A hands-on cybersecurity lab built on AWS to simulate and defend against real-world threats. This project provisions a Bastion host, a Defender instance, and integrates AWS GuardDuty and Security Hub using Terraform.
- Overview
- Architecture
- Project Structure
- Setup & Usage
- Documentation
- Evidence & Screenshots
- Blue Team (Defensive) – Latrisha Dodson
- Credits & Acknowledgments
- License
The AWS Cyber Range Lab provides a controlled environment to practice:
- Deploying infrastructure with Terraform (IaC)
- Monitoring threats with AWS GuardDuty
- Validating compliance with AWS Security Hub
- Testing connectivity between public and private subnets
- Blue team defensive security practices
The environment consists of:
- Bastion Host → Public subnet, SSH access
- Defender Instance → Private subnet, accessed only through Bastion
- AWS GuardDuty → Threat detection and monitoring
- AWS Security Hub → Centralized security findings
- VPC Endpoints → Secure SSM communication for private instances
cyber-range-lab-aws/
├── docs/ # Project documentation
│ ├── technical-documentation.md # Technical implementation details
│ └── workflow.md # Step-by-step deployment workflow
├── diagrams/ # Architecture diagrams
│ └── aws_cyberrange_topology.png
├── evidence/ # Screenshots and evidence
│ ├── aws/ # AWS console screenshots
│ └── localOS/ # Local terminal screenshots
├── terraform/ # Infrastructure as Code
│ ├── main.tf # Main infrastructure definitions
│ ├── variables.tf # Variable definitions
│ ├── outputs.tf # Output definitions
│ └── provider.tf # AWS provider configuration
├── LICENSE # MIT License
├── CODE_OF_CONDUCT.md # Community guidelines
├── CONTRIBUTING.md # Contribution guidelines
├── SECURITY.md # Security policy
└── README.md # This file
-
Clone this repository:
git clone https://github.com/ldodson10/cyber-range-lab-aws.git cd cyber-range-lab-aws -
Configure AWS credentials:
aws configure
-
Navigate to the terraform directory:
cd terraform -
Initialize Terraform:
terraform init
-
Plan the deployment:
terraform plan -out=tfplan
-
Apply the infrastructure:
terraform apply tfplan
-
Clean up when finished:
terraform destroy
- Technical Documentation - Detailed technical implementation and architecture
- Workflow Guide - Step-by-step deployment process and troubleshooting
The evidence/ directory contains comprehensive screenshots documenting the entire deployment process:
- EC2 instances configuration
- Security groups and networking
- VPC and subnet setup
- GuardDuty and Security Hub activation
- Terraform initialization and validation
- AWS CLI configuration
- Deployment process screenshots
- SSH connectivity testing
- Security service verification
This section documents the defensive security aspects implemented in the lab:
- AWS GuardDuty: Enabled for threat detection and monitoring
- AWS Security Hub: Centralized security findings and compliance validation
- Security Group Hardening: Restrictive inbound rules, least privilege access
- Network Segmentation: Public/private subnet isolation
- Bastion Host: Secure jump box for private instance access
- IAM Roles: Least privilege access for EC2 instances
- VPC Endpoints: Secure communication for SSM services
- Real-time threat detection through GuardDuty
- Compliance monitoring via Security Hub
- Network traffic analysis capabilities
- Log aggregation and analysis setup
Note: Additional blue team detection rules and MITRE ATT&CK mappings can be found in the technical documentation.
This project was developed by a dedicated cybersecurity team:
- Lead Cloud Architect (Project Lead): Shannon Kelly
- Infrastructure Engineer (Terraform & Automation Specialist): Fausto Rosado
- Red Team Engineer (Offensive Security Specialist): Zeinab Ali
- Blue Team Engineer (Defensive Security Specialist): Latrisha Dodson
- Documentation & Reporting Lead (Knowledge Manager): Javier Acosta
This project is licensed under the MIT License - see the LICENSE file for details.