Within Atos I lead an AWS focussed community interested in training, certification and working with AWS technologies with our customers, our AWS Coaching Hub.
I’m keen this community doesn’t use certification as the end of the journey, it’s merely the end of the beginning. Within an organisation like Atos it can be difficult for staff to feel confident prior to working on customer projects. As well as providing support to each other on assignments I’ve also used the AWS Coaching Hub to arrange hands on training where people can get in-depth on AWS services .The latest in the series of hands on ‘learn by doing’ sessions was an AWS Gameday focussed on security, where our participants got hands on with a range of security services including IAM Access Analyzer, GuardDuty, Secrets Manager and Inspector, learnt how to secure service like RDS and undertake some event driven security.
As with all AWS Gamedays the event started with a bit of tongue in cheek scenario setting….
We had issues with an EC2 instance talking to a malicious IP addresses, which was discovered by GuardDuty.
Our task was to automate collecting the malicious IP addresses as the occurred using EventBridge, which then fired off a Lambda function to add the malicious IP addresses as a deny rule in the NACLs. In the real world I would expect additional efforts would be taken to understand what had happened, perhaps following the AWS Security Incident Response guide.
We spent part of the day taking an unencrypted RDS Instance with public snapshots and improving its security posture. We created an encrypted snapshot from the unencrypted snapshot (after remembering you can’t create an encrypted RDS Instance from an unencrypted snapshot for some teams), and then removed the unencrypted instance and snapshots. We then created some more event driven security by creating an AWS Config rule for identifying unencrypted snapshots, couple with an EventBridge rule that listened for those events and would trigger a Lambda function to delete any future unencrypted RDS snapshots.
We used AWS Inspector to perform EC2 instance vulnerability scanning, finding a number of issues with instances that were not appropriately secure. AWS Inspector provides events (to again allow event driven remediation if you desire, although that wasn’t part of the gameday), as well as a nice PDF document that are often required for security assurance on projects.
Overall I think the participants enjoyed the gameday. It was a slight departure from previous gamedays in that there wasn’t constant ‘scoreboard pressure’ as you didn’t get regular points allocation for successful transactions etc., and there wasn’t ‘chaos’ being regularly introduced. The scoring system was aligned to successfully completing tasks, so the emphasis was on quality and accuracy, rather than speed. Some of our more experienced participants missed the excitement of the chaos, whereas less experienced participants where able to learn easier, without a fully scripted experience so some thinking and searching was required. It therefore felt pitched in between an Immersion Day, which is fully scripted, and some of the early gamedays like migration or microservices madness.
Out of a maximum available score of 6,200 we had some great scores, but of course the most important thing was that everyone went away having more knowledge of the services than when they arrived, and worked in a team environment from people across the business whom they maybe hadn’t worked with before as we had participants from a range of locations including the USA, Europe and India.
Special thanks to our colleagues at AWS for making the event happen, and our participants from Atos for making time to take part in the event.
