A small startup recently migrated its infrastructure to the AWS cloud. However, they didn’t configure proper security controls. As a result:
For all the resources in this lab, we are using the US East (N. Virginia) region.
In this lab, you will complete the following exercises:
Note: Please ensure that you have created an AWS Account with an active credit at (https://aws.amazon.com/), or apply for AWS free credit (Here).
In this exercise, you will complete the following tasks:
Start a browser session and sign in to the AWS Management Console https://aws.amazon.com/console/
.
In the Search AWS services text box at the top of the AWS Management Console page, type IAM and press the Enter key.
On the IAM Dashboard, in the Access management section, select Users, and then select Add users.
On the Add user page, specify the following settings:
Setting | Value |
---|---|
User name | Bob |
Password | Auto-generate password |
AWS Management Console access | Enable |
Click Next: Permissions.
Click Next: Tags, then Next: Review.
Review the settings and select Create user.
Result: You created a user and assigned the Security Administrator role.
In this exercise, you will complete the following tasks:
In this task, you will assign Bob with the ResourceGroupAdministrator role for the CyberP-Project project.
Step 1: Create a Custom IAM Policy
Note: The ARN is gotten from the resource group dashboard
```{ “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “resource-groups:”, “tag:GetResources”, “tag:GetTagKeys”, “tag:GetTagValues” ], “Resource”: “” } ] }
🔐 You can restrict
"Resource": "*"
to your specific group ARN if needed (e.g.,arn:aws:resource-groups:us-east-1:123456789012:group/CyberP-Project
).
CyberPProjectAdminPolicy
.Step 2: Attach the Policy to Bob
Result: You successfully configured IAM for the Project.
In this exercise, you will complete the following tasks:
In the Search AWS services text box, type CloudWatch and press the Enter key.
In the CloudWatch dashboard, select Logs, then set up a log group.
Create a Log Group with the following parameters:
Setting | Value |
---|---|
Log Group Name | CyberP-Logs |
Region | US East (N. Virginia) |
In the CloudWatch dashboard, select Alarms, then configure necessary CloudWatch Alarms.
Next, enter CloudTrail in the Search AWS services text box and press Enter.
In the CloudTrail dashboard, select Trails and create a new trail using default settings.
In the Search AWS services text box, type Cost Management and press the Enter key.
In the Cost Management dashboard, select Budgets, then create a new budget.
On the Set Budget page, specify the following settings:
Setting | Value |
---|---|
Budget name | CyberP-Budget |
Cost/Usage type | Cost Budget |
Period | Monthly |
Click Next and set an alert condition: 100% of Budget.
Add your email address to receive notifications.
Review and click Create Budget.
Result: You successfully enabled AWS CloudWatch and CloudTrail, and set up cost alerts.
Side Task: Create an EC2 instance and assign Bob the EC2InstanceAdministrator role for the instance. Then log in as Bob and see what tasks Bob can perform with that role. Once done, take a screenshot of the completed task and upload it on LinkedIn with the hashtag #cloudprojectwithcyberpreacher while sharing your experiences around the project.
Note: Ensure to delete all resources created during this project to manage costs.