SYS 360 Lab 11 1.2: Module 4 and Lab 4.1 from Cloud Security Foundations - JadenGil/Jaden-Tech-Journal GitHub Wiki

Analyzing the VPC and private subnet resource settings

We want to go to VPC and we will see the two VPCs that we are using in this lab:

image

Note from lab: The AWS Region that you are currently observing has two VPCs. One is the default VPC, which has a CIDR range of 172.31.0.0/16. The other is named LabVPC and has a CIDR range of 10.0.0.0/16. You will use the LabVPC in this lab.

In the subnets section we will see there are 3 subnets that will be used:

image

Check the private subnet, go to route tables, select the link for the route table, then go to tags and manage tags:

image

Then change the name to private and save:

image

Back in routes now select the first nat:

image

Observe the details of the nat and take whatever notes are needed.

Now we will navigate to EC2 and go to instances There are 3 instances here, but we want to select AppServer:

image

Then go to security and select the link for this instance's SG:

image

Then from here we can analyze the inbound and outbound rules take whatever notes are needed.

Analyzing the public subnet resource settings

Now we want to navigate to VPC again and go to the subnets tab, and unselect the private subnet and select PublicSubnetA and check the Route table. We then want to select the igw table near 0.0.0.0/0

image

This IGW is associated with LabVPC

Now we want to go back to EC2 and select ProxyServer1 in instances and go to the security tab

image

Note from lab: Notice that a security group with ProxySG in its name is associated with this EC2 instance. As you can see in the Inbound rules section, the security group allows inbound traffic on TCP port 80 from any source.

Now select ProxyServer2 and choose the security tab and select the ProxySG2 security group since we will be adding the some new rules.

Our new inbound rule will have the following settings:

image

Testing HTTP connectivity from public EC2 instances

We now will be going back to EC2 and selecting ProxyServer1 and then under the details copy the public IP into the webpage and we will see this:

image

We can do the same for proxy server 2:

image

Restricting HTTP access by using an IP address

Now we want to select ProxyServer1 again and copy the private IP and save it somewhere for later in the lab

Now select AppServer, go to the security tab, and select the SG for AppServer, select "Edit inbound rules," and add the following:

image

This is where we will need to use the private IP

Now copy ProxyServer1's public IP again and make sure you can still access the webpage:

image

Now paste ProxyServer2's public IP and you should not be able to see the webpage:

image

Scaling restricted HTTP access by referencing a security group

We will want to go back to AppServers SG and make the following edits:

image

Then we will want to select ProxyServer2 and under the actions menu select the following:

image

On the next page remove the ProxyServer2 SG and add ProxySG:

image

Now we can access the web page for Server2:

image

And we can still access Server1's page:

image

Restricting HTTP access by using a network ACL

We now want to go back to VPC and add a new inbound rule to LabVPC:

image

The new rule should have the following settings:

image

Now we cant access the webpage for Server1:

image

Now go back to the ACL we edited before and edit the rules to be the following:

image

We can now acess the web page again:

image

Connecting to the AppServer by using a bastion host and SSH

To start we will be changing Server2's name to Bastion:

image

Then we want to navigate to security groups and make a new security group with the following rules:

image

Now we want to go back to instances and change Bastions SG again:

image

Then we want to add the following inbound rule to AppServers SG:

image

In the terminal provided in the AWS lab we want to SSH into bastion and then into AppServer:

image

From there run the command touch newfile.txt

Once we verify the file has been made we can exit both SSH instances

Connecting directly to a host in a private subnet by using Session Manager

We now want to go back to instances and select AppSever and click on "Connect" and then we can go to the session manager and click "Connect" again

image

Once connected we will see this screen:

image

We then want to run this command in the terminal sudo sed -i 's/instance!/instance! Session manager was used to edit this file./g' /var/www/html/index.html

From there we can check Server1's web page again and it should look like this:

image

Deliverable 1:

image

Deliverable 2:

image