IAM: Demonstrate Your Skills - Developer access (2/3)
Developer access (2/3) I have completed the developer access question 1 with the following policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::147026630027:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "lambda:*", "Resource": "*" }, { "Sid": "VisualEditor2", "Effect": "Deny", "Action": "lambda:*", "Resource": "arn:aws:lambda:us-east-1:147026630027:function:virus-scanner" } ] } Currently stuck on the Developer access 2 question: Update the developers-lambda policy, with the following additional permissions: Ensure the policy allows CreatePolicy, CreateRole, GetRole, GetPolicy, GetPolicyVersion, ListRoles, ListPolicies, ListRolePolicies, and ListAttachedRolePolicies actions for all resources. Ensure the policy allows role policy attachment to all resources, but only when the developers-s3 arn:aws:iam::147026630027:policy/developers-s3 policy is present as a permissions boundary. This essentially restricts the maximum permissions of any developer-created role. Leave any condition qualifiers as default and ArnEquals as the condition. I have this code but is not working: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::147026630027:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "lambda:*", "iam:CreatePolicy", "iam:CreateRole", "iam:GetRole", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListRoles", "iam:ListPolicies", "iam:ListRolePolicies" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PermissionsBoundary": "arn:aws:iam::147026630027:policy/developers-s3" } } }, { "Sid": "VisualEditor3", "Effect": "Deny", "Action": "lambda:*", "Resource": "arn:aws:lambda:us-east-1:147026630027:function:virus-scanner" } ] } Any help would be great full. Thanks
Systems Manager: Run Command (AWS)
Hi, I am attempting to complete the Systems Manager: Run Command lab and successfully complete run the commands (both turn green). It mentions there should be a token output from the second command but the commands fail each time. Anywhere else I should be looking to get the token and/or successful run the command.Cybersecurity and philosophy
Fellow members of the Cyber family: I think the ancient philosophers, those who recognized their own ignorance, were motive: their curiosity to learn, to question, to go a step further, to not settle ... I would like to think that these qualities defined great thinkers. And may we never lose the ability to recognize and be surprised, in the face of threats; studying them, always. I have always believed that a “let's talk” can be more enriching than a “I denounce you”: learning, if possible, from the adversary and his geniuses. And, of course, let's keep learning: every day: tactics, techniques, procedure and vectors. Nobody said this was going to be easy, did they? :). Good luck!.
