Module 2: Attack Simulation
Now that you have detective and responsive controls setup, you'll be running another CloudFormation template which will simulate the actual attack you will be investigating.
- Run the second CloudFormation template – 5 min
- Threat detection and response presentation – 25 min
Deploy the CloudFormation template
To initiate the attack simulation you will need to run the module 2 CloudFormation template:
Before you deploy the CloudFormation template feel free to view it repo.
|US West 2 (Oregon)|
Click the Deploy to AWS button above. This will automatically take you to the console to run the template.
The name of the stack will be automatically populated but you are free to change it, after which click Next, then Next again (leave everything on this page at the default).
Finally, acknowledge that the template will create IAM roles and click Create
This will bring you back to the CloudFormation console. You can refresh the page to see the stack starting to create. Before moving on, make sure the stack is in a CREATE_COMPLETE status as shown below.
If this fails with the error message [IAM_CAPABILITY], please acknowledge that the template will create IAM roles, from the previous step
Below is a diagram of the setup after the module 2 CloudFormation stack is created.
Threat detection and response presentation
AWS Sponsored Event: If you are going through this workshop in a classroom setting then wait till the presentation is over before starting module 3 (the presentation will allow enough time to pass for the attack scenario to complete.)
Individual: If you are going through this workshop outside of a classroom setting you can proceed to Module 3. Please note it will take at least 20 minutes after the 2nd CloudFormation template has completed before you will start seeing findings.