cloud security

27 Topics

Securing Web Applications with AWS WAF and CloudFront ---- Configuring Secure Web Hosting with AWS CloudFront
When I was editing the s3 bucket policy according to the task in the lab, I got an error saying : You either don’t have permissions to edit the bucket policy, or your bucket policy grants a level of public access that conflicts with your Block Public Access settings. Could you take a look and help me out? Thanks🙂
Solved
dpnotnull
20 days ago Place Help & Support Forum
22Views
0likes
2Comments
AWS Security Hub: Integrations and Custom Actions
Hi everyone! Q10 (create a rule called SecHub-tickets) on this lab is not completing. After I click create rule (Step 5) on the EventBridge, I got an error: Access denied to iam:CreateRole You don't have permission to iam:CreateRole. To request access, copy the following text and send it to your AWS administrator. Anybody had the same error here or working as expected there? Thanks in advance!
Solved
T3S0r0
22 days ago Place Help & Support Forum
73Views
1like
6Comments
Microsoft Sentinel SOAR: Demonstrate Your Skills
I am trying to complete the SOAR: Demonstrate your skills lab and I'm having an issue with one question. I believe I have done what it is asking but the question won't show as completed, I can't move on until this part is done. Is anyone able to point me in the right direction if I'm doing something wrong or am completely off target. Thanks
Cyb3rM0nK3y
24 days ago Place Help & Support Forum
53Views
1like
3Comments
[AWS]IAM: Tagging
Hello everyone. I'm stuck on Q3 of this lab. I'm leaving the ec2-custom-read policy as: { "Statement": [ { "Action": [ "ec2:GetTransitGateway*" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "automation" ] } }, "Sid": "ReadEC2TransitGateways" } ], "Version": "2012-10-17" } But if I try to save the policy, it gives me an error: Access denied to iam:CreatePolicyVersion You don't have permission to iam:CreatePolicyVersion Any hints on what I'm missing here? I think I didnt understand what exactly the exercise is asking for here. Regards,
Solved
T3S0r0
2 months ago Place Help & Support Forum
29Views
2likes
2Comments
Systems Manager: Automation
Hello, On exercise 4 (Create playbook) I'm getting an error if I configure Step One according the instruction, and I can't proceed with the playbook creation. "AccessDeniedException: User: {{user}} is not authorized to perform: ssm:CreateDocument on resource: {{resource}}/NewRunbook because no permissions boundary allows the ssm:CreateDocument action" This is how I structured the code: schemaVersion: '0.3' assumeRole: {{according the instructions}} description: EC2-Stop-Prod-EU-WEST-1 mainSteps: - name: Pause action: aws:pause nextStep: Approve isEnd: false inputs: {} - name: Approve action: aws:approve nextStep: get_instance_ids isEnd: false inputs: Approvers: - {{according the instructions}} - name: get_instance_ids action: aws:executeAwsApi nextStep: turn_off_prod_instances isEnd: false inputs: Api: DescribeInstances Service: ec2 Filters: - Name: tag-key Values: - prod - Name: instance-state-name Values: - running outputs: - Name: InstanceIds Selector: $.Reservations..Instances..InstanceId Type: StringList - name: turn_off_prod_instances action: aws:executeScript isEnd: true inputs: Runtime: python3.8 Handler: script_handler Script: |- def script_handler(events,context): import boto3 #Initialize client ec2 = boto3.client('ec2') instanceList = events['InstanceIds'] for instance in instanceList: ec2.stop_instances(InstanceIds=[instance]) InputPayload: InstanceIds: '{{get_instance_ids.InstanceIds}}' Does anyone had the same error while doing this lab? Regards,
Solved
T3S0r0
2 months ago Place Help & Support Forum
80Views
3likes
2Comments
EC2: Demonstrate Your Skills
Hello everyone, Q9 (Once your load balancer is active, visit the website via its DNS name. What is the token from the webpage?) from EC2: Demonstrate Your Skills is giving an incorrect answer, tough all previous questions are marked green and I'm filling with the exact output from the page (a six digits number). Anyone with the same error?
Solved
T3S0r0
2 months ago Place Help & Support Forum
52Views
0likes
4Comments
Sentinel Blue team ops
2 separate questions for KQL can someone lmk what I'm doing wrong please.
itskw271
4 months ago Place Help & Support Forum
60Views
0likes
1Comment
S3: Access Policies (Q5)
Hi I don't get passed this question when I put this for the access point: What am I missing here please, I always get an error on AWS saying that the access point can't be implemented. { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::407044316022:user/metrolio-accessor" }, "Action": ["s3:ListBucket", "s3:GetObject"], "Resource": [ "arn:aws:iam::407044316022:accesspoint/metrolio-access-point/object/data/*" ] }] }
kikasudo
4 months ago Place Help & Support Forum
85Views
0likes
5Comments
Kubernetes: Native Logging
In lab "Kubernetes: Native Logging" I really cannot understand the question - "What is the token for creating the correct audit rule as specified in the Tasks?" - in step 9. I configured auditing correctly and went through all steps (except 9), and also found the answer for the last 11th step but I really cannot understand the question in step 9. I found one token in audit log, decoded from base64 but that's not correct answer. Anybody can help? Peter
Solved
peter
5 months ago Place Help & Support Forum
64Views
0likes
1Comment
Kubernetes: Secrets
Can someone help me with Question 6. Every command i am trying to execute in the lab returns user "linux" doesn't have enough privileges.
Solved
JoelBethel
5 months ago Place Help & Support Forum
126Views
1like
2Comments