Now that you have all the detective controls setup and some automated remediations, you'll be running another CloudFormation template which will simulate a variety of findings.
- Run the 2nd CloudFormation template – 5 min
- Threat Detection & Remediation Presentation – 25 min
To initiate the attack simulation you will need to run the module 2 CloudFormation template:
| Region | Deploy |
|---|---|
| US West 2 (Oregon) |  |
-
Click the Deploy to AWS button above. This will automatically take you to the console to run the template. The file for the CloudFormation template (02-attack-simulation.yml) is also available in the templates folder if you'd like to download it and manually upload it to create a stack.
-
The name of the stack will be automatically populated but you are free to change it, after which click Next, then Next again (leave everything on this page at the default).
-
Finally, acknowledge the template will create IAM roles and click Create
This will bring you back to the CloudFormation console. You can refresh the page to see the stack starting to create. Before moving on, make sure the stack is in a CREATE_COMPLETE status as shown below.
Below is a diagram of the setup after the module 2 CloudFormation stack is created.
If you're doing this workshop outside of an AWS sponsored event you can proceed to Module 3. Please note it will take at least 20 minutes after the 2nd CloudFormation template has completed before you will start seeing findings.
After the presentation, you can proceed to the next module.