AWS Trusted Advisor

Hands-On

Demo

Introduction to AWS Trusted Advisor
Navigate to AWS Trusted Advisor Dashboard
Create Security Group Violation
Create EBS Snapshot Violation
Create S3 Bucket Permission Violation
Wait for Trusted Advisor to Show Violations
Clean Up and Remediation
- Close Security Group Port
- Delete EBS Snapshot
- Delete EBS Volume
- Delete S3 Bucket
Verify All Remediated in Trusted Advisor Dashboard

Agenda

VPC

IAM Group

Violation 1 : Create Open Port 22 on default security group

Security Groups

Add Rule

Violation 2 : Create EBS Public Snapshot Violation

# Create an EBS volume
VOLUME_ID=$(aws ec2 create-volume \
    --volume-type gp3 \
    --size 1 \
    --availability-zone us-east-1a \
    --query 'VolumeId' \
    --output text)

# Create a snapshot
SNAPSHOT_ID=$(aws ec2 create-snapshot \
    --volume-id $VOLUME_ID \
    --description "Test public snapshot" \
    --query 'SnapshotId' \
    --output text)

# Make snapshot public (VIOLATION #2)
aws ec2 modify-snapshot-attribute \
    --snapshot-id $SNAPSHOT_ID \
    --attribute createVolumePermission \
    --operation-type add \
    --group-names all

Violation 3 : Create S3 Bucket Permission Violation

# Create a bucket
BUCKET_NAME="test-bucket-${RANDOM}"
aws s3api create-bucket \
    --bucket $BUCKET_NAME \
    --region us-east-1

# Make bucket public (VIOLATION #3)
aws s3api put-public-access-block \
    --bucket $BUCKET_NAME \
    --public-access-block-configuration \
    "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"

# Add public read policy
cat << EOF > bucket-policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::$BUCKET_NAME/*"
        }
    ]
}
EOF

aws s3api put-bucket-policy \
    --bucket $BUCKET_NAME \
    --policy file://bucket-policy.json

Wait and Check for Violations in Trusted Advisor Console

Clean Up and Remediation

Close the Security Group Port

AWS Trusted Advisor

Hands-On

Demo

Agenda

VPC

IAM Group

Violation 1 : Create Open Port 22 on default security group

Security Groups

Add Rule

Violation 2 : Create EBS Public Snapshot Violation

Violation 3 : Create S3 Bucket Permission Violation

Wait and Check for Violations in Trusted Advisor Console

Clean Up and Remediation

Close the Security Group Port

Delete the Snapshot

Delete the Volume

Delete the S3 Bucket

All Remediated

Trusted Advisor Recommendations

🙏

Thanks

for

Watching

AWS Trusted Advisor - Hands-On Demo

AWS Trusted Advisor - Hands-On Demo

Deepak Dubey PRO

AWS Trusted Advisor

Hands-On

Demo

Agenda

VPC

IAM Group

Violation 1 : Create Open Port 22 on default security group

Security Groups

Add Rule

Violation 2 : Create EBS Public Snapshot Violation

Violation 3 : Create S3 Bucket Permission Violation

Wait and Check for Violations in Trusted Advisor Console

Clean Up and Remediation

Close the Security Group Port

Delete the Snapshot

Delete the Volume

Delete the S3 Bucket

All Remediated

Trusted Advisor Recommendations

🙏

Thanks

for

Watching

AWS Trusted Advisor - Hands-On Demo

More from Deepak Dubey