EC2 DFIR Workshop
Lab 3: Create a S3 Bucket
GOAL:
Provision a S3 bucket with versioning and object lock enabled to protect evidence.
SUMMARY OF STEPS:
- Create a S3 Bucket for evidence via the CLI
- Test it to confirm it works as expected
Step 1: Create a S3 Bucket for evidence via the CLI
Create an S3 Bucket for the evidence. Run the following command from the SIFT Workstation:
aws s3api create-bucket --bucket [YOUR-UNIQUE-BUCKET] \
--object-lock-enabled-for-bucket
VIDEO: Lab 3 Step 1 - Create a S3 Bucket for evidence
Step 2: Test Bucket to confirm it works as expected
Test it to confirm it works from the SIFT Workstation. Run the following commands:
echo "test1" > test.txt
aws s3 cp test.txt s3://[YOUR-UNIQUE-BUCKET]
echo "test2" >> test.txt
aws s3 cp test.txt s3://[YOUR-UNIQUE-BUCKET]
TIP: If it doesn’t work, did you remember to attach the EC2_Responder Role?
VIDEO: Lab 3 Step 2 - Test Bucket to confirm it works as expected