# Lab 3 ## Prep - [x] Gitea set up - [x] MFA set up - [x] Add git ignore - [x] Secrets/Token Management - [x] Consider secret-scanning - [x] Added git-leaks on pre-commit hook - [x] Create & Connect to a Git*** reposiotry - [x] https://git.dropbear-minnow.ts.net/ - [x] Modify and make a second commit ![image of terminal](./assets/prep-console.png) - [x] Test to see if gitea actions works - [x] Have an existing s3 bucket ## Resources - [x] [Capital One Data Breach](./assets/Capital%20One%20Data%20Breach%20—%202019.%20Introduction%20_%20by%20Tanner%20Jones%20_%20Nerd%20For%20Tech%20_%20Medium.pdf) - [x] [Grant IAM User Access to Only One S3 Bucket](./assets/Grant%20IAM%20User%20Access%20to%20Only%20One%20S3%20Bucket%20_%20Medium.pdf) - [ ] [IAM Bucket Policies](./assets/From%20IAM%20to%20Bucket%20Policies_%20A%20Comprehensive%20Guide%20to%20S3%20Access%20Control%20with%20Console,%20CLI,%20and%20Terraform%20_%20by%20Mohasina%20Clt%20_%20Medium.pdf) - [ ] [Dumping S3 Buckets!](https://www.youtube.com/watch?v=ITSZ8743MUk) ## Lab - [ ] Grant perms to ec2 & s3 via IAM roles - [ ] S3 Buckets - [ ] How to create one - [ ] Via GUI - [ ] Via terraform - [ ] What are they used for? - I have some existing context for this. I've used this for work in the past for both archival purposes and for serving public content (images & documents). You would commonly use them for - [ ] How can they be a juicy security risk? - ! A security team will often set alerts around s3 buckets whenever resources are created with no rules set - - [ ] Create and attach a least-privilege policy - [ ] Associate the IAM role with your running EC2 instance - [ ] Verify access from the instance --> ec2-vm :> aws s3 ls ## Vocab ### Identity Access Management ```mermaid graph LR IAMPolicy -- attaches to --> IAMIdentity ExplainIAMIdentity[users, groups of users, roles, AWS resources]:::aside ExplainIAMIdentity -.-> IAMIdentity classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px; ```