verview
You are a security engineer at MegaPipeline Corp. and you get a late Friday call from your security officer, there’s has been a ransomware attack and very sensitive customer data has been stolen from a company RDS MySQL database instance. Your task is to quickly recover the company data and apply security best practices to protect from any further attacks.
Challenge Progress
Task Status Possible Points Clue Deduction Points Total Earned
Completed! 45 0 45
Completed! 105 0 105
Total Points Earned: 150
Task 1: Create an Ecrypted copy of your RDS MySQL instance
Possible Points: 45 Clue Penalty: 0 Points Earned: 45
Completed!
Background
Your CISO is concerned about the data that has been leaked and need you to take quick action to prevent the unfortunate event of having to pay the ransomware. This is your second week on the job and you wonder what to do, but by going through some AWS guidelines, you see that RDS offers a lot of security features to prevent unintended access.
Task
You see that your RDS is currently setup to generated automated snapshots, and as you look into RDS guidelines, you identify that you can encrypt your data. Your task is to create a copy of a snapshot and have it encrypted.
Getting started
Go to your AWS Console and look for RDS snapshots.
Account Resources
Your AWS Account has the following resources:
RDS MySQL instance.
Secrets Manager with RDS secrets for username and password.
Default VPC and RDS VPC with Private subnets.
Validation
The task will be automatically complete once you find the solution.
You can always check your progress by clicking the Check my progress in the challenge details screen.
Factors that must be true for the task to be successful
You will pass once you create a new encrypted snapshot. The system will automatically validate if your snapshot is encrypted.
Task 2: Restore RDS Instance from Snapshot, setup your instance networking to use a private subnet group, and enable Audit Logs
Possible Points: 105 Clue Penalty: 0 Points Earned: 105
Completed!
Background
After you have successfully created and encrypted your snapshot, you have to restore your snapshot into a new instance. Then, you have to review your network and accessibility configurations to prevent any public access. Also, setup logs to see who is accessing your instance and the related activity.
Tasks
Restore your previously created snapshot into a new instance
Setup your new instance to work under a private VPC
Setup your new instance to have Non-Public access
Setup your new instance to enable Audit Logs
Getting started
Go to your AWS Console and look for RDS snapshots, from there you can restore your snapshot. Once restored, work from the restored instance. When restoring your instance, please make sure you select instance class: db.t2 or db.t3 as they are the ones supported for the event.
Inventory
Your AWS Account has the following resources:
RDS MySQL instance.
Secrets Manager with RDS secrets for username and password.
Default VPC and RDS VPC with Private subnets.
Validation
The task will be automatically complete once you find the solution.
You can always check your progress by clicking the Check my progress in the challenge details screen.
Factors that must be true for the task to be successful
You will pass once:
RDS new instance is under a private VPC
The “Public accessibility” property is set to false
“Audit Logs” is enabled
Please note that the system will automatically validate if the three properties are set as expected.
Read the question carefully. The first question is to copy an encrypted snapshot. The second question is to create a T2 series RDS instance with an encrypted snapshot