Add wip lab 3

2025-06-10 10:54:13 -07:00
parent 4bf9dd216b
commit cbe1713adf
25 changed files with 17 additions and 13 deletions
--- a/lab-3/LAB-REPORT.md
+++ b/lab-3/LAB-REPORT.md
@ -0,0 +1,50 @@
+# Lab 3
+
+## Prep
+- [x] Gitea set up
+- [x] MFA set up
+- [x] Add git ignore
+- [x] Secrets/Token Management
+    - [x] Consider secret-scanning
+      - [x] Added git-leaks on pre-commit hook
+- [x] Create & Connect to a Git*** reposiotry
+  - [x] https://git.dropbear-minnow.ts.net/
+- [x] Modify and make a second commit
+![image of terminal](./assets/prep-console.png)
+- [x] Test to see if gitea actions works
+- [x] Have an existing s3 bucket
+
+## Resources
+- [x] [Capital One Data Breach](./assets/Capital%20One%20Data%20Breach%20—%202019.%20Introduction%20_%20by%20Tanner%20Jones%20_%20Nerd%20For%20Tech%20_%20Medium.pdf)
+- [x] [Grant IAM User Access to Only One S3 Bucket](./assets/Grant%20IAM%20User%20Access%20to%20Only%20One%20S3%20Bucket%20_%20Medium.pdf)
+- [ ] [IAM Bucket Policies](./assets/From%20IAM%20to%20Bucket%20Policies_%20A%20Comprehensive%20Guide%20to%20S3%20Access%20Control%20with%20Console,%20CLI,%20and%20Terraform%20_%20by%20Mohasina%20Clt%20_%20Medium.pdf)
+- [ ] [Dumping S3 Buckets!](https://www.youtube.com/watch?v=ITSZ8743MUk)
+
+## Lab
+- [ ] Grant perms to ec2 & s3 via IAM roles
+- [ ] S3 Buckets
+  - [ ] How to create one
+    - [ ] Via GUI
+    - [ ] Via terraform
+  - [ ] What are they used for?
+    - I have some existing context for this. I've used this for work
+      in the past for both archival purposes and for serving public content
+      (images & documents). You would commonly use them for 
+  - [ ] How can they be a juicy security risk?
+    - ! A security team will often set alerts around s3 buckets whenever
+        resources are created with no rules set
+    - 
+  - [ ] Create and attach a least-privilege policy
+  - [ ] Associate the IAM role with your running EC2 instance
+  - [ ] Verify access from the instance --> ec2-vm :> aws s3 ls
+
+## Vocab
+### Identity Access Management
+```mermaid
+graph LR
+  IAMPolicy -- attaches to --> IAMIdentity
+  ExplainIAMIdentity[users, groups of users, roles, AWS resources]:::aside
+  ExplainIAMIdentity -.-> IAMIdentity
+  
+  classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px;
+```
--- a/lab-3/Lab3-IAMRoleEc2S3Bucket.pdf
+++ b/lab-3/Lab3-IAMRoleEc2S3Bucket.pdf
--- a/lab-3/Preparation
+++ b/lab-3/Preparation
--- a/lab-3/README.md
+++ b/lab-3/README.md
@ -0,0 +1 @@
+# My First Repo
--- a/lab-3/assets/Capital
+++ b/lab-3/assets/Capital
--- a/lab-3/assets/From
+++ b/lab-3/assets/From
--- a/lab-3/assets/Grant
+++ b/lab-3/assets/Grant
--- a/lab-3/assets/hello.py
+++ b/lab-3/assets/hello.py
@ -0,0 +1 @@
+print('Hello, world!')
--- a/lab-3/assets/prep-console.png
+++ b/lab-3/assets/prep-console.png