Protecting AWS resources with MDC

⌛ Estimated time to complete this lab: 60 minutes

Download the zip that contains the CloudFormation Templates for deploying AWS resources (CloudFormation-Templates.zip) 👉 here

Step 1 - Deploying AWS Resources

NOTE

We will deploy the resources in us-east-2 so please make sure to change your AWS Region to Ohio

REQUIREMENTS

1. Permissions

NOTE

You will not have this issue in a new Account but it's good to know as your customer might have this issue.

This process will require certain permissions to create a few resources in your Account. Ensure you are using a Role that has the ability to create the following resources

IAM Role
IAM Managed Policy
VPC
IGW
Route tables
Security Group
NAT Gateway
Elastic IP (EIP)
EC2 Instance
S3 Bucket

2. Check your Service Quotas (Limits)

NOTE

You will not have this issue in a new Account but it's good to know as your customer might have this issue

In addition to the IAM Permissions you will need to verify that you will not run into an issue with Service Quotas.

The best place to check is with the Service Quotas Console

screenshot

Create an S3 bucket in us-east-2 'Ohio'

The following guide can walk you through how to create an S3 bucket if you are not familiar. Make sure to note the name of the bucket that you create as we will need this in the next step.

NOTE

You need to deploy the cloudformation template in the same region as the bucket that you create

Upload files to S3

Copy the uncompressed files from "CloudFormation-Templates.zip" into your S3 bucket. There should be 6 YML files [SelfServiceSec.yml, SelfServiceSecEC2.yml, SelfServiceSecIAM.yml, SelfServiceSecRDS.yml, SelfServiceSecS3.yml, SelfServiceSecVPC.yml]

Note you will need the S3 URL of the SelfServiceSec.yml file

Copy the S3 URL

In the bucket that you just created and uploaded the files to, select the file name SelfServiceSec.yml
In the resulting window at the bottom of the screen, copy the Object URL

Example

Object URL
https://s3-us-west-2.amazonaws.com/Your-Bucket-Name-Here/SelfServiceSec.yml

CloudFormation Console

Go to the CloudFormation console and select “Create Stack"

screenshot

S3 Load the imported template

Select Amazon S3 URL as the source and copy and paste the S3 URL from the step above:

example:
https://s3-us-west-2.amazonaws.com/Your-Bucket-Name-Here/SelfServiceSec.yml

Tagging, Advanced Options and Deploying the stack

1. Unique Stack Name

Enter a unique stack name

Parameters

S3 bucket name

This is just the name of the new bucket where you have placed the files from "CloudFormation-Templates".
Note - This is ONLY the bucket name (e.g. your-bucket-name) not the full S3 bucket URL

2. Tagging and Role for CloudFormation

Leave this blank and CloudFormation will use the permissions that you currently have (this is the default behavior).

3. Advanced Options

No Advanced Options are required.

4. Deploying the stack

On the next screen, before you select “Create Stack” be sure to check the two (2) check boxes

NOTE

The stack deployment will fail if you Do Not check these two boxes.

screenshot

Cleanup

NOTE

Do not Clean Up until after the lab is complete.

You can go to CloudFormation and delete the CloudFormation stack.

screenshot

Protecting AWS resources with MDC

⌛ Estimated time to complete this lab: 60 minutes

Step 1 - Deploying AWS Resources

NOTE

REQUIREMENTS

1. Permissions

NOTE

2. Check your Service Quotas (Limits)

NOTE

Create an S3 bucket in us-east-2 'Ohio'

NOTE

Upload files to S3

Copy the S3 URL

Example

CloudFormation Console

S3 Load the imported template

Tagging, Advanced Options and Deploying the stack

1. Unique Stack Name

Parameters

S3 bucket name

2. Tagging and Role for CloudFormation

3. Advanced Options

4. Deploying the stack

NOTE

Cleanup

NOTE

Once the stack is successfully deployed, let's go to Step 2 and connect your AWS account to MDC! click 👉 here