In this hands-on lab, you just started as a Cloud Engineer at a company. Your new boss has asked you to do a scream test and stop an EC2 instance as well as remove network routes and rules to validate if the Lab VPC and Corporate Server EC2 instance can be decommissioned.
Very soon after the changes, the scream test fails and clients are reporting they cannot connect to their applications. Your boss reaches back out to you and asks you to revert all changes you made. In this lab, you will leverage AWS CloudTrail and AWS Config to ensure all changes are accounted for and reverted to restore the Lab environment. By the end of this exercise, you will be familiar enough with CloudTrail and Config to audit any unexpected or accidental changes to an account and determine what specifically was updated in case you need to roll back the changes.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Initiate the Scream Test
Initiate the Scream Test by doing the following:
- Stop the CorporateServerEC2 instance in the
us-east-1region. - Remove all outbound rules on the CorporateApplicationServersecurity group.
- Break networking by removing the NAT gateway route in the route table for the subnet the CorporateServerinstance is launched in.
- Stop the CorporateServerEC2 instance in the
- Review the Changes for the Scream Test in Config and CloudTrail
In the CloudTrail logs find the 3 changes made. For the security group and route table changes, view the configuration timeline in AWS Config for specific details about the rules and route that was deleted.
- Revert the Scream Test Changes and Test Networking
Based on the details from CloudTrail and Config, revert all 3 changes made to the CorporateServerEC2 instance, CorporateApplicationServersecurity group, and the route table associated with the subnet the CorporateServerinstance is launched in.
