AWS Trusted Advisor
Hands-On
Demo
- Introduction to AWS Trusted Advisor
- Navigate to AWS Trusted Advisor Dashboard
- Create Security Group Violation
- Create EBS Snapshot Violation
- Create S3 Bucket Permission Violation
- Wait for Trusted Advisor to Show Violations
- Clean Up and Remediation
- Close Security Group Port
- Delete EBS Snapshot
- Delete EBS Volume
- Delete S3 Bucket
- Verify All Remediated in Trusted Advisor Dashboard
Agenda
VPC
IAM Group
Violation 1 : Create Open Port 22 on default security group
Security Groups
Add Rule
Violation 2 : Create EBS Public Snapshot Violation
# Create an EBS volume
VOLUME_ID=$(aws ec2 create-volume \
--volume-type gp3 \
--size 1 \
--availability-zone us-east-1a \
--query 'VolumeId' \
--output text)# Create a snapshot
SNAPSHOT_ID=$(aws ec2 create-snapshot \
--volume-id $VOLUME_ID \
--description "Test public snapshot" \
--query 'SnapshotId' \
--output text)# Make snapshot public (VIOLATION #2)
aws ec2 modify-snapshot-attribute \
--snapshot-id $SNAPSHOT_ID \
--attribute createVolumePermission \
--operation-type add \
--group-names allViolation 3 : Create S3 Bucket Permission Violation
# Create a bucket
BUCKET_NAME="test-bucket-${RANDOM}"
aws s3api create-bucket \
--bucket $BUCKET_NAME \
--region us-east-1# Make bucket public (VIOLATION #3)
aws s3api put-public-access-block \
--bucket $BUCKET_NAME \
--public-access-block-configuration \
"BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
# Add public read policy
cat << EOF > bucket-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::$BUCKET_NAME/*"
}
]
}
EOFaws s3api put-bucket-policy \
--bucket $BUCKET_NAME \
--policy file://bucket-policy.jsonWait and Check for Violations in Trusted Advisor Console
Clean Up and Remediation
Close the Security Group Port
Delete the Snapshot
Delete the Volume
Delete the S3 Bucket
All Remediated
