51 lines
1.9 KiB
Markdown
51 lines
1.9 KiB
Markdown
# Lab 3
|
|
|
|
## Prep
|
|
- [x] Gitea set up
|
|
- [x] MFA set up
|
|
- [x] Add git ignore
|
|
- [x] Secrets/Token Management
|
|
- [x] Consider secret-scanning
|
|
- [x] Added git-leaks on pre-commit hook
|
|
- [x] Create & Connect to a Git*** repository
|
|
- [x] https://git.dropbear-minnow.ts.net/
|
|
- [x] Modify and make a second commit
|
|
|
|
- [x] Test to see if gitea actions works
|
|
- [x] Have an existing s3 bucket
|
|
|
|
## Resources
|
|
- [x] [Capital One Data Breach](./assets/Capital%20One%20Data%20Breach%20—%202019.%20Introduction%20_%20by%20Tanner%20Jones%20_%20Nerd%20For%20Tech%20_%20Medium.pdf)
|
|
- [x] [Grant IAM User Access to Only One S3 Bucket](./assets/Grant%20IAM%20User%20Access%20to%20Only%20One%20S3%20Bucket%20_%20Medium.pdf)
|
|
- [ ] [IAM Bucket Policies](./assets/From%20IAM%20to%20Bucket%20Policies_%20A%20Comprehensive%20Guide%20to%20S3%20Access%20Control%20with%20Console,%20CLI,%20and%20Terraform%20_%20by%20Mohasina%20Clt%20_%20Medium.pdf)
|
|
- [ ] [Dumping S3 Buckets!](https://www.youtube.com/watch?v=ITSZ8743MUk)
|
|
|
|
## Lab
|
|
- [x] create a custom IAM Policy
|
|
- [x] create an IAM Role for EC2
|
|
|
|
|
|
- [x] Attach the Role to your EC2 Instance
|
|
- [x] Verify is3 access from the EC2 Instance
|
|
|
|
|
|
### Stretch
|
|
- [ ] Create a bucket policy that blocks all public access but allows your IAM role
|
|
|
|
## Terms
|
|
### Identity Access Management
|
|
```mermaid
|
|
graph LR
|
|
IAMPolicy -- attaches to --> IAMIdentity
|
|
ExplainIAMIdentity[users, groups of users, roles, AWS resources]:::aside
|
|
ExplainIAMIdentity -.-> IAMIdentity
|
|
|
|
classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px;
|
|
```
|
|
|
|
## End lab
|
|
- [ ] Clean up
|
|
- [ ] Custom roles
|
|
- [ ] Custom policies
|
|
- [ ] Stop ec2 Instance
|
|
- [ ] Remove s3 bucket |