Cramsession - User contributions [en]

Copying files to AWS s3 from Ubuntu

2026-05-26T00:48:14Z

Mflavell:

[[Tech Notes]] > [[AWS]] > Copying files to AWS s3 from Ubuntu

= First, AWS tools =

Make sure you have AWS tools installed before doing this.

[[Installing AWS CLI]]

= Generare an key =

* Login to the AWS IAM console.

:* Select the the user for the app key

:* Select ''Access keys'

:* Select ''Create Access key''

* In ubuntu run

aws configure

= Copy Commands =

== Copy a single file ==

aws s3 cp display_server.ova s3://'''s3-bucket-name'''/'''path'''

== Copy a folder ==

aws s3 sync . s3://YOURBUCKET/

== Recursive copy of an extension ==

aws s3 cp . s3:/'''s3-bucket-name'''/ --recursive --exclude "*" --include "*.ova"

Study Guides/AWS Cybersecurity Notes/Logging and Monitoring

2026-05-26T00:38:59Z

Mflavell: /* Enabling S3 access logs */

= Logging and Monitoring =

The use of Cloud Watch is a important consideration - This can capture logs from AWS services and metrics to enable automation.

Logging is of vital importance in diagnosis of security and performance issues in AWS.

It is possible to capture all logs in an S3 bucket, however this comes with a condition:

:The access logs for the logging S3 bucket cannot be stored inside itself.

:You will therefore need a seperate bucket for storing your S3 logging access logs.

:: Access logging for the S3 logging bucket is highly recommended - an attacker may target logging to inject bad data or delete records.

:Best practice is to create a access policy to ensure only the security team can read data from these buckets.

[Main Logging bucket]
|
\|/
writes access logs to
|
\|/
[S3 logging bucket]

=== Delays in S3 logging ===

Data is pushed to the S3 logging bucket on a "best effort" process.

:: It can take a few hours to deliver s3 logs.

:: S3 Logs will not be in realtime.

::: AWS has a massive shared disk system - this is the reason behind the delay.

== Enabling S3 access logs ==

This assumes you already have a bucket you want to log.

* Create a bucket to log data to.

Crearte a JSON file to define where to place logs:

{
"LoggingEnabled": {
"TargetBucket": "logging bucket",
"TargetPrefix": "S3Logs/"
}
}

Push the json file:

aws s3api put-bucket-logging --bucket ''s3_bucket_to_log'' --bucket-logging-status file://s3logs.json

Study Guides/AWS Cybersecurity Notes/Logging and Monitoring

2026-05-26T00:23:30Z

Mflavell: /* Logging and Monitoring */

Study Guides/AWS Cybersecurity Notes/Logging and Monitoring

2026-05-26T00:19:49Z

Mflavell: /* Logging and Monitoring */

Study Guides/AWS Cybersecurity Notes/Logging and Monitoring

2026-05-26T00:19:11Z

Mflavell: Created page with "= Logging and Monitoring = The use of Cloud Watch is a important consideration - This can capture logs from AWS services and metrics to enable automation. Logging is of vital importance in diagnosis of security and performance issues in AWS. It is possible to capture all logs in an S3 bucket, however this comes with a condition: :The access logs for the logging S3 bucket cannot be stored inside itself. :You will therefore need a seperate bucket for storing your S3..."

Study Guides/AWS Cybersecurity Notes

2026-05-26T00:07:59Z

Mflavell:

=SCS-C02=

[https://a.co/d/7oZWHFl 📕Recommended Study Guide]

[[AWS - Cloudtrail]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 2]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 3]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 4]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 5]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 6]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 7]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 8]]

[[Building a Bastion server - Part 9]]

[[Isolating EC2 Instances for Forensic Inspection]]

[[Amazon Detective]]

[[Systems Manager]]

[[Amazon Inspector]]

[[Amazon KMS]]

[[Cloud HSM]]

[[AWS IAM]]

[[Study Guides/AWS Cybersecurity Notes/AWS Config|AWS Config]]

[[Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty|Security Hub and Guard Duty]]

[[Study Guides/AWS Cybersecurity Notes/AWS Security Hub|AWS Security Hub]]

[[Study Guides/AWS Cybersecurity Notes/Logging and Monitoring|Logging and Monitoring]]

Study Guides/AWS Cybersecurity Notes/AWS Security Hub

2026-05-25T23:21:30Z

Mflavell: /* AWS Security Hub */

= AWS Security Hub =

This consolidates the security findings compliance and alerts.

This includes:

::AWS IAM

::Macie

::Guard Duty

::Inspector

::Firewall Manager

Third party tools:

:: AWS Security hub can be intergrated to work with many 3rd party applications.

Think of security hub as a central point for a comprehehsive picture of security

By default security hub is a regional service.

:: Member and master accounts can be setup.

::: Securty hub administrator is the core account

::: Security hub member are the leaf accounts

== Compliance use case ==

Security hub can be used for automated compiance checks.

Out of the box Security Hub performes 43 fully automated checks.

:: They checks are based on the CIS foundations framework.

Security hub looks at configutation and use at the account level.

AWS config: looks at the resource level.

HUB = '''H'''igh level

== Hub depends on config ==

To enable AWS hub you must first have AWS Config enabled.

:: Baseloine infomration for hub comes from AWS Config

:: This data refresheshes security hub in alomost realtime

== Standards / Contoles and Checks ==

When enabling you are asked to select a security standard.

Some of these are:

::* AWS securirty bes practices

::* CIS AWS Foundations benchmarks

::* NIST 800-53

::* PCI-DSS

Processing payment infomration

:: Select PCI-DSS (45 controls)

Concerned about the CIA triad

:: Select NIST 800-53 (216 controls)

Once a standard is enabled security checks will be run.

AWS Config is used to run the security checks.

:: Checks can be done on a scedule.

:: Checks can be done whenver a change is detected.

Security hub uses the findings to generte a score.

== Security hub insights ==

Managed insights:

:These only work if the product is integrated.

Custom insights:

:Can be created with Security HUB API, AWS CLI or PowerShell

:You must select an attribute to group by.

== Findings ==

Findings are security issues helighted by AWS or Third party solutions.

== Automated remediation ==

Eventbridge and Security Hub can automatically trigger the following:

:: AWS Lambda Function

:: EC2 run command via Systems Manager

:: AWS Step Functions State machine

:: Sending an SNS notification

:: Placing a message in SQS

:: Sending findings to a third party system such as SIEM

Study Guides/AWS Cybersecurity Notes/AWS Security Hub

2026-05-25T20:23:29Z

Mflavell: /* Standards / Contoles and Checks */

Study Guides/AWS Cybersecurity Notes/AWS Security Hub

2026-05-25T20:14:46Z

Mflavell: /* Standards / Contoles and Checks */

Study Guides/AWS Cybersecurity Notes/AWS Security Hub

2026-05-25T20:13:01Z

Mflavell: /* AWS Security Hub */

Study Guides/AWS Cybersecurity Notes/AWS Security Hub

2026-05-25T19:51:35Z

Mflavell: /* AWS Security Hub */

Study Guides/AWS Cybersecurity Notes/AWS Security Hub

2026-05-25T19:48:23Z

Mflavell: /* Compliance use case */

Study Guides/AWS Cybersecurity Notes/AWS Security Hub

2026-05-25T19:48:04Z

Mflavell:

Study Guides/AWS Cybersecurity Notes/AWS Security Hub

2026-05-25T01:46:31Z

Mflavell: Created page with " = AWS Security Hub = This consolidates the security findings compliance and alerts. This includes: ::AWS IAM ::Macie ::Guard Duty ::Inspector ::Firewall Manager"

= AWS Security Hub =

This consolidates the security findings compliance and alerts.

This includes:

::AWS IAM

::Macie

::Guard Duty

::Inspector

::Firewall Manager

Study Guides/AWS Cybersecurity Notes

2026-05-25T01:44:24Z

Mflavell:

Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

2026-05-25T01:36:51Z

Mflavell: /* Findings & Cloudwatch */

= Amazon Guard Duty =

This is a managed threat detection service.

:* Uses machine learning

:* Is charged to your account /not free.

:* Can process millions of events, captured by:

::* CloudTrail

::* DNS (Route 53)

::* VPC Flow longs

This service learns what is normal in the account to find abnormal actions.

:* Can detect connections with unisal sources.

:* EG: data been exfiltrated to a remote FTP server

This is a ''always on'' service:

:* Issues can be found without incurring a performance hit.

:* No local agentds are requires - this is Security as a Service.

:* No upfront costs with GuardDuty.

:* Installs in ''One Click'' no configuration nightmares.

Additionally:

:: Coverage is global.

:: Can detect intel-based well known threats

:: Can find behaviour based threats

:: Can monitor security over different accounts

== Guard Duty Data Sources ==

Once enabling guard duty, it will use these data sources...

* VPC Flow logs

:: Provide details about network communication

:: VPC flow logs can be turned off - because of this Guard Duty uses its onwn flow log stream.

* CloudTrail Events

:: Stores SDK / Command line use for future reference.

:: Helps build a profile of your account to understand norms.

* DNS logs

:: Checks for queries of known and unknown instances.

:: Can look at domains queries and compre them to threat intelligence.

:: Can be done with or without route 53 enabled.

== GuardDuty Alerts ==

All detections are ranked: High, Medium or Low

:: This lets you know what items to address first.

Findings are devliered to three places:

:: Your secutiy hub.

:: A designated s3 bucket.

:: CloudWarch Events or Eventbridge

* For this setup you must have '''security hub''' up and running.

Why use these:

:: Security hub - lets you see everything in one place.

:: Cloudwatch / Eventbridge can provide near realtime alerts using SNS.

:: S3 Keeps an audutable log of alerts.

== Where does infomaton come from ==

Guard duty uses these sources:

:: AWS security intelegence

:: AWS Partners such as CrowdString and Proofpoint

:: Customer provided infomration.

== What can be detected ==

Using this intelgence GuardDuty can detect:

:: Hosts infected with known malware.

:: Proxies or TOR gateways

:: Crypto mining or wallets

:: Hosting of malware or hacking tools

== Macie vs GuardDuty ==

:: Macie looks at information stored in S3:

::: Tries to classifiy the data and assess it's risk

::: Macie is also a fullly managed macine learning system.

::: Macie allows proactive safeguards on sesnsative infomration.

:: GuardDury does not:

::: Read the S3 bucket data

::: Find data containing PII

:: Guard duty does:

::: Aggrigrate cloud trail events.

Macie - inforMation

Guard duty - Trails & logs (guards follow trails)

== Severity of items ==

A numerical scale is used for guard duty:

::*''High'' - 7.0 - 8.9

::*''Medium'' - 4.0.- 6.9

::*''Low'' - 1.0 - 3.9

These values can be used to trigger SNS alerts.

== Testing Guard Duty ==

AWS has a guard duty repo with simulated malware.

More information can be found here: at https://github.com/awslabs/amazon-guardduty-tester

This is a GIT repo that contains cloudformation templates.

After setup findings should appear in guard duty after 8 to 10 minutes.

== Findings & Cloudwatch ==

Multiple simular events will be combined - this is to prevent too much noise.

:: An inital alert is sent out, guard duty then waits for a backoff period before alerting again.

:: By default this period is six hours.

== Remediation ==

Any automated remeidation is done using cloudwatch.

For manual, Guard duity provides a remeidation guide.

Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

2026-05-25T00:37:33Z

Mflavell:

Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

2026-05-23T23:53:54Z

Mflavell:

Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

2026-05-23T23:49:17Z

Mflavell:

Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

2026-05-23T23:47:36Z

Mflavell: /* Amazon Guard Duty */

= Amazon Guard Duty =

This is a managed threat detection service.

:* Uses machine learning

:* Can process millions of events, captured by:

::* CloudTrail

::* DNS (Route 53)

::* VPC Flow longs

This service learns what is normal in the account to find abnormal actions.

:* Can detect connections with unisal sources.

:* EG: data been exfiltrated to a remote FTP server

This is a ''always on'' service:

:* Issues can be found without incurring a performance hit.

:* No local agentds are requires - this is Security as a Service.

:* No upfront costs with GuardDuty.

:* Installs in ''One Click'' no configuration nightmares.

Additionally:

:: Coverage is global.

:: Can detect intel-based well known threats

:: Can find behaviour based threats

:: Can monitor security over different accounts

== Guard Duty Data Sources ==

Once enabling guard duty, it will use these data sources...

* VPC Flow logs

:: Provide details about network communication

:: VPC flow logs can be turned off - because of this Guard Duty uses its onwn flow log stream.

* CloudTrail Events

:: Stores SDK / Command line use for future reference.

:: Helps build a profile of your account to understand norms.

* DNS logs

:: Checks for queries of known and unknown instances.

:: Can look at domains queries and compre them to threat intelligence.

:: Can be done with or without route 53 enabled.

== GuardDuty Alerts ==

All detections are ranked: High, Medium or Low

:: This lets you know what items to address first.

Findings are devliered to three places:

:: Your secutiy hub.

:: A designated s3 bucket.

:: CloudWarch Events or Eventbridge

* For this setup you must have '''security hub''' up and running.

Why use these:

:: Security hub - lets you see everything in one place.

:: Cloudwatch / Eventbridge can provide near realtime alerts using SNS.

:: S3 Keeps an audutable log of alerts.

== Where does infomaton come from ==

Guard duty uses these sources:

:: AWS security intelegence

:: AWS Partners such as CrowdString and Proofpoint

:: Customer provided infomration.

== What can be detected ==

Using this intelgence GuardDuty can detect:

:: Hosts infected with known malware.

:: Proxies or TOR gateways

:: Crypto mining or wallets

:: Hosting of malware or hacking tools

== Macie vs GuardDuty ==

:: Macie looks at information stored in S3:

::: Tries to classifiy the data and assess it's risk

::: Macie is also a fullly managed macine learning system.

::: Macie allows proactive safeguards on sesnsative infomration.

:: GuardDury does not:

::: Read the S3 bucket data

::: Find data containing PII

:: Guard duty does:

::: Aggrigrate cloud trail events.

Macie - inforMation

Guard duty - Trails & logs (guards follow trails)

Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

2026-05-23T22:20:21Z

Mflavell: /* Amazon Guard Duty */

= Amazon Guard Duty =

This is a managed threat detection service.

:* Uses machine learning

:* Can process millions of events, captured by:

::* CloudTrail

::* DNS (Route 53)

::* VPC Flow longs

This service learns what is normal in the account to find abnormal actions.

:* Can detect connections with unisal sources.

:* EG: data been exfiltrated to a remote FTP server

This is a ''always on'' service:

:* Issues can be found without incurring a performance hit.

:* No local agentds are requires - this is Security as a Service.

:* No upfront costs with GuardDuty.

:* Installs in ''One Click'' no configuration nightmares.

Additionally:

*: Coverage is global.

*: Can detect intel-based well known threats

*: Can find behaviour based threats

*: Can monitor security over different accounts

== Guard Duty Data Sources ==

Once enabling guard duty, it will use these data sources...

* VPC Flow logs

:: Provide details about network communication

:: VPC flow logs can be turned off - because of this Guard Duty uses its onwn flow log stream.

* CloudTrail Events

:: Stores SDK / Command line use for future reference.

:: Helps build a profile of your account to understand norms.

* DNS logs

:: Checks for queries of known and unknown instances.

:: Can look at domains queries and compre them to threat intelligence.

:: Can be done with or without route 53 enabled.

== GuardDuty Alerts ==

All detections are ranked: High, Medium or Low

:: This lets you know what items to address first.

Findings are devliered to three places:

:: Your secutiy hub.

:: A designated s3 bucket.

:: CloudWarch Events or Eventbridge

* For this setup you must have '''security hub''' up and running.

Why use these:

:: Security hub - lets you see everything in one place.

:: Cloudwatch / Eventbridge can provide near realtime alerts using SNS.

:: S3 Keeps an audutable log of alerts.

== Where does infomaton come from ==

Guard duty uses these sources:

:: AWS security intelegence

:: AWS Partners such as CrowdString and Proofpoint

:: Customer provided infomration.

== What can be detected ==

Using this intelgence GuardDuty can detect:

:: Hosts infected with known malware.

:: Proxies or TOR gateways

:: Crypto mining or wallets

:: Hosting of malware or hacking tools

== Macie vs GuardDuty ==

:: Macie looks at information stored in S3:

::: Tries to classifiy the data and assess it's risk

::: Macie is also a fullly managed macine learning system.

::: Macie allows proactive safeguards on sesnsative infomration.

:: GuardDury does not:

::: Read the S3 bucket data

::: Find data containing PII

:: Guard duty does:

::: Aggrigrate cloud trail events.

Macie - inforMation

Guard duty - Trails & logs (guards follow trails)

Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

2026-05-23T22:07:09Z

Mflavell:

= Amazon Guard Duty =

This is a managed threat detection service.

:* Uses machine learning

:* Can process millions of events, captured by:

::* CloudTrail

::* DNS (Route 53)

::* VPC Flow longs

This service learns what is normal in the account to find abnormal actions.

:* Can detect connections with unisal sources.

:* EG: data been exfiltrated to a remote FTP server

This is a ''always on'' service:

:* Issues can be found without incurring a performance hit.

:* No local agentds are requires - this is Security as a Service.

:* No upfront costs with GuardDuty.

:* Installs in ''One Click'' no configuration nightmares.

Additionally:

*: Coverage is global.

*: Can detect intel-based well known threats

*: Can find behaviour based threats

*: Can monitor security over different accounts

== Guard Duty Data Sources ==

Once enabling guard duty, it will use these data sources...

* VPC Flow logs

:: Provide details about network communication

:: VPC flow logs can be turned off - because of this Guard Duty uses its onwn flow log stream.

* CloudTrail Events

:: Stores SDK / Command line use for future reference.

:: Helps build a profile of your account to understand norms.

* DNS logs

:: Checks for queries of known and unknown instances.

:: Can look at domains queries and compre them to threat intelligence.

:: Can be done with or without route 53 enabled.

== GuardDuty Alerts ==

All detections are ranked: High, Medium or Low

:: This lets you know what items to address first.

Findings are devliered to three places:

:: Your secutiy hub.

:: A designated s3 bucket.

:: CloudWarch Events or Eventbridge

* For this setup you must have '''security hub''' up and running.

Why use these:

:: Security hub - lets you see everything in one place.

:: Cloudwatch / Eventbridge can provide near realtime alerts using SNS.

:: S3 Keeps an audutable log of alerts.

== Where does infomaton come from ==

Guard duty uses these sources:

:: AWS security intelegence

:: AWS Partners such as CrowdString and Proofpoint

:: Customer provided infomration.

== What can be detected ==

Using this intelgence GuardDuty can detect:

:: Hosts infected with known malware.

:: Proxies or TOR gateways

:: Crypto mining or wallets

:: Hosting of malware or hacking tools

Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

2026-05-22T01:21:48Z

Mflavell: /* VPC Flow logs */

Study Guides/AWS Cybersecurity Notes/Security Hub & Guard Duty

2026-05-22T01:14:58Z

Mflavell: Created page with " = Amazon Guard Duty = This is a managed threat detection service. :* Uses machine learning :* Can process millions of events, captured by: ::* CloudTrail ::* DNS (Route 53) ::* VPC Flow longs This service learns what is normal in the account to find abnormal actions. :* Can detect connections with unisal sources. :* EG: data been exfiltrated to a remote FTP server This is a ''always on'' service: :* Issues can be found without incurring a performance hit...."

Study Guides/AWS Cybersecurity Notes

2026-05-22T01:02:34Z

Mflavell:

Study Guides/AWS Cybersecurity Notes

2026-05-22T01:01:51Z

Mflavell:

Study Guides/AWS Cybersecurity Notes/AWS Config

2026-05-21T16:06:21Z

Mflavell:

= What is AWS Config =

AWS Config - records configurations and configuration changes.

This is separate from cloud trail that records user events.

: How to visualize this

:: Peope leave trails 🚶... (Cloud Trail)

:: Computers have configuration

::: Cloudtrail = Who did it?

::: AWS Config = What did they do?

AWS config has a ''configuration recorder'' that lets you inventory in real time.

:: Can be used in across multiple regions or accounts.

:: Resources can be evaluated constantly or on a fixed schedule.

:: Lambda or System manager can be used to automatically remediate any compliance problems.

AWS Config allows a system to be continuously compliant by maintaining records of the systems sin

:: Any time a change is made on the system - the change is captured with who or what made the change.

:: This enabled auditing and checking of compliance levels at any time, on demand.

= Why use AWS config =

It is hard to understand what resources you are using in AWS.

: Think of the problems running a massive system.

:: How can you ever keep up with the what / where?

:: How do you know what is no longer required?

:: How do you know developers and engineers are following security policy?

This can be used for risk reduction:

: Checking server exposure to the internet

: Volumes that may not be encrypted.

: Servers than hardening.

: Accurate records of changes are recorded.

= What can AWS config do =

* Checks configurations

* Can save a snapshot of the current configuration

* Lets you pull historical configurations

* Allows the viewing of relationships

* Can find resources been used easily and quickly

* Can help reduce troubleshooting times though the comparison with the last known good configuration.

= Does AWS config have associated charges =

* Yes - recoding has two different prices for continuous and periodic recording.

* Rule evaulations will also cost you.

* How to avoid pricing:

:* Exclude resources you don't care about.

:* Filter out regions or systems you don't care about.

:* Monitor your bill!

= How AWS Config works =

When a service is started AWS config scans the account for supported resources or services.

: A configuation item is created for each resource or service.

: Each time a change takes place a new configuration item is created.

:: This allows changes to be determined in the configuration.

== Configuration Items ==

These are snapshots that are stored in JSON format.

: They represent the configuration at a point in time.

: Most resources are supported by AWS Config - but not all.

: An updare to the CI is made every time something changes on a monitored resource.

Inside a configuration item:

:* ''Metadata'' - Information about the configuration item.

:* ''Attributes'' - Resourde data of the configuraton item.

:* ''Relationship'' - Holds related data:

:: For example subnet infomation or VPC infomation.

:* ''Current configuration''

== Confguration recorder ==

The configuration recorder discoveres changes in resources, new or existing.

: These changes are then fed into configration item.

: A configuration recorder is a must to monitor configurations.

: The configuration recorder is the eyes of the config system.

The recorder can be setup severa ways:

:* Command line interface

:* IaC - Infrastrcture as code such as:

::* CloudFormation

::* Terraform

By default this will setup configuration items for all resources by defauly.

== Configuration role ==

This is an IAM role that provides read only access to record the configuration items.

This role also needs write permissions to the S3 bucket where the snapshots will be stored.

== Configuration streams ==

When a new configuration item is created it's added to a configuration stream.

The configuration stream is the same as an SNS topic.

= Basic Setup =

This provides a overview, for the exact CLI commands consult the AWS guides.

* Create an S3 bucket to store the configuration items

* Create an SNS topic for the config service

* Create the IAM role for the config service:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "config.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"AWS:SourceAccount": "your account number"
}
}
}
]
}

Saving this will give you a role ARN - ''''This will be needed to start the configuration recorder''''

lets break the JSON down for better understanding:

:* You want to ''Assume a role''

:* To ''Allow''

:* The ''Config service''

:* To access ''Your aws account''

A '''Policy''' now needs to be created for the role to use, lets use this:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ConfigS3PutPolicy","Effect": "Allow",
"Action":[
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource":[
"arn:aws:s3:::'''s3 bucket'''/*"
],
"Condition":{
"StringLike":{
"s3:x-amz-acl":"bucket-owner-full-control"
}
}
},
{
"Sid": "ConfigS3GetPolicy",
"Effect": "Allow",
"Action":[
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource":[
"arn:aws:s3:::packt-config/*"
],
"Condition":{
"StringLike":{
"s3:x-amz-acl":"bucket-owner-full-control"
}
}
},
{
"Sid": "ConfigS3GetPolicy",
"Effect": "Allow",
"Action":[ "s3:GetBucketAcl" ],
"Resource": "arn:aws:s3::'''s3 bucket'''"
},
{
"Sid": "ConfigSNSPolicy",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "arn:'''SNS-ARN'''"
},
{
"Sid": "DescribeResources",
"Effect": "Allow",
"Action":[
"ec2:Describe*"
],
"Resource": "*"
}
]
}

Let's break the JSON down for understanding:

:* It provides access to the bucket to write objects

:* It provides assess to SNS for push data

:* It allows allows the discerption of ec2 resources

The entire process is captured:

: Describe > Transmit (SNS) > Save (s3)

With this done we can attach the policy to the role:

This can be done in the AWS CLI with the following command:

aws iam attach-role-policy --role-name '''role name''' --policy-arn '''policy arn'''

Next and very importantly we need to determine what resources to capture.

:* Keep in mind you will pay a nominal free for these / but this is AWS - resources add up $$$

:* If you monitor too little you won't get the data you need to make decisions or protect the system.

:* Decide what is right for your system.

Here is an example of the JSON file:

{
"allSupported": false,
"includeGlobalResourceTypes": false,
"resourceTypes": [
"AWS::EC2::SecurityGroup",
"AWS::EC2::Volume"
]
}

This will monitor:

::* EC2 security groups.

::* EC2 Volue status.

Next create a delivery file:

{
"name": "default",
"s3BucketName": "''your-bucket''",
"snsTopicARN": "arn:aws:sns:''your-sns''",
"configSnapshotDeliveryProperties": {
"deliveryFrequency": "Twelve_Hours"
}
}

Breaking it down:

::* Connects the S3 bucket

::* Connects the SNS

::* Defines the frequency

Finally, start the recorder

aws configservice start-configuration-recorder --configuration-recorder-name ''name''

::* It will take a few minutes for the data to be posted.

= AWS Config Rules =

Rules enable you to automatically evaluate the configuration of monitored resources.

A rule can be triggered in two ways:

:* When a resource changes

:* On a schedule

These rules allow you to enfore a consistant approach to AWS resources.

: This is independent of who deployed them or when they where deployed.

== Rules can apply to ==

:* A single or a set of resouce ID's

:* Types of resources

:* Resources with a specified tag

Rules help enforce compliance.

: Labmba functions can also be used to add logic to the rules.

== AWS Config Managed Rules ==

These are preconfigured to ensure your systems comply to industry best practices.

For custom rules their is no need for write an action - it is performed automatically.

Over 150 managed rules exist today.

== Custom Rules ==

Custom rules can be created using two methods:

:* AWS Lambda

:* A Guard policy

== Rule Evaluation ==

:* Proactive mode - Immimdate evaluation

:* Detective mode - Evaulated against resources that are already depoyed.

== Conformance packs ==

:* These make it easy to implement best practices.

:* Can be run in a region or over multiple regions via aggregator.

:* Enables a one click setup.

= Configuration History =

As you may expect, this lists all the changes made to a resource.

:: This is done by comparing the configuration items saved in the S3 bucket.

:: Use case: Determine the history of events that resulted in an incident.

= Fixing no compliant resources =

This is possible out of the box though the use of ''System Manager Automation Runbooks''

:: Contain predefined automated remediations.

:: Custom remediations can also be created.

= Using Multiple accounts =

This is done using aggregator, the use cases are:

:* Single account / Multi region

:* Multi account / Multi region

The aggregator makes finding trends in multiple regions or accounts easier by consolidating the data.

Rules

2026-05-21T15:54:44Z

Mflavell: /* Cramsession Code */

= Introduction =

Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules.

== Cramsession Code ==

=== Do no harm ===

'''👉Breaking these will get you a lifetime ban'''

:* Don't post hate / sex , engage in hateful or illegal activity on this site.

:* Don't deface the pages created by other authors.

:* Don't attempt to edit the sidebar, main landing page or these rules.

:* Be polite!!

=== Help each other on our journey ===

:* If you see incorrect information, help the author correct it by editing the page directly.

:* If you think a page needs more content, add it - this is our community.

:* Keep the site clean - Use the the correct naming format for pages: /Study Guides/''major topic''/''your guide name''/''sub topic''

:::* Some of the older pages may not have this format - we are working on updating that.

=== We are here... for all mankind ===

:* You do not own the information you post on this site, even if your account is deleted your content will stay online forever.

:* If you have any problems, communicate with us.

=== Keep your author account in good standing ===

:* The $10 (USD) a month will be debited automatically (we need to pay our humans, and the bills)

:* Keep your certifications in good standing - let us know if you get anything new.

== Contacting us ==

Reach out via email: info@907technology.com

Rules

2026-05-21T15:53:53Z

Mflavell: /* Help each other on our journey */

Study Guides/AWS Cybersecurity Notes

2026-05-21T15:50:33Z

Mflavell:

Study Guides/AWS Cybersecurity Notes/AWS Config

2026-05-21T15:50:03Z

Mflavell: Mflavell moved page AWS Config to Study Guides/AWS Cybersecurity Notes/AWS Config without leaving a redirect

Study Guides/AWS Cybersecurity Notes

2026-05-21T15:49:16Z

Mflavell:

Study Guides

2026-05-21T15:48:44Z

Mflavell:

=SCS-C02 Cybersecurity Specialist=

📗[[Study Guides/AWS Cybersecurity Notes|AWS Cybersecurity Notes]]

=Multiple Choice Guide=

✅[https://www.dmu.edu/wp-content/uploads/MULTIPLE-CHOICE-TEST-TAKING-STRATEGIES.pdf Hacking Multiple Choice Questions]

Study Guides

2026-05-21T15:48:12Z

Mflavell:

=SCS-C02 Cybersecurity Specialist=

📗[[Study Guides/AWS Cybersecurity Notes AWS Cybersecurity Notes]]

=Multiple Choice Guide=

✅[https://www.dmu.edu/wp-content/uploads/MULTIPLE-CHOICE-TEST-TAKING-STRATEGIES.pdf Hacking Multiple Choice Questions]

Study Guides/AWS Cybersecurity Notes/AWS Config

2026-05-21T15:47:02Z

Mflavell:

Study Guides

2026-05-21T15:46:24Z

Mflavell:

=SCS-C02 Cybersecurity Speaclity=

📗[[Study Guides/AWS Cybersecurity Notes]]

=Multiple Choice Guide=

✅[https://www.dmu.edu/wp-content/uploads/MULTIPLE-CHOICE-TEST-TAKING-STRATEGIES.pdf Hacking Multiple Choice Questions]

AWS Cybersecurity Notes

2026-05-21T15:45:43Z

Mflavell: Mflavell moved page AWS Cybersecurity Notes to Study Guides/AWS Cybersecurity Notes

#REDIRECT [[Study Guides/AWS Cybersecurity Notes]]

Study Guides/AWS Cybersecurity Notes

2026-05-21T15:45:42Z

Mflavell: Mflavell moved page AWS Cybersecurity Notes to Study Guides/AWS Cybersecurity Notes

[[Study Guides]] > AWS Cybersecurity Notes

=SCS-C02=

[https://a.co/d/7oZWHFl 📕Recommended Study Guide]

[[AWS - Cloudtrail]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 2]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 3]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 4]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 5]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 6]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 7]]

[[AWS Certified Serucity Spacaility - SCS-C02 Study notes - Part 8]]

[[Building a Bastion server - Part 9]]

[[Isolating EC2 Instances for Forensic Inspection]]

[[Amazon Detective]]

[[Systems Manager]]

[[Amazon Inspector]]

[[Amazon KMS]]

[[Cloud HSM]]

[[AWS IAM]]

[[AWS Config]]

Rules

2026-05-21T15:39:37Z

Mflavell: /* Cramsession Code */

= Introduction =

Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules.

== Cramsession Code ==

=== Do no harm ===

'''👉Breaking these will get you a lifetime ban'''

:* Don't post hate / sex , engage in hateful or illegal activity on this site.

:* Don't deface the pages created by other authors.

:* Don't attempt to edit the sidebar, main landing page or these rules.

:* Be polite!!

=== Help each other on our journey ===

:* If you see incorrect information, help the author correct it by editing the page directly.

:* if you think a page needs more content, add it - this is our community.

=== We are here... for all mankind ===

:* You do not own the information you post on this site, even if your account is deleted your content will stay online forever.

:* If you have any problems, communicate with us.

=== Keep your author account in good standing ===

:* The $10 (USD) a month will be debited automatically (we need to pay our humans, and the bills)

:* Keep your certifications in good standing - let us know if you get anything new.

== Contacting us ==

Reach out via email: info@907technology.com

Study Guides/AWS Cybersecurity Notes/AWS Config

2026-05-20T00:46:31Z

Mflavell: /* AWS Config Rules */

[[Study Guides]] > [[AWS Cybersecurity Notes]] > AWS Config

= What is AWS Config =

AWS Config - records configurations and configuration changes.

This is separate from cloud trail that records user events.

: How to visualize this

:: Peope leave trails 🚶... (Cloud Trail)

:: Computers have configuration

::: Cloudtrail = Who did it?

::: AWS Config = What did they do?

AWS config has a ''configuration recorder'' that lets you inventory in real time.

:: Can be used in across multiple regions or accounts.

:: Resources can be evaluated constantly or on a fixed schedule.

:: Lambda or System manager can be used to automatically remediate any compliance problems.

AWS Config allows a system to be continuously compliant by maintaining records of the systems sin

:: Any time a change is made on the system - the change is captured with who or what made the change.

:: This enabled auditing and checking of compliance levels at any time, on demand.

= Why use AWS config =

It is hard to understand what resources you are using in AWS.

: Think of the problems running a massive system.

:: How can you ever keep up with the what / where?

:: How do you know what is no longer required?

:: How do you know developers and engineers are following security policy?

This can be used for risk reduction:

: Checking server exposure to the internet

: Volumes that may not be encrypted.

: Servers than hardening.

: Accurate records of changes are recorded.

= What can AWS config do =

* Checks configurations

* Can save a snapshot of the current configuration

* Lets you pull historical configurations

* Allows the viewing of relationships

* Can find resources been used easily and quickly

* Can help reduce troubleshooting times though the comparison with the last known good configuration.

= Does AWS config have associated charges =

* Yes - recoding has two different prices for continuous and periodic recording.

* Rule evaulations will also cost you.

* How to avoid pricing:

:* Exclude resources you don't care about.

:* Filter out regions or systems you don't care about.

:* Monitor your bill!

= How AWS Config works =

When a service is started AWS config scans the account for supported resources or services.

: A configuation item is created for each resource or service.

: Each time a change takes place a new configuration item is created.

:: This allows changes to be determined in the configuration.

== Configuration Items ==

These are snapshots that are stored in JSON format.

: They represent the configuration at a point in time.

: Most resources are supported by AWS Config - but not all.

: An updare to the CI is made every time something changes on a monitored resource.

Inside a configuration item:

:* ''Metadata'' - Information about the configuration item.

:* ''Attributes'' - Resourde data of the configuraton item.

:* ''Relationship'' - Holds related data:

:: For example subnet infomation or VPC infomation.

:* ''Current configuration''

== Confguration recorder ==

The configuration recorder discoveres changes in resources, new or existing.

: These changes are then fed into configration item.

: A configuration recorder is a must to monitor configurations.

: The configuration recorder is the eyes of the config system.

The recorder can be setup severa ways:

:* Command line interface

:* IaC - Infrastrcture as code such as:

::* CloudFormation

::* Terraform

By default this will setup configuration items for all resources by defauly.

== Configuration role ==

This is an IAM role that provides read only access to record the configuration items.

This role also needs write permissions to the S3 bucket where the snapshots will be stored.

== Configuration streams ==

When a new configuration item is created it's added to a configuration stream.

The configuration stream is the same as an SNS topic.

= Basic Setup =

This provides a overview, for the exact CLI commands consult the AWS guides.

* Create an S3 bucket to store the configuration items

* Create an SNS topic for the config service

* Create the IAM role for the config service:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "config.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"AWS:SourceAccount": "your account number"
}
}
}
]
}

Saving this will give you a role ARN - ''''This will be needed to start the configuration recorder''''

lets break the JSON down for better understanding:

:* You want to ''Assume a role''

:* To ''Allow''

:* The ''Config service''

:* To access ''Your aws account''

A '''Policy''' now needs to be created for the role to use, lets use this:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ConfigS3PutPolicy","Effect": "Allow",
"Action":[
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource":[
"arn:aws:s3:::'''s3 bucket'''/*"
],
"Condition":{
"StringLike":{
"s3:x-amz-acl":"bucket-owner-full-control"
}
}
},
{
"Sid": "ConfigS3GetPolicy",
"Effect": "Allow",
"Action":[
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource":[
"arn:aws:s3:::packt-config/*"
],
"Condition":{
"StringLike":{
"s3:x-amz-acl":"bucket-owner-full-control"
}
}
},
{
"Sid": "ConfigS3GetPolicy",
"Effect": "Allow",
"Action":[ "s3:GetBucketAcl" ],
"Resource": "arn:aws:s3::'''s3 bucket'''"
},
{
"Sid": "ConfigSNSPolicy",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "arn:'''SNS-ARN'''"
},
{
"Sid": "DescribeResources",
"Effect": "Allow",
"Action":[
"ec2:Describe*"
],
"Resource": "*"
}
]
}

Let's break the JSON down for understanding:

:* It provides access to the bucket to write objects

:* It provides assess to SNS for push data

:* It allows allows the discerption of ec2 resources

The entire process is captured:

: Describe > Transmit (SNS) > Save (s3)

With this done we can attach the policy to the role:

This can be done in the AWS CLI with the following command:

aws iam attach-role-policy --role-name '''role name''' --policy-arn '''policy arn'''

Next and very importantly we need to determine what resources to capture.

:* Keep in mind you will pay a nominal free for these / but this is AWS - resources add up $$$

:* If you monitor too little you won't get the data you need to make decisions or protect the system.

:* Decide what is right for your system.

Here is an example of the JSON file:

{
"allSupported": false,
"includeGlobalResourceTypes": false,
"resourceTypes": [
"AWS::EC2::SecurityGroup",
"AWS::EC2::Volume"
]
}

This will monitor:

::* EC2 security groups.

::* EC2 Volue status.

Next create a delivery file:

{
"name": "default",
"s3BucketName": "''your-bucket''",
"snsTopicARN": "arn:aws:sns:''your-sns''",
"configSnapshotDeliveryProperties": {
"deliveryFrequency": "Twelve_Hours"
}
}

Breaking it down:

::* Connects the S3 bucket

::* Connects the SNS

::* Defines the frequency

Finally, start the recorder

aws configservice start-configuration-recorder --configuration-recorder-name ''name''

::* It will take a few minutes for the data to be posted.

= AWS Config Rules =

Rules enable you to automatically evaluate the configuration of monitored resources.

A rule can be triggered in two ways:

:* When a resource changes

:* On a schedule

These rules allow you to enfore a consistant approach to AWS resources.

: This is independent of who deployed them or when they where deployed.

== Rules can apply to ==

:* A single or a set of resouce ID's

:* Types of resources

:* Resources with a specified tag

Rules help enforce compliance.

: Labmba functions can also be used to add logic to the rules.

== AWS Config Managed Rules ==

These are preconfigured to ensure your systems comply to industry best practices.

For custom rules their is no need for write an action - it is performed automatically.

Over 150 managed rules exist today.

== Custom Rules ==

Custom rules can be created using two methods:

:* AWS Lambda

:* A Guard policy

== Rule Evaluation ==

:* Proactive mode - Immimdate evaluation

:* Detective mode - Evaulated against resources that are already depoyed.

== Conformance packs ==

:* These make it easy to implement best practices.

:* Can be run in a region or over multiple regions via aggregator.

:* Enables a one click setup.

Study Guides/AWS Cybersecurity Notes/AWS Config

2026-05-20T00:36:12Z

Mflavell: /* AWS Config Rules */

Study Guides/AWS Cybersecurity Notes/AWS Config

2026-05-20T00:17:56Z

Mflavell:

Rules

2026-05-19T17:25:12Z

Mflavell:

= Introduction =

Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules.

== Cramsession Code ==

=== Do no harm ===

'''👉Breaking these will get you a lifetime ban'''

:* Don't post hate / sex , engage in hateful or illegal activity on this site.

:* Don't deface the pages created by other authors.

:* Don't attempt to edit the sidebar, main landing page or these rules.

:* Be polite!!

=== Help each other on our journey ===

:* If you see incorrect information, help the author correct it by editing the page directly.

:* if you think a page needs more content, add it - this is our community.

=== We are here... for all mankind ===

:* You do not own the information you post on this site, even if your account is deleted your content will stay online forever.

:* If you have any problems, communicate with us.

=== Keep your author account in good standing ===

:* The $10 (USD) a month will be debited automatically (we need to pay our humans, and the bills)

:* Keep your certifications in good standing - let us know if you get anything new.

== Contacting us ==

Reach out via email: info@907technology.com

Rules

2026-05-19T17:24:23Z

Mflavell: /* Cramsession Code */

= Introduction =

Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules.

== Cramsession Code ==

=== Do no harm ===

'''👉Breaking these will get you a lifetime ban'''

:* Don't post hate / sex , engage in hateful or illegal activity on this site.

:* Don't deface the pages created by other authors.

:* Don't attempt to edit the sidebar, main landing page or these rules.

:* Be polite!!

=== Help each other on our journey ===

:* If you see incorrect information, help the author correct it by editing the page directly.

:* if you think a page needs more content, add it - this is our community.

=== We are here... for all mankind ===

:* You do not own the information you post on this site, even if your account is deleted your content will stay online forever.

:* If you have any problems, communicate with us.

=== Keep your author account in good standing ===

:* The $10 (USD) a month will be debited automatically (we need to pay our humans, and the bills)

:* Keep your certifications in good standing - let us know if you get anything new.

== Contacting us ==

Reach out via email: info@907technology.com

Rules

2026-05-19T17:22:59Z

Mflavell: /* Cramsession Code */

= Introduction =

Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules.

== Cramsession Code ==

=== Do no harm ===

Breaking these will get you a lifetime ban

:* Don't post hate / sex , engage in hateful or illegal activity on this site.

:* Don't deface the pages created by other authors.

:* Don't attempt to edit the sidebar, main landing page or these rules.

:* Be polite!!

=== Help each other on our journey ===

''Lets play nice kids''

:* If you see incorrect information, help the author correct it by editing the page directly.

:* if you think a page needs more content, add it - this is our community.

=== We are here... for all mankind ===

''Help the universe''

:* You do not own the information you post on this site, even if your account is deleted your content will stay online forever.

:* If you have any problems, communicate with us.

=== Keep your author account in good standing ===

''Just the right thing to do''

:* The $10 (USD) a month will be debited automatically (we need to pay our humans, and the bills)

:* Keep your certifications in good standing - let us know if you get anything new.

== Contacting us ==

Reach out via email: info@907technology.com

Rules

2026-05-19T17:21:49Z

Mflavell: /* Cramsession Code */

= Introduction =

Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules.

== Cramsession Code ==

* Do no harm

''Breaking these will get you a lifetime ban''

:* Don't post hate / sex , engage in hateful or illegal activity on this site.

:* Don't deface the pages created by other authors.

:* Don't attempt to edit the sidebar, main landing page or these rules.

:* Be polite!!

* Help each other on our journey

''Lets play nice kids''

:* If you see incorrect information, help the author correct it by editing the page directly.

:* if you think a page needs more content, add it - this is our community.

* We are here... for all mankind.

''Help the universe''

:* You do not own the information you post on this site, even if your account is deleted your content will stay online forever.

:* If you have any problems, communicate with us.

* Keep your author account in good standing.

''Just the right thing to do''

:* The $10 (USD) a month will be debited automatically (we need to pay our humans, and the bills)

:* Keep your certifications in good standing - let us know if you get anything new.

== Contacting us ==

Reach out via email: info@907technology.com

Rules

2026-05-19T17:16:53Z

Mflavell: Protected "Rules" ([Edit=Allow only administrators] (indefinite))

= Introduction =

Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules.

== Cramsession Code ==

* Do no harm

:* Don't post hate / sex , engage in hateful or illegal activity on this site.

:* Don't deface the pages created by other authors.

:* Don't attempt to edit the sidebar or main landing page - all other pages are editable.

* Help each other on our journey

:* If you see incorrect information, help the author correct it by editing the page directly.

:* if you think a page needs more content, add it - this is our community.

* We are here... for all mankind.

:* You do not own the information you post on this site, even if your account is deleted your content will stay online forever.

:* If you have any problems, communicate with us.

* Keep your author account in good standing.

:* The $10 (USD) a month will be debited automatically (we need to pay our humans, and the bills)

:* Keep your certifications in good standing - let us know if you get anything new.

== Contacting us ==

Reach out via email: info@907technology.com

Rules

2026-05-19T17:15:00Z

Mflavell: /* Contacting us */

= Introduction =

Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules.

== Cramsession Code ==

* Do no harm

:* Don't post hate / sex , engage in hateful or illegal activity on this site.

:* Don't deface the pages created by other authors.

:* Don't attempt to edit the sidebar or main landing page - all other pages are editable.

* Help each other on our journey

:* If you see incorrect information, help the author correct it by editing the page directly.

:* if you think a page needs more content, add it - this is our community.

* We are here... for all mankind.

:* You do not own the information you post on this site, even if your account is deleted your content will stay online forever.

:* If you have any problems, communicate with us.

* Keep your author account in good standing.

:* The $10 (USD) a month will be debited automatically (we need to pay our humans, and the bills)

:* Keep your certifications in good standing - let us know if you get anything new.

== Contacting us ==

Reach out via email: info@907technology.com

Rules

2026-05-19T17:13:43Z

Mflavell: Created page with " = Introduction = Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules. == Cramsession Code == * Do no harm :* Don't post hate / sex , engage in hateful or illegal activity on this site. :* Don't deface the pages created by other authors. :* Don't attempt to edit the sidebar or main landing page - all other pages are editable. * Help each other on our j..."

= Introduction =

Cramsession was found on the principle of providing validated, clean content to the internet community. As part of this core mission authors must follow these rules.

== Cramsession Code ==

* Do no harm

:* Don't post hate / sex , engage in hateful or illegal activity on this site.

:* Don't deface the pages created by other authors.

:* Don't attempt to edit the sidebar or main landing page - all other pages are editable.

* Help each other on our journey

:* If you see incorrect information, help the author correct it by editing the page directly.

:* if you think a page needs more content, add it - this is our community.

* We are here... for all mankind.

:* You do not own the information you post on this site, even if your account is deleted your content will stay online forever.

:* If you have any problems, communicate with us.

* Keep your author account in good standing.

:* The $10 (USD) a month will be debited automatically (we need to pay our humans, and the bills)

:* Keep your certifications in good standing - let us know if you get anything new.

== Contacting us ==

MediaWiki:Sidebar

2026-05-19T16:56:58Z

Mflavell: