I would like to share the following project, the idea of the project is to share the knowledge and allow people to try full implementation on AWS and hands-on experience: –
- Create the VM
- Install Nginx with a reverse proxy listening on port 3333 and rerouting locally on port 8080 and make a small application that just ECHOs HTTP request on port 8080 (in any language you want).
- Harden it using this script (or if you want to make your own on different OS configuration or a more updated one, we will compensate you for it.)
- Ensure that you are using a custom service account and not the default one.
- Make sure that everything is logged in Stackdriver including system, SSH log tentative,all application servers.
- Make sure that the firewall is well configured and no extra port is opened.
- Publish the VM.
The Solution that i created was the following: –
- Use this CloudFormation script to deploy following an instance with following setup:
- Echo request application
- Centralized logging to CloudWatch
- Hardened Operating System
- The CloudFormation Script, makes use of several scripts and configuration files. Their links and description are as follows:-
- Echo Request Application:- Used to signal CloudFormation upon successful instance creation
- CloudWatch Agent: Deploys CloudWatch agent on the system for centralized logging
- CloudFormation Helper Script: Used to signal CloudFormation upon successful instance creation
- CloudWatch Agent Configuration: Instance specific configuration for the CloudWatch agent. Contains instructions on the centralized logging setup
- Filter configuration file: This is the required configuration file for correct parsing of application logs
- Fail2ban configuration file: Configuration file for detecting and thwarting cyber threats in their tracks
- User creation: This script is used to create a restricted user
- For details on deployment architecture and configuration, please refer to the following documents:
- Documentation : Contains overview on deployment architecture and high-level OS hardening & logging configurations.
- CloudFormation Script: Contains details on architecture and OS hardening as well as logging configurations
Cheers & thank you