images moved

content/1 Projects/Transforming images using S3 Events and Lambda.md

@@ -4,82 +4,82 @@ This lab was taken from Adrian Cantrill's course: https://github.com/acantril/le
 #### Create the S3 Buckets
 In the S3 portal, click on 'Create bucket' we will need to create 2 buckets:
 
-![[content/3 AWS Services/Images/Pasted image 20240702113438.png]]
+![[Pasted image 20240702113438 1.png]]
 
 Give it a unique name, I named one 'imagepixelationsource' and 'imagepixelationprocessed':
 
-![[content/3 AWS Services/Images/Pasted image 20240702115102.png]]
-![[content/3 AWS Services/Images/Pasted image 20240702115818.png]]
+![[Pasted image 20240702115102 1.png]]
+![[Pasted image 20240702115818 1.png]]
 
 ##### Create the Lambda role
 
 Navigate to IAM and select 'Roles', click on 'Create role':
 
-![[content/3 AWS Services/Images/Pasted image 20240702120014.png]]
+![[Pasted image 20240702120014 1.png]]
 
 Select 'AWS service' and choose Lambda:
 
-![[content/3 AWS Services/Images/Pasted image 20240702120116.png]]
+![[Pasted image 20240702120116 1.png]]
 
 Give it a name and select 'Create role', we will not be adding any policies yet:
 
-![[content/3 AWS Services/Images/Pasted image 20240702120226.png]]
+![[Pasted image 20240702120226 1.png]]
 
 Select the role and select 'Add permissions' and 'Create inline policy':
-![[content/3 AWS Services/Images/Pasted image 20240702120902.png]]
+![[Pasted image 20240702120902 1.png]]
 
 Select JSON and paste the JSON copied from https://raw.githubusercontent.com/acantril/learn-cantrill-io-labs/master/00-aws-simple-demos/aws-lambda-s3-events/01_LABSETUP/policy/s3pixelator.json to here. Edit in the bucket names and account ID:
 
-![[content/3 AWS Services/Images/Pasted image 20240702121437.png]]
+![[Pasted image 20240702121437 1.png]]
 
 Give the policy a name and click 'Create policy':
 
-![[content/3 AWS Services/Images/Pasted image 20240702121628.png]]
+![[Pasted image 20240702121628 1.png]]
 
 #### Create the Lambda Function
 
 Navigate to the Lambda page and click on 'Create a function':
 
-![[content/3 AWS Services/Images/Pasted image 20240702122338.png]]
+![[Pasted image 20240702122338 1.png]]
 
 Author from scratch and fill out the required information:
 	Function name
 	Python 3.9
 	x86_64
 	Use an existing role (Select the role created in the step above)
 
-![[content/3 AWS Services/Images/Pasted image 20240702122509.png]]
+![[Pasted image 20240702122509 1.png]]
 
 Select the 'Upload from' and choose the .zip file. Upload the .zip file from https://github.com/acantril/learn-cantrill-io-labs/blob/master/00-aws-simple-demos/aws-lambda-s3-events/01_LABSETUP/my-deployment-package.zip :
 
-![[content/3 AWS Services/Images/Pasted image 20240702122729.png]]
+![[Pasted image 20240702122729 1.png]]
 
 Click on the 'Configuration' tab and under 'Environment Variables', select 'Edit':
 
-![[content/3 AWS Services/Images/Pasted image 20240702122953.png]]
+![[Pasted image 20240702122953 1.png]]
 
 Add the processed bucket key and value and hit 'Save':
 
-![[content/3 AWS Services/Images/Pasted image 20240702123115.png]]
+![[Pasted image 20240702123115 1.png]]
 
 Under 'General configuration', change the timeout to 1 minute:
 
-![[content/3 AWS Services/Images/Pasted image 20240702123329.png]]
+![[Pasted image 20240702123329 1.png]]
 
 Under the 'Triggers' section, add a trigger:
 
-![[content/3 AWS Services/Images/Pasted image 20240702123416.png]]
+![[Pasted image 20240702123416 1.png]]
 
 Make sure to select the source bucket or it may cause an exponential look and increase your costs!:
 
-![[content/3 AWS Services/Images/Pasted image 20240702123606.png]]
+![[Pasted image 20240702123606 1.png]]
 
 #### Assembling everything together
 
 Upload an image into the source bucket and see how the processed bucket will output 5 images with varying degrees of pixelation:
 
-![[content/3 AWS Services/Images/Pasted image 20240702125012.png]]![[content/3 AWS Services/Images/Pasted image 20240702125030.png]]
+![[Pasted image 20240702125012 1.png]]![[Pasted image 20240702125030 1.png]]
 
-![[content/3 AWS Services/Images/Pasted image 20240702125139.png]]
+![[Pasted image 20240702125139 1.png]]
 
-![[content/3 AWS Services/Images/Pasted image 20240702125252.png]]
+![[Pasted image 20240702125252 1.png]]

content/3 AWS Services/Connecting CloudWatch to EC2 Instances.md

@@ -9,37 +9,37 @@ Create an instance and connect to it:
 
 run ```sudo dnf install amazon-cloudwatch-agent```:
 
-![[content/3 AWS Services/Images/Pasted image 20240703113643.png]]
+![[Pasted image 20240703113643 1.png]]
 
 Type ```y``` and hit 'Enter':
 
-![[content/3 AWS Services/Images/Pasted image 20240703113759.png]]
+![[Pasted image 20240703113759 1.png]]
 
 ## Create an IAM role
 Navigate to IAM and under Access Management, select Roles and click on the 'Create role' button:
 
-![[content/3 AWS Services/Images/Pasted image 20240703114111.png]]
+![[Pasted image 20240703114111 1.png]]
 
 Select AWS Service and EC2:
 
-![[content/3 AWS Services/Images/Pasted image 20240703114211.png]]
+![[Pasted image 20240703114211 1.png]]
 
 Search up 'CloudWatchAgentServerPolicy' and 'AmazonSSMFullAccess':
 
-![[content/3 AWS Services/Images/Pasted image 20240703114349.png]]
-![[content/3 AWS Services/Images/Pasted image 20240703114418.png]]
+![[Pasted image 20240703114349 1.png]]
+![[Pasted image 20240703114418 1.png]]
 
 Give the role a name and select the 'Create role' button:
 
-![[content/3 AWS Services/Images/Pasted image 20240703114613.png]]
+![[Pasted image 20240703114613 1.png]]
 
 Navigate back into the EC2 portal and right click the instance, go to Security and choose 'Modify IAM role':
 
-![[content/3 AWS Services/Images/Pasted image 20240703114730.png]]
+![[Pasted image 20240703114730 1.png]]
 
 Select the role created earlier in the drop down box and select 'Update IAM role':
 
-![[content/3 AWS Services/Images/Pasted image 20240703114910.png]]
+![[Pasted image 20240703114910 1.png]]
 
 ### Installing the Agent
 Go back into the EC2 instance, run:
@@ -66,7 +66,7 @@ Use the default name.
 
 Once the configuration has been completed, navigate to the SSM in the portal: 
 
-![[content/3 AWS Services/Images/Pasted image 20240703120510.png]]
+![[Pasted image 20240703120510 1.png]]
 
 This configuration can now be used in any EC2 deployment.
 
@@ -85,26 +85,26 @@ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-c
 ### Checking CloudWatch Logs
 Go to CloudWatch and under log groups you can see the logs that were generated:
 
-![[content/3 AWS Services/Images/Pasted image 20240703121833.png]]
+![[Pasted image 20240703121833 1.png]]
 
 Select the access_log and choose a stream:
 
-![[content/3 AWS Services/Images/Pasted image 20240703122101.png]]
+![[Pasted image 20240703122101 1.png]]
 
 You can see all the log events:
 
-![[content/3 AWS Services/Images/Pasted image 20240703122208.png]]
+![[Pasted image 20240703122208 1.png]]
 
 ### Checking Metrics
 In the CloudWatch page, navigate to 'All metrics' and select 'CWAgent'
-![[content/3 AWS Services/Images/Pasted image 20240703122330.png]]
+![[Pasted image 20240703122330 1.png]]
 
 Due to installing the CloudWatch agent on the instance, you can now see all the operating system level metrics:
 
-![[content/3 AWS Services/Images/Pasted image 20240703122610.png]]
+![[Pasted image 20240703122610 1.png]]
 
 A4L instance CPU metrics:
-![[content/3 AWS Services/Images/Pasted image 20240703123301.png]]
+![[Pasted image 20240703123301 1.png]]
 
 This project covered installing the CloudWatch Agent on an EC2 instance.
 

content/3 AWS Services/Creating and Inviting Accounts in AWS Organizations.md

@@ -12,38 +12,38 @@ To invite an existing account to the org, you need the target account ID or emai
 #### Send Invite
 In the AWS Organizations portal:
 Select 'Add and AWS Account':
-![[content/3 AWS Services/Images/Pasted image 20240701100211.png]]
+![[Pasted image 20240701100211 1.png]]
 Select 'Send Invitation':
-![[content/3 AWS Services/Images/Pasted image 20240701102639.png]]
+![[Pasted image 20240701102639 1.png]]
 In the target account, remember to accept the invitation inside the AWS Organizations portal and you are now connected to the organization. To enable role switching, follow below to enable IAM access to the account.
 #### Adding IAM role to target account
 Now that we have sent an invitation, we need to add the proper IAM roles in order to allow access from the management account:
 
-![[content/3 AWS Services/Images/Pasted image 20240702080800.png]]
+![[Pasted image 20240702080800 1.png]]
 
 Select 'Create Role':
-![[content/3 AWS Services/Images/Pasted image 20240702080843.png]]
+![[Pasted image 20240702080843 1.png]]
 Select:
 AWS Account>Another AWS Account and enter the management account ID:
-![[content/3 AWS Services/Images/Pasted image 20240702080933.png]]
+![[Pasted image 20240702080933 1.png]]
 To add permissions, search 'administratoraccess':
-![[content/3 AWS Services/Images/Pasted image 20240702081017.png]] 
-You can give it any role name but 'OrganizationAccountAccessRole'  is the standard role name that AWS has when allowing organization access: ![[content/3 AWS Services/Images/Pasted image 20240702081048.png]]
+![[Pasted image 20240702081017 1.png]] 
+You can give it any role name but 'OrganizationAccountAccessRole'  is the standard role name that AWS has when allowing organization access: ![[Pasted image 20240702081048 1.png]]
  Click on 'Create role' when you have finished. You can now go to the Role Switching section below.
 ### Create New Account
 In the AWS portal, navigate to AWS Organizations and select the 'Add an AWS Account':
-![[content/3 AWS Services/Images/Pasted image 20240701100211.png]]
+![[Pasted image 20240701100211 1.png]]
 Enter a unique username and email address:
-![[content/3 AWS Services/Images/2024-07-01 09_51_41-Add an AWS account _ AWS Organizations _ Global — Mozilla Firefox.png]]
+![[2024-07-01 09_51_41-Add an AWS account _ AWS Organizations _ Global — Mozilla Firefox 1.png]]
 Once the account has been created, copy the ID (Green Box) and move to the role switching section below:
-![[content/3 AWS Services/Images/Pasted image 20240701100310.png]]
+![[Pasted image 20240701100310 1.png]]
 Note: You can only access this type of account through role switching.
 ### Role Switching
 For invited accounts: In order to implement this, in the destination account, add an IAM role to allow administrator access for another AWS account.
 
 On the top right side, select the 'Switch Role' button:
 
-![[content/3 AWS Services/Images/Pasted image 20240701102311.png]]
+![[Pasted image 20240701102311 1.png]]
 
 Enter the:
 - Account ID (Copied earlier in the 'Create Account' section above
@@ -52,14 +52,14 @@ Enter the:
 - Display Color - for easier identification
 Select switch role when done:
 
-![[content/3 AWS Services/Images/Pasted image 20240701100506.png]]
+![[Pasted image 20240701100506 1.png]]
 
 The console will direct you to the new account which can be identified by the top right corner:
-![[content/3 AWS Services/Images/Pasted image 20240701102343.png]]
+![[Pasted image 20240701102343 1.png]]
 
 You once you switch the role, you will now see that you are in the target account on the top right corner of the console. To go back select the 'switch back' button:
 
-![[content/3 AWS Services/Images/Pasted image 20240702082152.png]]
+![[Pasted image 20240702082152 1.png]]
 
 You can now invite, create, and switch AWS accounts. 
 

content/3 AWS Services/Revoking AWS Temporary Access Credentials.md

@@ -10,21 +10,21 @@ In order to revoke Temporary Access Credentials, we need to remove active sessio
 
 Navigate to IAM and under Access Management, select Roles:
 
-![[content/3 AWS Services/Images/Pasted image 20240702103852.png]]
+![[Pasted image 20240702103852 1.png]]
 
 Select the role that was compromised and select 'Revoke sessions':
-![[content/3 AWS Services/Images/Pasted image 20240702103958.png]]
+![[Pasted image 20240702103958 1.png]]
 
 Click on 'Revoke active sessions':
 
-![[content/3 AWS Services/Images/Pasted image 20240702103745.png]]
+![[Pasted image 20240702103745 1.png]]
 
 A green banner will notify you that all active sessions have been revoked:
 
-![[content/3 AWS Services/Images/Pasted image 20240702104131.png]]
+![[Pasted image 20240702104131 1.png]]
 
 If you go back to the permissions tab, you will notice a new policy revoking older sessions:
 
-![[content/3 AWS Services/Images/Pasted image 20240702105458.png]]
+![[Pasted image 20240702105458 1.png]]
 
 Note: If EC2 instances are using the role, restart the instances and it will regenerate a new set of credentials for the service. 

content/3 AWS Services/Securing Access using Service Control Policies.md

@@ -11,36 +11,36 @@ If you apply a SCP to an Organizational Unit (OU), everything down the tree will
 
 Navigate to the 'Policies' section of AWS Organizations:
 
-![[content/3 AWS Services/Images/Pasted image 20240702084215.png]]
+![[Pasted image 20240702084215 1.png]]
 
 Select 'Create policy':
-![[content/3 AWS Services/Images/Pasted image 20240702084321.png]]
+![[Pasted image 20240702084321 1.png]]
 
 Give it a policy name and description of what it will do:
 
-![[content/3 AWS Services/Images/Pasted image 20240702084757.png]]
+![[Pasted image 20240702084757 1.png]]
 
 For this example I will be allowing all services while denying EC2 and Budgets:
-![[content/3 AWS Services/Images/Pasted image 20240702084844.png]]
+![[Pasted image 20240702084844 1.png]]
 
 Navigate back to the main page in AWS Organisations and select which Organizational Unit (OU) you want to apply the policy to. We will be using the PROD OU:
 
-![[content/3 AWS Services/Images/Pasted image 20240702085029.png]]
+![[Pasted image 20240702085029 1.png]]
 
 Select the polices tab and select 'Attach':
 
-![[content/3 AWS Services/Images/Pasted image 20240702085209.png]]
+![[Pasted image 20240702085209 1.png]]
 
 Select the SCP you created earlier and click on 'Attach policy':
 
-![[content/3 AWS Services/Images/Pasted image 20240702085306.png]]
+![[Pasted image 20240702085306 1.png]]
 
 Now that the SCP has been attached, you can navigate into the targeted account and notice that EC2 has been denied:
 
-![[content/3 AWS Services/Images/Pasted image 20240702085705.png]]
+![[Pasted image 20240702085705 1.png]]
 
 Going into Budgets also show that it has been denied:
 
-![[content/3 AWS Services/Images/Pasted image 20240702085839.png]]
+![[Pasted image 20240702085839 1.png]]
 
 You can now create and apply SCPs to OUs, effectively allowing or denying access on an organizational scale.