This workshop will guide you through four modules building up a multi-stage protection stratgey. Each module builds on the previous module to provide an understanding of how AWS security services can be used to provide holistic controls encompassing the entire security lifecycle. We will deploy a simple ethical hacking application that enables users to explore vulnerabilities. The deployment uses AWS CloudFormation to deploy the Damn Vulnerable Web Application (DVWA).
The application architecture uses Amazon EC2, AWS Auto Scaling and Amazon Relational Database Service (Amazon RDS).
See the diagram below for a description of the core infrastructure.
In order to complete this workshop you'll need an AWS Account with access to create AWS IAM, S3, EC2, VPC, CloudTrail, GuardDuty and WAF resources. The code and instructions in this workshop assume only one student is using a given AWS account at a time. If you try sharing an account with another student, you may run into naming conflicts for certain resources. You can work around these by appending a unique suffix to the resources that fail to create due to conflicts, but the instructions do not provide details on the changes required to make this work.
Many of the resources you will launch as part of this workshop are eligible for the AWS free tier if your account is less than 12 months old. See the AWS Free Tier page for more details.
We recommend you use the latest version of Chrome to complete this workshop.
Some of the modules use the CLI to access AWS resources. Follow the guide here to get setup.
To access the servers that are deployed in the workshop you'll need to generate a keypair. Follow this guide to complete the setup.
Record the name of the keypair as you will need it to deploy the lab.
During the lab you will generate a self-signed SSL certificate, to do this we use openssl. You can download the tool for Windows, Linux and Mac here.
The application can be launched in the following regions by clicking the launch stack icons below.
| Stack | Launch |
|---|---|
| US East (N. Virginia) |  |
| US East (Ohio) | |
| US West (Oregon) | |
| EU (Frankfurt) | |
| EU (Ireland) | |
| Asia Pacific (Tokyo) | |
| Asia Pacific (Sydney) | |
Note: You will be prompted to supply the keypair you generated in the pre-reqs above.
Once the stack has successfully deployed we need capture a couple of variables generated during the setup for use in the modules. In the AWS console open the CloudFormation service. You will see a stack (not NESTED) called "aws-security-workshop", place a check in the box next to it and in the ribbon below select "Output". Here you will find the URL for the DVWA and the bucket name for S3. Record them both.
Use the DVWA url obtained above to access the site by entering it into your browser. Once the page returns click the "Create / Reset database" button at the bottom of the page.
Login with:
Username: admin
Password: password
In the left hand menu select DVWA Security, in the dropdown select Low and click Submit.
The workshop has been modelled around a common pattern for security lifecycle.
- Prevention - common techniques to enforce desired controls in AWS
- Detection - products that help monitor and surface information about security and change across AWS
- Response - techniques to automatically remmdiate against information surfaced through detection
- Analysis - techniques to audit information gathered across AWS