2.0 KiB
2.0 KiB
Lab 3
Prep
- Gitea set up
- MFA set up
- Add git ignore
- Secrets/Token Management
- Consider secret-scanning
- Added git-leaks on pre-commit hook
- Consider secret-scanning
- Create & Connect to a Git*** reposiotry
- Modify and make a second commit
- Test to see if gitea actions works
- Have an existing s3 bucket
Resources
- Capital One Data Breach
- Grant IAM User Access to Only One S3 Bucket
- IAM Bucket Policies
- Dumping S3 Buckets!
Lab
- Grant perms to ec2 & s3 via IAM roles
- S3 Buckets
- How to create one
- Via GUI
- Via terraform
- What are they used for?
- I have some existing context for this. I've used this for work in the past for both archival purposes and for serving public content (images & documents). You would commonly use them for
- How can they be a juicy security risk?
- ! A security team will often set alerts around s3 buckets whenever resources are created with no rules set
- Create and attach a least-privilege policy
- Associate the IAM role with your running EC2 instance
- Verify access from the instance --> ec2-vm :> aws s3 ls
- How to create one
Vocab
Identity Access Management
graph LR
IAMPolicy -- attaches to --> IAMIdentity
ExplainIAMIdentity[users, groups of users, roles, AWS resources]:::aside
ExplainIAMIdentity -.-> IAMIdentity
classDef aside fill:#fffbe6,stroke:#bbb,stroke-dasharray: 5 5,stroke-width:2px;
ieua((()))