Skip to content

rafri/week-18-lab

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Week 18 labs

AWS Cloud security lab

  • Introducing Pulumi (as an alternative to Cloudformation)
  • AWS Security Hub
  • AWS Prowler

Todo

  • ClickOps AWS Security Hub on your account
  • Install AWS Prowler
  • Install Pulumi
  • Deploy stack
  • Run Prowler on ec2
  • Fix script to reduce number of Prowler and AWS Security hub alerts
  • Redploy stack and run prowler

Lowest number of prowler issues wins

Getting started

We're going to deploy an insecure application to AWS

Install Pulumi

# install pulumi and then start a new terminal
# see https://www.pulumi.com/docs/get-started/aws/begin/
curl -fsSL https://get.pulumi.com | sh

Deploy the insecure stack

# ensure AWS creds are exported to current env

# also export this bucket name
# shove in the aws account id to make it globally unique
export PULUMI_STATE_BUCKET_NAME="jujhar-$(aws sts get-caller-identity --query Account --output text)-pulumi-state-store"

# create Pulumi s3 state store bucket to store the state in
aws s3api create-bucket \
  --bucket "${PULUMI_STATE_BUCKET_NAME}" \
  --region eu-west-1 \
  --create-bucket-configuration LocationConstraint=eu-west-1

# tell Pulumi you're using this bucket as your state store
pulumi login s3://"${PULUMI_STATE_BUCKET_NAME}"

# install node deps
(cd infra && npm i)

# Check stack
(cd infra && pulumi preview)

# Deploy stack
(cd infra && pulumi up)

# destroy stack
(cd infra && pulumi down)

About

Lab exercise for session 18, cloud security

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%