Level 300: Incident Response Playbook with Jupyter - AWS IAM

Authors

  • Ben Potter, Security Lead, Well-Architected
  • Byron Pogson, Solutions Architect, AWS

Table of Contents

  1. Prerequisites
  2. Playbook Run
  3. Knowledge Check

1. Prerequisites

1.1 Install Python and Modules

Python 3 and a number of Python modules are required.

After installing Python, install the following packages by executing the following command in your command line or terminal:

pip install boto3 pandas jupyter

1.2 Install the AWS CLI

AWS CLI is not directly used for this lab, however it makes configuration of the AWS IAM credentials easier, and is useful for testing and general use.

  1. Install AWS CLI:
  2. Install the AWS CLI on macOS
  3. Install the AWS CLI on Linux
  4. Install the AWS CLI on Windows
  5. In your command line or terminal run aws configure to configure your credentials. Note the user will require access to the IAM service.

A best practice is to enforce the use of MFA, so if you misplace your AWS Management console password and/or access/secret key, there is nothing anyone can do without your MFA credentials. You can follow the instructions here to configure AWS CLI to assume a role with MFA enforced.


2. Playbook Run

2.1 Download Playbook and Helper

Download the latest version of the notebook Incident_Response_Playbook_AWS_IAM.ipynb and helper incident_response_helpers.py from file from GitHub raw, or by cloning this repository.

2.2 Run the Playbook

  1. In your command line or terminal change directory to where you downloaded or cloned the notebook and helper.
  2. Enter jupyter notebook to start the local webserver, and connect to the url provided in the console e.g. The Jupyter Notebook is running at:, a web browser may automatically open to the correct url.
  3. Click on the Incident_Response_Playbook_AWS_IAM.ipynb file to execute the playbook.
  4. Follow the instructions in the playbook.

3. Knowledge Check

The security best practices followed in this lab are:


References & useful resources


License

Licensed under the Apache 2.0 and MITnoAttr License.

Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at

https://aws.amazon.com/apache2.0/

or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.