Add screenshots

lab-3/LAB-REPORT.md

@@ -7,7 +7,7 @@
 - [x] Secrets/Token Management
     - [x] Consider secret-scanning
       - [x] Added git-leaks on pre-commit hook
-- [x] Create & Connect to a Git*** reposiotry
+- [x] Create & Connect to a Git*** repository
   - [x] https://git.dropbear-minnow.ts.net/
 - [x] Modify and make a second commit
 ![image of terminal](./assets/prep-console.png)
@@ -21,24 +21,18 @@
 - [ ] [Dumping S3 Buckets!](https://www.youtube.com/watch?v=ITSZ8743MUk)
 
 ## Lab
-- [ ] Grant perms to ec2 & s3 via IAM roles
+- [x] create a custom IAM Policy
-- [ ] S3 Buckets
+- [x] create an IAM Role for EC2
-  - [ ] How to create one
+  ![trust relationships](./assets/trust-relationships.jpg)
-    - [ ] Via GUI
+  ![permissions](./assets/permissions.jpg)
-    - [ ] Via terraform
+- [x] Attach the Role to your EC2 Instance
-  - [ ] What are they used for?
+- [x] Verify is3 access from the EC2 Instance
-    - I have some existing context for this. I've used this for work
+  ![screenshot of listing s3 contents](./assets/s3-access-screenshot.jpg)
-      in the past for both archival purposes and for serving public content
-      (images & documents). You would commonly use them for 
-  - [ ] How can they be a juicy security risk?
-    - ! A security team will often set alerts around s3 buckets whenever
-        resources are created with no rules set
-    - 
-  - [ ] Create and attach a least-privilege policy
-  - [ ] Associate the IAM role with your running EC2 instance
-  - [ ] Verify access from the instance --> ec2-vm :> aws s3 ls
 
-## Vocab
+### Stretch
+- [ ] Create a bucket policy that blocks all public access but allows your IAM role
+
+## Terms
 ### Identity Access Management
 ```mermaid
 graph LR
@@ -48,3 +42,10 @@ graph LR
   
   classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px;
 ```
+
+## End lab
+- [ ] Clean up
+  - [ ] Custom roles
+  - [ ] Custom policies
+- [ ] Stop ec2 Instance
+- [ ] Remove s3 bucket