Question for members: your most rebellious labs
Hello!, I think it would be interesting to share in this Community those labs that have been the most difficult for us to complete; or those that are resisting us and we have invested a significant amount of time: trying tactics and techniques, reading carefully their documentation and references, blog posts about the exploits, testing options or just going step by step. Let's get started :)!: .: I find it hard to finish labs related to access policies or permissions in Cloud: maybe it's the syntax required to give permission to a S3 bucket or to the access point ... but I invest a lot of time to complete them. I am close to having finished 2,400 labs but when I have to write the concrete policy in that json file I struggle :). .: Esoteric labs, as I like to call them ^^. Example: CAN bus. Don't ask me the specific reason, but I have been trying for some time to finish the last few!: I love them, but I'm stuck at the moment. [...] So: which are the labs you have had the hardest time finishing (no matter the difficulty) and which are the ones you are investing the most time in?. Thank you and good luck!.
S3: Demonstrate Your Skills
I have completed all 10 questions except question 6. 6. Access control Create an access point (AP) called metrolio-dev-ap attached to the metrolio-data-467e6352 bucket. This should allow developers working in the dev vpc vpc-08333ea4fc7562479 using the role arn:aws:iam::447645673093:role/metrolio-developer to list and get all objects in the bucket. Ensure you follow best practices of blocking public access. NOTE: AWS often faces internal errors – we believe these to be race conditions – when applying policies to new access points. You may need to re-apply the policy to the AP. I have re-applied the Access Point policy several times but still is not detected. I’m not sure if it is my Access Point policy or the AWS Immersivelabs that is at fault. Any help would be greatly appreciated. This is my Access Point Policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::447645673093:role/metrolio-developer" }, "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap/object/*", "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap" ], "Condition": { "StringEquals": { "aws:SourceVpc": "vpc-08333ea4fc7562479" } } } ] } I tried to replicate similar permissions on bucket policy only to be denied by restrictive permission. NOTE: Account ID, Bucket names and few other identifiers do not match between screenshot 1-2 and screenshot 3. The screenshot 3 is from different attempt.
