Cloud Security Lab a Week (S.L.A.W)
One cloudsec lab. 15-30 minutes. Every week.
You want free training? We got free training!
The user-data field is a powerful tool for automation, but can be a major source of risk.
Today we learn how IAM roles work with instances, and how an older (and widely used) essential mechanism can be easily exploited.
Remember how I said to never use IAM users, or give them access keys? Today you'll learn why, as you hack one of my accounts (sorta).
Time to see our hard work in action, as we deliberately expose an instance to see what happens.
We learn a cool way to log activity into S3 using Session Manager
We've been using Session Manger in our labs. Today we'll level up with logging and command line access.
In this lab we will connect to an instance on a totally private subnet, without inbound or outbound Internet access, using a VPC Endpoint.
We've been at this over 6 months, so I suppose we should actually run something.
Learn what makes security groups special with a hands-on build.
Since we deleted our VPC last week, let's recreate it but this time using CloudFormation.
This week we'll learn about private subnets and the different options for letting them talk to the Internet, which are annoyingly required a lot.
In today's lab we will create a bare-bones VPC piece by piece to learn what you need, what you don't, and how it works.