Forum Discussion
Bronze IICustom Lab creation AWS EC2 image issue
Hi,
I am trying to create a custom lab in AWS EC2 Ubuntu but our works AWS account blocks the security group for inbound rules for SSH 22 and RDP 3389, so get to the point were I can save the EC2 image to an AMI for the lab.
The other option for connecting to the lab is to use Web http port 80.
Are the any helpful custom lab guides for helping set up an AWS EC2 with a web app?
I was thinking a browser as the web app would be OK as the lab would involve looking at static web pages.
TIA
Rob
4 Replies
- MattParven
Immerser
Hey hexninja !
This is awesome! Can you tell me what you are building exactly? Is it a vulnerable web app?
For clarity, when you share your AMI with us, we deploy it in our own lab environment, and we apply our own security group to that. We don't copy it, so you must keep a version of it in your own AWS account, but we do deploy the AMI itself in our own account. This means any network SGs on your own side aren't an issue. Unless you are talking about not being able to actually build the AMI because you aren't able to SSH/RDP in to test it?
We have a TON of docs and videos coming out soon to help people with building their own labs, which will be available in July - along with some other new features I think that will help you.Matt
hexninjaHi MattParven
I have managed to setup AMIs in our AWS 'burner' accounts and share them with Immersive Labs as our 'burner' account supports unencrypted EBS storage. My issues is these accounts are reset every 21 days and not suitable for storing the AMI long term.
Our normal AWS accounts do not allow unencrypted EBS (company wide policy) and so when I share the AMI it does not work in Immersive Labs as Immersive Labs does not have the encryption key!
Is there any way to support sharing an AMI with an encrypted EBS? I guess we would need to share a key or use one of yours?
Thanks,
Rob
- MattParven
Hey hexninja . If your organization is forcing encrypted EBS and there is no way to create a long-lived AWS account to store them unencrypted, this could pose a problem.
We may look at an option to "Copy" AMI to us in the future, which would mitigate this.
However in the short term (July), we are releasing a new feature that is basically an "image library" of machines we manage that you can choose from (Kali, Reverse Engineering machine, Forensics machine, etc.). These machines allow you to upload files (like logs) without needing to build/manage the underlying machines yourself, and I think that this may suit your needs.
What type of software are you needing on the Ubuntu machine to do the log analysis, is it custom to your org or open source tools?
Matt
- hexninja
Thanks MattParven
What I am building is some training for our team with work specific logs that we can analyse with an Ubuntu machine.
The issue was that our infrastructure blocks SSH and RDP so I wasn't able to connect and test to the image directly within our AWS 'burner' environment. I can connect to them via SSM but as it is just command line, setting up the XDRP Ubuntu GUI is a bit iterative knowing which parts are configured correctly ready for a user to interact with such as getting the test data and tools on the Desktop.
However, I have been able to build two AMIs and tested them in the Immersive Labs Create a Lab section and it works!
One is an Ubuntu server machine connecting via SSH and the other is Ubuntu GUI machine connecting via XRDP.
I have some issues when when trying to share our AMI's with encrypted(company policy) but I will send a separate message
