Rogue Permissions Challenge

Languages Available: Español (Latinoamérica) | Français | Bahasa Indonesia | Italiano | 日本語 | 한국어 | Português (Brasil) | 中文（简体)

This lab takes you through the process of using Amazon Athena to query AWS CloudTrail logs to identify policies that need to be updated to prevent unauthorized access. You will practice reviewing CloudTrail logs to refine search results in order to locate specific AWS Identity and Access Management (IAM) permissions that need to be scoped down. As an AWS security expert, you will be challenged to build IAM policies that allow AWS Lambda functions to make only approved API calls. This process will require you to understand the CloudTrail logs in detail and apply your analysis to create policies that target specific resources or use conditional statements. Completing this lab will allow you to see how to leverage CloudTrail to identify rouge applications and the roles associated with the applications and to lock down permissions to allow only permitted actions.

Level

Advanced

Duration

2 Hours 0 Minutes

Course Objectives

In this course, you will learn how to:

• Set up Athena to query CloudTrail logs
• Identify services that are being abused
• Modify policies to allow access to development resources and deny access to production resources

Intended Audience

This course is intended for:

• Security Engineers

Prerequisites

We recommend that attendees of this course have the following prerequisites:

• None

Course Outline

• Task 1: Understanding the issues that users are complaining about
• Task 2: Locking down IAMuser
• Task 3: Setting up Amazon Athena
• Task 4: Identifying why the production instance is being terminated
• Task 5: Stopping the security group
• Task 6: Identifying DynamoDB tagging issue