This project demonstrates a hands-on cloud security assessment and remediation using AWS services. It includes:
- Setting up an AWS EC2 instance and an S3 bucket with intentional misconfigurations.
- Simulating an attack by exploiting a publicly accessible S3 bucket and an open EC2 SSH port.
- Performing basic post-exploitation actions to understand the attack surface.
- Implementing Blue Team defenses to secure the environment and mitigate risks.
- Created an S3 bucket with public read access.
- Uploaded a dummy sensitive file to the S3 bucket.
- Launched an EC2 instance with open SSH access (
0.0.0.0/0). - Demonstrated access to the sensitive file via public URL.
- Demonstrated SSH access and scanning possibilities on EC2.
- Made the S3 bucket private by enabling "Block all public access" and removing open bucket policies.
- Restricted EC2 SSH access to only my personal IP address via Security Group inbound rules.
- Rotated EC2 key pairs by terminating the vulnerable instance and launching a new instance with a new key pair.
- Installed and enabled UFW firewall on the EC2 instance to restrict unauthorized access.
- (Optional) Created and attached an IAM role with least privilege policy for EC2 access to S3.
- AWS EC2 and S3
- AWS IAM for access control
- Linux terminal with
ssh,curl, and AWS CLI - UFW firewall on Ubuntu EC2
- Basic scripting for file creation and upload
Screenshots of each step are included below. Sensitive information such as IP addresses and personal usernames have been blurred to protect privacy.
- Understanding how misconfigured cloud resources can lead to data exposure.
- Practical experience with AWS Security Groups, IAM policies, and key management.
- Importance of network restrictions and firewall configurations.
- Value of rotating credentials post-incident.
- Basic Linux security tools installation and usage.
- Implement automated monitoring and alerts (e.g., AWS GuardDuty).
- Explore more advanced IAM policies and roles.
- Set up logging and audit trails for compliance.
EC2 instance created - Launched a vulnerable EC2 instance using a public key and open SSH access from all IPs (0.0.0.0/0).
Created S3 Bucket - Created an S3 bucket with misconfigured public access to simulate a real-world data exposure scenario.
Created a sensitive file -- Generated a dummy "sensitive" file (e.g., password.txt) to demonstrate potential data leakage if exposed.
Uploaded the fake sensitive file to the S3 bucket while public access was still enabled.
Demonstrated unauthorized access to the file using a simple curl command without authentication.
Hardened the EC2 instance by modifying the security group to allow SSH only from my IP.
Now Blocking ALL public access
Simulated credential rotation by terminating the original instance and launching a new EC2 with a fresh key pair.
Status - Installed and enabled UFW firewall on EC2, allowing only SSH connections for further internal hardening.
