MORE questions

Don't stop learning.

exercises/aws/solutions/access_advisor.md

@@ -0,0 +1,18 @@
+## AWS IAM - Access Advisor
+
+### Objectives
+
+Go to the Access Advisor and answer the following questions regarding one of the users:
+
+1. Are there services this user never accessed?
+2. What was the last service the user has accessed?
+3. What the Access Advisor is used/good for?
+
+### Solution 
+
+1. Go to AWS IAM service and click on "Users" under "Access Management"
+2. Click on one of the users
+3. Click on the "Access Advisor" tab
+4. Check which service was last accessed and which was never accessed
+
+Access Advisor can be good to evaluate whether there are services the user is not accessing (as in never or not frequently). This can be help in deciding whether some permissions should be revoked or modified.

exercises/aws/solutions/create_role.md

@@ -0,0 +1,16 @@
+## AWS - Create a Role
+
+### Objectives
+
+Create a basic role to provide EC2 service with Full IAM access permissions.<br>
+In the end, run from the CLI (or CloudShell) the command to verify the role was created.
+
+### Solution
+
+1. Go to AWS console -> IAM
+2. Click in the left side menu on "Access Manamgement" -> Roles
+3. Click on "Create role"
+3. Choose "AWS service" as the type of trusted entity and then choose "EC2" as a use case. Click on "Next"
+4. In permissions page, check "IAMFullAccess" and click on "Next" until you get to "Review" page
+5. In the "Review" page, give the role a name (e.g. IAMFullAcessEC2), provide a short description and click on "Create role"
+6. `aws iam list-roles` will list all the roles in the account, including the one we've just created.

exercises/aws/solutions/credential_report.md

@@ -0,0 +1,18 @@
+## AWS - Credential Report
+
+### Objectives
+
+1. Create/Download a credential report
+2. Answer the following questions based on the report:
+  1. Are there users with MFA not activated?
+  2. Are there users with password enabled that didn't 
+3. Explain the use case for using the credential report
+
+### Solution
+
+1. Go to the AWS IAM service
+2. Under "Access Reports" click on "Credential report"
+3. Click on "Download Report" and open it once it's downloaded
+4. Answer the questions in this exercises by inspecting the report
+
+The credential report is useful to identify whether there any users who need assistance or attention in regards to their security. For example a user who didn't change his password for a long time and didn't activate MFA.

exercises/aws/solutions/password_policy.md

@@ -1,13 +0,0 @@
-## AWS IAM - Password Policy
-
-### Objectives
-
-Create password policy with the following settings:
-
-1. 
-
-### Solution
-
-1. Go to IAM service in AWS
-2. Click on "Account settings" under "Access management"
-3. Click on "Change password policy"

exercises/aws/solutions/password_policy_and_mfa.md

@@ -0,0 +1,32 @@
+## AWS IAM - Password Policy & MFA
+
+Note: DON'T perform this exercise unless you understand what you are doing and what is the outcome of applying these changes to your account
+
+### Objectives
+
+1. Create password policy with the following settings:
+  1. At least minimum 8 characters
+  2. At least one number
+  3. Prevent password reuse
+
+2. Then enable MFA for the account.
+
+### Solution
+
+Password Policy:
+
+1. Go to IAM service in AWS
+2. Click on "Account settings" under "Access management"
+3. Click on "Change password policy"
+  1. Check "Enforce minimum password length" and set it to 8 characters
+  1. Check "Require at least one number"
+  1. Check "Prevent password reuse"
+4. Click on "Save changes"
+
+MFA:
+
+1. Click on the account name
+2. Click on "My Security Credentials"
+3. Expand "Multi-factor authentication (MFA)" and click on "Activate MFA"
+4. Choose one of the devices
+5. Follow the instructions to set it up and click on "Assign MFA"