Securing an Application with Multiple AWS Services

2 hours
  • 5 Learning Objectives

About this Hands-on Lab

This hands-on lab requires you to work with all of the following services: Amazon Inspector, web application firewall, and AWS Secrets Manager.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Deploy Application Using CloudFormation Template
  • From the CloudFormation console, select Create Stack.
  • Upload the provided template.
  • Click the icon to create stack.
  • Enter parameters.
  • Click Next.
  • Click Next.
  • Click Submit (to create stack).
Create Secrets in Secrets Manager
  • In the Secrets Manager console, click Store a new secret.
  • Enter username and password for the secret.
  • Select the database, then click Next.
  • Give the secret a name, then click Next.
  • Click Next, then click Store.
Create Web ACL
  • From the WAF console, click Create web ACL.
  • Enter a name for the web ACL.
  • Click Next.
  • Select Add Rules, then select Add AWS Managed Rules.
  • Click the radio buttons for Core rule set, SQL database, and Known bad input.
  • Click Add rules.
  • Click Next until you can click Create Web ACL.
Create Instance Profile
  • From the IAM console, select Roles, then Create role.
  • Select EC2, then click Next.
  • Attach policy: AmazonSSMManagedInstanceCore.
  • Click Next, name the role, then click Create role.
Enable Inspector and Security Hub
  • Form the Inspector console, click Get Started.
  • Click Enable Inspector.
  • From Security Hub console, select Enable AWS Config.
  • Select Enable Security Hub.

Additional Resources


You have been hired by a company which has limited AWS experience and needs your expertise to tighten their application security posture. Your tasks include removing secrets from a CloudFormation template, configuring a web ACL, and making sure that an EC2 instance is configured to work with Systems Manager, which is a prerequisite for instances working with Amazon Inspector.

Lab Setup

Please log in to the lab environment with the cloud_user credentials provided. Ensure you are using the us-east-1 Region throughout the lab.

Download the template for this lab in the GitHub repository.

This is the code which can be pasted into the CloudFormation template as described in video two:

   "MasterUsername": "{{resolve:secretsmanager:lab4secret:SecretString:username}}",
   "MasterUserPassword": "{{resolve:secretsmanager:lab4secret:SecretString:password}}",

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?