diff --git a/.gitignore b/.gitignore
index 2e9b7ee..6629e26 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 .env
 terraform/
+private*
 
 # Byte-compiled Python files
 __pycache__/
diff --git a/labs/0. reading/README.md b/labs/0. reading/README.md
deleted file mode 100644
index 4be5be9..0000000
--- a/labs/0. reading/README.md	
+++ /dev/null
@@ -1 +0,0 @@
-- [ ] [Debugging Zine](https://jvns.ca/debugging-zine.pdf)
diff --git a/labs/0. resources/RESOURCES.md b/labs/0. resources/RESOURCES.md
new file mode 100644
index 0000000..c17e27f
--- /dev/null
+++ b/labs/0. resources/RESOURCES.md	
@@ -0,0 +1,7 @@
+# Resources
+
+[Roadmap](./assets/Roadmap%20for%20Cloud%20Security.pdf)
+
+## Read
+- [ ] [Debugging Zine](https://jvns.ca/debugging-zine.pdf)
+- [ ] [The 5 Cybersecurity roles that will disappear first](./assets/The%205%20Cybersecurity%20Roles%20That%20Will%20Disappear%20First%20_%20by%20Taimur%20Ijlal%20_%20Jun,%202025%20_%20Medium-1.pdf)
diff --git a/labs/0. resources/assets/Roadmap for Cloud Security.pdf b/labs/0. resources/assets/Roadmap for Cloud Security.pdf
new file mode 100644
index 0000000..f682508
Binary files /dev/null and b/labs/0. resources/assets/Roadmap for Cloud Security.pdf differ
diff --git a/labs/0. resources/assets/The 5 Cybersecurity Roles That Will Disappear First _ by Taimur Ijlal _ Jun, 2025 _ Medium-1.pdf b/labs/0. resources/assets/The 5 Cybersecurity Roles That Will Disappear First _ by Taimur Ijlal _ Jun, 2025 _ Medium-1.pdf
new file mode 100644
index 0000000..1a6695c
Binary files /dev/null and b/labs/0. resources/assets/The 5 Cybersecurity Roles That Will Disappear First _ by Taimur Ijlal _ Jun, 2025 _ Medium-1.pdf differ
diff --git a/labs/lab-3/LAB-REPORT.md b/labs/lab-3/LAB-REPORT.md
index 9781c48..990188c 100644
--- a/labs/lab-3/LAB-REPORT.md
+++ b/labs/lab-3/LAB-REPORT.md
@@ -10,5 +10,42 @@
 - [x] Create & Connect to a Git*** reposiotry
   - [x] https://git.dropbear-minnow.ts.net/
 - [x] Modify and make a second commit
-![image of terminal](./prep-console.png)
-- [ ] Test to see if gitea actions works
+![image of terminal](./assets/prep-console.png)
+- [x] Test to see if gitea actions works
+- [ ] Have an existing s3 bucket
+
+## Resources
+- [x] [Capital One Data Breach](./assets/Capital%20One%20Data%20Breach%20—%202019.%20Introduction%20_%20by%20Tanner%20Jones%20_%20Nerd%20For%20Tech%20_%20Medium.pdf)
+- [ ] [Grant IAM User Access to Only One S3 Bucket](./assets/Grant%20IAM%20User%20Access%20to%20Only%20One%20S3%20Bucket%20_%20Medium.pdf)
+- [ ] [IAM Bucket Policies](./assets/From%20IAM%20to%20Bucket%20Policies_%20A%20Comprehensive%20Guide%20to%20S3%20Access%20Control%20with%20Console,%20CLI,%20and%20Terraform%20_%20by%20Mohasina%20Clt%20_%20Medium.pdf)
+- [ ] [Dumping S3 Buckets!](https://www.youtube.com/watch?v=ITSZ8743MUk)
+
+## Lab
+- [ ] Grant perms to ec2 & s3 via IAM roles
+- [ ] S3 Buckets
+  - [ ] How to create one
+    - [ ] Via GUI
+    - [ ] Via terraform
+  - [ ] What are they used for?
+    - I have some existing context for this. I've used this for work
+      in the past for both archival purposes and for serving public content
+      (images & documents). You would commonly use them for 
+  - [ ] How can they be a juicy security risk?
+    - ! A security team will often set alerts around s3 buckets whenever
+        resources are created with no rules set
+    - 
+  - [ ] Create and attach a least-privilege policy
+  - [ ] Associate the IAM role with your running EC2 instance
+  - [ ] Verify access from the instance --> ec2-vm :> aws s3 ls
+
+## Vocab
+### Identity Access Management
+```mermaid
+graph LR
+  IAMPolicy -- attaches to --> IAMIdentity
+  ExplainIAMIdentity[users, groups of users, roles, AWS resources]:::aside
+  ExplainIAMIdentity -.-> IAMIdentity
+  
+  classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px;
+```
+ieua((()))
\ No newline at end of file
diff --git a/labs/lab-3/Lab3-IAMRoleEc2S3Bucket.pdf b/labs/lab-3/Lab3-IAMRoleEc2S3Bucket.pdf
new file mode 100644
index 0000000..023cd3c
Binary files /dev/null and b/labs/lab-3/Lab3-IAMRoleEc2S3Bucket.pdf differ
diff --git a/labs/lab-3/assets/Capital One Data Breach — 2019. Introduction _ by Tanner Jones _ Nerd For Tech _ Medium.pdf b/labs/lab-3/assets/Capital One Data Breach — 2019. Introduction _ by Tanner Jones _ Nerd For Tech _ Medium.pdf
new file mode 100644
index 0000000..3c6141d
Binary files /dev/null and b/labs/lab-3/assets/Capital One Data Breach — 2019. Introduction _ by Tanner Jones _ Nerd For Tech _ Medium.pdf differ
diff --git a/labs/lab-3/assets/From IAM to Bucket Policies_ A Comprehensive Guide to S3 Access Control with Console, CLI, and Terraform _ by Mohasina Clt _ Medium.pdf b/labs/lab-3/assets/From IAM to Bucket Policies_ A Comprehensive Guide to S3 Access Control with Console, CLI, and Terraform _ by Mohasina Clt _ Medium.pdf
new file mode 100644
index 0000000..27d27d4
Binary files /dev/null and b/labs/lab-3/assets/From IAM to Bucket Policies_ A Comprehensive Guide to S3 Access Control with Console, CLI, and Terraform _ by Mohasina Clt _ Medium.pdf differ
diff --git a/labs/lab-3/assets/Grant IAM User Access to Only One S3 Bucket _ Medium.pdf b/labs/lab-3/assets/Grant IAM User Access to Only One S3 Bucket _ Medium.pdf
new file mode 100644
index 0000000..fd55cf4
Binary files /dev/null and b/labs/lab-3/assets/Grant IAM User Access to Only One S3 Bucket _ Medium.pdf differ
diff --git a/labs/lab-3/hello.py b/labs/lab-3/assets/hello.py
similarity index 100%
rename from labs/lab-3/hello.py
rename to labs/lab-3/assets/hello.py
diff --git a/labs/lab-3/prep-console.png b/labs/lab-3/assets/prep-console.png
similarity index 100%
rename from labs/lab-3/prep-console.png
rename to labs/lab-3/assets/prep-console.png
diff --git a/mise.toml b/mise.toml
new file mode 100644
index 0000000..153857e
--- /dev/null
+++ b/mise.toml
@@ -0,0 +1,2 @@
+[tasks.ssh]
+run = "ssh -p 5679 vboxuser@127.0.0.1"
\ No newline at end of file