cloud security
43 Topics
Snort Rules: Ep.5 – Fake Tech Support Popup
I have been stuck on Question 5 for a while now. Create a Snort rule to detect connections to this IP address from 10.1.9.101 on port 49349, then submit the token. Does this IP refer to IP in the previous question? If so, I have tried so many different rules but one worked.Solved223Views1like1CommentIAM: Demonstrate Your Skills - Developer access (2/3)
Developer access (2/3) I have completed the developer access question 1 with the following policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::147026630027:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "lambda:*", "Resource": "*" }, { "Sid": "VisualEditor2", "Effect": "Deny", "Action": "lambda:*", "Resource": "arn:aws:lambda:us-east-1:147026630027:function:virus-scanner" } ] } Currently stuck on the Developer access 2 question: Update the developers-lambda policy, with the following additional permissions: Ensure the policy allows CreatePolicy, CreateRole, GetRole, GetPolicy, GetPolicyVersion, ListRoles, ListPolicies, ListRolePolicies, and ListAttachedRolePolicies actions for all resources. Ensure the policy allows role policy attachment to all resources, but only when the developers-s3 arn:aws:iam::147026630027:policy/developers-s3 policy is present as a permissions boundary. This essentially restricts the maximum permissions of any developer-created role. Leave any condition qualifiers as default and ArnEquals as the condition. I have this code but is not working: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::147026630027:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "lambda:*", "iam:CreatePolicy", "iam:CreateRole", "iam:GetRole", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListRoles", "iam:ListPolicies", "iam:ListRolePolicies" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PermissionsBoundary": "arn:aws:iam::147026630027:policy/developers-s3" } } }, { "Sid": "VisualEditor3", "Effect": "Deny", "Action": "lambda:*", "Resource": "arn:aws:lambda:us-east-1:147026630027:function:virus-scanner" } ] } Any help would be great full. ThanksSolved157Views2likes2Comments
Systems Manager: Run Command (AWS)
Hi, I am attempting to complete the Systems Manager: Run Command lab and successfully complete run the commands (both turn green). It mentions there should be a token output from the second command but the commands fail each time. Anywhere else I should be looking to get the token and/or successful run the command.Solved130Views3likes4Comments
Incident Response and Forensics for EC2: Preparation
Regarding Task 7 in this Lab (Incident Response and Forensics for EC2: Preparation) ---- Create forensics AMI 1/4 I CANNOT find the required AMI "the ubuntu 22.04 ami with ID ami-01dd271720c1ba44f" in the AWS console as shown in the image below: Could you take a look and help me out? Thanks🙂Solved113Views0likes7Comments
