Section 1 : Introduction to AWS EBS and Session Scope
1. What is AWS Elastic Block Store (EBS)?
- Definition: Amazon EBS provides persistent block-level storage volumes that can be attached to EC2 instances, functioning like raw hard drives.
- Usage: EBS volumes allow EC2 instances to store data independently of the instance itself, with the option to share them across accounts.
- Snapshots: These are point-in-time copies of your EBS volumes, which can be used to create backups or replicate data. Snapshots can be shared between accounts or made publicly available.
2. Key EBS Misconfigurations Investigated
In this session, we’ll look into common EBS misconfigurations that pose security risks:
- Unencrypted volumes
- Unencrypted snapshots
- Publicly accessible snapshots
Section 2 : Setting Up the Investigation Lab (Scenario Setup)
Before diving into the misconfigurations, we’ll need to set up the lab environment and verify prerequisites.
1. PowerShell Profile Check
Make sure that the AWS PowerShell profile for this session, named "securitymaster", is configured correctly on your system. You can verify this with the following PowerShell command:
Get-STSCallerIdentity -ProfileName securitymaster
2. VM Creation
Follow the instructions in the provided link to create a Virtual Machine (VM) for this session. The link to the necessary setup instructions is:
Executing these commands will help you create the testing environment for analyzing the EBS volume and snapshot configurations.
Section 3 : Scenario - Investigating Volume and Snapshot Misconfigurations