation
+  - [ ] Bash: report world-writable files
+  - [ ] Python with boto3: list snapshots, start/stop instances
+
+
 ## Further Reading
 - [ ]
 - [ ]