Professional Level

Recovering and Auditing Access to DynamoDB

Pricing
1 hour
  • 3 Learning Objectives

About this Hands-on Lab

In this lab, our colleague has found his way into the architecture for a site we’ve created using DynamoDB. We will have to investigate what he’s done using CloudTrail, and then disable several phases of site vandalism by manipulating IAM resources.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Identify `phaseOne` IAM Credentials and Disable/Delete Them
  1. Use CloudTrail to identify the IAM role being used for phaseOne of the prank.
  2. Delete or disable the role once identified.
Identify `phaseTwo` IAM Credentials and Disable/Delete Them
  1. Use CloudTrail to identify the IAM role being used for phaseTwo of the prank.
  2. Delete or disable the role once identified.
Identify `phaseThree` IAM Credentials and Disable/Delete Them
  1. Use CloudTrail to identify the IAM role being used for phaseThree of the prank.
  2. Delete or disable the role once identified.
Contact SalesSee Pricing

Additional Resources

We've asked our colleague Moosa to review a live architecture for our AWS Training Architect Tournament site. Apparently, he spotted a vulnerability and decided to play a prank. We need to utilize CloudTrail to identify the credentials he's using to make modifications to the TaTourneyStats DynamoDB table.

Reference

DynamoDB logging in CloudTrail

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization