Add lab 3 WIP

2025-06-09 21:31:41 -07:00
parent 373e11d4f2
commit 4bf9dd216b
13 changed files with 49 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,6 @@
 .env
 terraform/
+private*

 # Byte-compiled Python files
 __pycache__/
--- a/reading/README.md
+++ b/reading/README.md
@ -1 +0,0 @@
- [ ] [Debugging Zine](https://jvns.ca/debugging-zine.pdf)
--- a/resources/RESOURCES.md
+++ b/resources/RESOURCES.md
@ -0,0 +1,7 @@
+# Resources
+
+[Roadmap](./assets/Roadmap%20for%20Cloud%20Security.pdf)
+
+## Read
+- [ ] [Debugging Zine](https://jvns.ca/debugging-zine.pdf)
+- [ ] [The 5 Cybersecurity roles that will disappear first](./assets/The%205%20Cybersecurity%20Roles%20That%20Will%20Disappear%20First%20_%20by%20Taimur%20Ijlal%20_%20Jun,%202025%20_%20Medium-1.pdf)
--- a/resources/assets/Roadmap
+++ b/resources/assets/Roadmap
--- a/resources/assets/The
+++ b/resources/assets/The
--- a/labs/lab-3/LAB-REPORT.md
+++ b/labs/lab-3/LAB-REPORT.md
@ -10,5 +10,42 @@
 - [x] Create & Connect to a Git*** reposiotry
  - [x] https://git.dropbear-minnow.ts.net/
 - [x] Modify and make a second commit
-![image of terminal](./prep-console.png)
- [ ] Test to see if gitea actions works
+![image of terminal](./assets/prep-console.png)
+- [x] Test to see if gitea actions works
+- [ ] Have an existing s3 bucket
+
+## Resources
+- [x] [Capital One Data Breach](./assets/Capital%20One%20Data%20Breach%20—%202019.%20Introduction%20_%20by%20Tanner%20Jones%20_%20Nerd%20For%20Tech%20_%20Medium.pdf)
+- [ ] [Grant IAM User Access to Only One S3 Bucket](./assets/Grant%20IAM%20User%20Access%20to%20Only%20One%20S3%20Bucket%20_%20Medium.pdf)
+- [ ] [IAM Bucket Policies](./assets/From%20IAM%20to%20Bucket%20Policies_%20A%20Comprehensive%20Guide%20to%20S3%20Access%20Control%20with%20Console,%20CLI,%20and%20Terraform%20_%20by%20Mohasina%20Clt%20_%20Medium.pdf)
+- [ ] [Dumping S3 Buckets!](https://www.youtube.com/watch?v=ITSZ8743MUk)
+
+## Lab
+- [ ] Grant perms to ec2 & s3 via IAM roles
+- [ ] S3 Buckets
+  - [ ] How to create one
+    - [ ] Via GUI
+    - [ ] Via terraform
+  - [ ] What are they used for?
+    - I have some existing context for this. I've used this for work
+      in the past for both archival purposes and for serving public content
+      (images & documents). You would commonly use them for 
+  - [ ] How can they be a juicy security risk?
+    - ! A security team will often set alerts around s3 buckets whenever
+        resources are created with no rules set
+    - 
+  - [ ] Create and attach a least-privilege policy
+  - [ ] Associate the IAM role with your running EC2 instance
+  - [ ] Verify access from the instance --> ec2-vm :> aws s3 ls
+
+## Vocab
+### Identity Access Management
+```mermaid
+graph LR
+  IAMPolicy -- attaches to --> IAMIdentity
+  ExplainIAMIdentity[users, groups of users, roles, AWS resources]:::aside
+  ExplainIAMIdentity -.-> IAMIdentity
+  
+  classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px;
+```
+ieua((()))
--- a/labs/lab-3/Lab3-IAMRoleEc2S3Bucket.pdf
+++ b/labs/lab-3/Lab3-IAMRoleEc2S3Bucket.pdf
--- a/labs/lab-3/assets/Capital
+++ b/labs/lab-3/assets/Capital
--- a/labs/lab-3/assets/From
+++ b/labs/lab-3/assets/From
--- a/labs/lab-3/assets/Grant
+++ b/labs/lab-3/assets/Grant
--- a/labs/lab-3/assets/hello.py
+++ b/labs/lab-3/assets/hello.py
--- a/labs/lab-3/assets/prep-console.png
+++ b/labs/lab-3/assets/prep-console.png
--- a/mise.toml
+++ b/mise.toml
@ -0,0 +1,2 @@
+[tasks.ssh]
+run = "ssh -p 5679 vboxuser@127.0.0.1"
				`@ -1 +0,0 @@`
				`- [ ] [Debugging Zine](https://jvns.ca/debugging-zine.pdf)`