Incident Response and Forensics for EC2: Preparation
Regarding Task 7 in this Lab (Incident Response and Forensics for EC2: Preparation) ---- Create forensics AMI 1/4 I CANNOT find the required AMI "the ubuntu 22.04 ami with ID ami-01dd271720c1ba44f" in the AWS console as shown in the image below: Could you take a look and help me out? Thanks🙂
S3: Demonstrate Your Skills
I have completed all 10 questions except question 6. 6. Access control Create an access point (AP) called metrolio-dev-ap attached to the metrolio-data-467e6352 bucket. This should allow developers working in the dev vpc vpc-08333ea4fc7562479 using the role arn:aws:iam::447645673093:role/metrolio-developer to list and get all objects in the bucket. Ensure you follow best practices of blocking public access. NOTE: AWS often faces internal errors – we believe these to be race conditions – when applying policies to new access points. You may need to re-apply the policy to the AP. I have re-applied the Access Point policy several times but still is not detected. I’m not sure if it is my Access Point policy or the AWS Immersivelabs that is at fault. Any help would be greatly appreciated. This is my Access Point Policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::447645673093:role/metrolio-developer" }, "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap/object/*", "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap" ], "Condition": { "StringEquals": { "aws:SourceVpc": "vpc-08333ea4fc7562479" } } } ] } I tried to replicate similar permissions on bucket policy only to be denied by restrictive permission. NOTE: Account ID, Bucket names and few other identifiers do not match between screenshot 1-2 and screenshot 3. The screenshot 3 is from different attempt.
