- The first week will have participants identify misconfigured resources through AWS Config. Participants will remediate misconfigured resources, either through manual or automated methods.
- Additionally, participants will demonstrate thier knowledge about AWS Session Manager to log into servers that do not have SSH access enabled.
- The first challenge will have have participants search and identify PII and misconfigured S3 buckets using AWS Macie.
- The second challenge of the week will have participants create (or place) logs on an EC2 server, configure CloudWatch Unified Agent, create a CloudWatch Log Group and verify that logs are being sent to CloudWatch.
- The first challenge will involve VPC Interface Endpoints. Participants will use Interface Endpoints to create accessibility from the provisioned EC2 instances to Session Manager.
- The second challenge will have participants manage access from an instance in a private subnet to the S3 service.
- The last challenge this week will have participants create and configure VPC Flow Logs.
- The first challenge will have participants demonstrate their knowledge about AWS IAM Roles. They will create a Role that will allow users to escalate their privileges temporarily while not modifying the permissions for the user.
- The second challenge asks participants to develop an S3 bucket policy that will allow specific objects to be made public, while other objects in the bucket remain private.
- The third challenge allows pariticipants to demonstrate their knowledge on AWS identity policies with variables. They will be asked to create one policy that allows users to interact with resources that align to their tags.