Add lab 3 WIP
This commit is contained in:
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,5 +1,6 @@
|
|||||||
.env
|
.env
|
||||||
terraform/
|
terraform/
|
||||||
|
private*
|
||||||
|
|
||||||
# Byte-compiled Python files
|
# Byte-compiled Python files
|
||||||
__pycache__/
|
__pycache__/
|
||||||
|
|||||||
@ -1 +0,0 @@
|
|||||||
- [ ] [Debugging Zine](https://jvns.ca/debugging-zine.pdf)
|
|
||||||
7
labs/0. resources/RESOURCES.md
Normal file
7
labs/0. resources/RESOURCES.md
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# Resources
|
||||||
|
|
||||||
|
[Roadmap](./assets/Roadmap%20for%20Cloud%20Security.pdf)
|
||||||
|
|
||||||
|
## Read
|
||||||
|
- [ ] [Debugging Zine](https://jvns.ca/debugging-zine.pdf)
|
||||||
|
- [ ] [The 5 Cybersecurity roles that will disappear first](./assets/The%205%20Cybersecurity%20Roles%20That%20Will%20Disappear%20First%20_%20by%20Taimur%20Ijlal%20_%20Jun,%202025%20_%20Medium-1.pdf)
|
||||||
BIN
labs/0. resources/assets/Roadmap for Cloud Security.pdf
Normal file
BIN
labs/0. resources/assets/Roadmap for Cloud Security.pdf
Normal file
Binary file not shown.
Binary file not shown.
@ -10,5 +10,42 @@
|
|||||||
- [x] Create & Connect to a Git*** reposiotry
|
- [x] Create & Connect to a Git*** reposiotry
|
||||||
- [x] https://git.dropbear-minnow.ts.net/
|
- [x] https://git.dropbear-minnow.ts.net/
|
||||||
- [x] Modify and make a second commit
|
- [x] Modify and make a second commit
|
||||||
|
|
||||||
- [ ] Test to see if gitea actions works
|
- [x] Test to see if gitea actions works
|
||||||
|
- [ ] Have an existing s3 bucket
|
||||||
|
|
||||||
|
## Resources
|
||||||
|
- [x] [Capital One Data Breach](./assets/Capital%20One%20Data%20Breach%20—%202019.%20Introduction%20_%20by%20Tanner%20Jones%20_%20Nerd%20For%20Tech%20_%20Medium.pdf)
|
||||||
|
- [ ] [Grant IAM User Access to Only One S3 Bucket](./assets/Grant%20IAM%20User%20Access%20to%20Only%20One%20S3%20Bucket%20_%20Medium.pdf)
|
||||||
|
- [ ] [IAM Bucket Policies](./assets/From%20IAM%20to%20Bucket%20Policies_%20A%20Comprehensive%20Guide%20to%20S3%20Access%20Control%20with%20Console,%20CLI,%20and%20Terraform%20_%20by%20Mohasina%20Clt%20_%20Medium.pdf)
|
||||||
|
- [ ] [Dumping S3 Buckets!](https://www.youtube.com/watch?v=ITSZ8743MUk)
|
||||||
|
|
||||||
|
## Lab
|
||||||
|
- [ ] Grant perms to ec2 & s3 via IAM roles
|
||||||
|
- [ ] S3 Buckets
|
||||||
|
- [ ] How to create one
|
||||||
|
- [ ] Via GUI
|
||||||
|
- [ ] Via terraform
|
||||||
|
- [ ] What are they used for?
|
||||||
|
- I have some existing context for this. I've used this for work
|
||||||
|
in the past for both archival purposes and for serving public content
|
||||||
|
(images & documents). You would commonly use them for
|
||||||
|
- [ ] How can they be a juicy security risk?
|
||||||
|
- ! A security team will often set alerts around s3 buckets whenever
|
||||||
|
resources are created with no rules set
|
||||||
|
-
|
||||||
|
- [ ] Create and attach a least-privilege policy
|
||||||
|
- [ ] Associate the IAM role with your running EC2 instance
|
||||||
|
- [ ] Verify access from the instance --> ec2-vm :> aws s3 ls
|
||||||
|
|
||||||
|
## Vocab
|
||||||
|
### Identity Access Management
|
||||||
|
```mermaid
|
||||||
|
graph LR
|
||||||
|
IAMPolicy -- attaches to --> IAMIdentity
|
||||||
|
ExplainIAMIdentity[users, groups of users, roles, AWS resources]:::aside
|
||||||
|
ExplainIAMIdentity -.-> IAMIdentity
|
||||||
|
|
||||||
|
classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px;
|
||||||
|
```
|
||||||
|
ieua((()))
|
||||||
BIN
labs/lab-3/Lab3-IAMRoleEc2S3Bucket.pdf
Normal file
BIN
labs/lab-3/Lab3-IAMRoleEc2S3Bucket.pdf
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
Before Width: | Height: | Size: 103 KiB After Width: | Height: | Size: 103 KiB |
Reference in New Issue
Block a user