Level 300: Incident Response with AWS Console and CLI
Authors
- Ben Potter, Security Lead, Well-Architected
Introduction
This hands-on lab will guide you through a number of examples of how you could use the AWS Console and Command Line Interface (CLI) for responding to a security incident. It is a best practice to be prepared for an incident, and have appropriate detective controls enabled. You can find more best practices by reading the Security Pillar of the AWS Well-Architected Framework.
The skills you learn will help you secure your workloads in alignment with the AWS Well-Architected Framework.
Goals
- Identify tooling for incident response
- Automate containment for incident response
- Pre-deploy tools for incident response
Prerequisites
- An AWS account that you are able to use for testing, that is not used for production or other purposes.
- An IAM user or role in your AWS account.
NOTE: You will be billed for any applicable AWS resources used if you complete this lab that are not covered in the AWS Free Tier.
- CloudTrail must already be enabled in your account and logging to CloudWatch Logs, follow the Automated Deployment of Detective Controls lab to enable.
Steps: