Lab: Deploying a Vulnerable AWS EKS Infrastructure

In this lab, deploy a vulnerable AWS EKS infrastructure. The following steps will guide through setting up the infrastructure using bash script.

Step-by-Step Guide

  • Navigate to the EKS Directory:
cd /workspaces/ecr_eks_security_masterclass_public/eks/

Ensure you have administrative privileges by configuring the AWS CLI using aws configure with your access and secret keys.

  • Input the following information:

    • AWS Access Key ID
    • AWS Secret Access Key
    • Default region name (set to us-west-2 or us-east-1 based on your region)
    • Default output format (choose json)

  • Validate AWS Administrative Privileges:

    • Use the AWS STS (Security Token Service) to verify your identity and ensure you have the necessary permissions.
    aws sts get-caller-identity

    alt text

Ensure that AWS CLI is properly configured and have administrative privileges to deploy EKS clusters.

  • Run the Deployment Script:

    • Deploy the vulnerable EKS infrastructure by running the deploy.sh script. You can specify a region using the --region flag. If no region is specified, it will default to us-west-2.
    bash deploy.sh --region us-west-2

    alt text

    Select a different region, replace us-west-2 with the desired region like us-east-1. Currently us-east-1 & us-west-2 are supported.

  • Confirmation Prompt:

    • Receive a confirmation prompt: 
    Do you want to continue with the deployment? (Y/N)
    • Type Y to proceed with the deployment.

    alt text

  • Deployment Process:

    • The deployment process may take up to 15 minutes as it provisions the EKS cluster and associated resources.

    alt text

  • Final Output:

    • After the deployment is complete, review the summary of the deployment, along with command for accessing the deployed EKS cluster.

    alt text

  • Access the Vulnerable Application:

    • After the deployment, you can access the vulnerable application via the public IP of the EC2 instance: 
      echo "Access the application at: http://$(jq -r '.instance_public_ip.value' < ec2_output.json)"

  • Configure the EKS Cluster.

    echo "Authenticate to EKS cluster via: aws eks update-kubeconfig --region $(grep 'ECR Repository URL' deployment_output.txt | awk -F'.' '{print $4}') --name $(grep 'EKS Cluster Name' deployment_output.txt | awk '{print $4}')"

    alt text

Refer to this video for detailed walkthrough