# AWS Challenge https://jam.awsevents.com/AJFS2021?code=FIN2021 ## Tag Me If You Can! Auto-Tagging ## Granular Security is the Key! Permissions ## All Eyes on You! [EASY] Data protection ## Restore and back me up Backup and Recovery ## No volume will be left unencrypted "Security" ## Find Me If You Can Attribute-based Access Control https://test-hooli.auth.ap-southeast-1.amazoncognito.com/login?client_id=5jff7hr6tj7a18k9m6ahd9064j&response_type=token&scope=aws.cognito.signin.user.admin+email+openid+profile&redirect_uri=https://example.com ## Secure Your Data with Encryption [EASY] "Security" ## Galactic Ricklege Escalation Security Posture Evaluation This is probably Freddy's pain in the ass challenge again :( He probably fixed it too even though McCord is not here. I think you just pass role to an instance, with a start-up script. :thumbsup: ### Shift notes from October, 15th 2066 * If you work overtime, clock in and clock out in the galactic time tracking system * Expense code for galactic jacket laundry is C-137 * Make sure galactic node.js version 8 is used for lambda functions * Hawaian pizza is free every Tuesday at the galactic cafeteria, get the vouchers with captain sdrufles * The standard galactic linux AMI is found using this command, replace "aws_region" for the region you are deploying it: ``` aws ec2 describe-images \ --owners amazon \ --filters "Name=name,Values=amzn2-ami-hvm-2.0.????????.?-x86_64-gp2" "Name=state,Values=available" \ --query "reverse(sort_by(Images, &CreationDate))[:1].ImageId" \ --output text --region aws_region ``` * Report human infestation to the galactic pest control center * The galactic SOC has reported attempts to break into our galactic Jenkins servers, security engineering is looking into it, stay alert and report any suspicious activity to the security tips hotline * s3_level7_role is not working anymore to access the galactic system, cloud engineering working on a fix * All changes need to go through proper approvals, do not push new code to production without an approved ticket * The soda machine is not taking bitcoin anymore due to the big ledger hack, etherium is still accepted * If you stay after 22:00, you are entitled to take a taxi home that is reinbursable >>> ami-087c17d1fe0178315 { "UserName": "galactic-jenkins", "PolicyName": "jenkins_policy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "iam:AttachRolePolicy", "iam:CreateInstanceProfile", "iam:AddRoleToInstanceProfile", "iam:PassRole" ], "Resource": "*", "Effect": "Allow", "Sid": "IAMPermissionsForInstanceRole" }, { "Action": [ "iam:List*", "iam:Get*" ], "Resource": "*", "Effect": "Allow", "Sid": "ForTemporaryTroubleshootingRemoveWhenDone" }, { "Action": [ "ec2:*" ], "Resource": [ "*" ], "Effect": "Allow", "Sid": "EC2PermissionsForJenkinsPipeline" }, { "Action": [ "ec2:Accept*", "ec2:Create*", "ec2:Attach*", "ec2:Authorize*", "ec2:Cancel*", "ec2:Confirm*", "ec2:Bundle*", "ec2:Copy*", "ec2:Delete*", "ec2:Deprovision*", "ec2:Detach*", "ec2:Disable*", "ec2:Disassociate*", "ec2:Enable*", "ec2:Export*", "ec2:Import*", "ec2:ModifyVpc*", "ec2:ModifyTransit*", "ec2:Purchase*", "ec2:Register*", "ec2:Reject*", "ec2:Release*", "ec2:Replace*", "ec2:Reset*", "ec2:Revoke*", "ec2:Update*" ], "Resource": [ "*" ], "Effect": "Deny", "Sid": "EC2PreventsNaughtyThingsFromHappening" }, { "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::galactic-federation-jenkins-code-530546529361", "arn:aws:s3:::galactic-federation-jenkins-code-530546529361/*" ], "Effect": "Allow", "Sid": "JenkinsCodeStorage" } ] } } ## The lamb goes back into the barn Lambda Security - Guess: Try getting the context to log out and you can spin up another lambda. ## Forensics is knocking, let them in! [EASY] Incident Response ## James bond needs the secret code to crack his case Lambda S3 Access ## AWS Trust and Safety Notification Incident Response ## Rotate My Secret Immediately DevOps, SecurityManager ## Deploying Safe Docker Images On EKS Containers