Nt1330 Unit 3 Lab Report
1. Create Amazon S3 bucket: amazon ec2
The created S3 bucket stores the encrypted password file. Encryption of the file system happens using such a password or key. When a boot happens for an Amazon EC2 instance, the files are copied, the encrypted password is read, the password is decrypted, and the plaintext password is retrieved. Utilization of this password happens when encrypting the file system on the instance store disk. Through the first step, the creation of an S# bucket occurs to enable the storage of the encrypted password file on it. Application of necessary permissions happens afterward. Additional permissions to the bucket to enable endpoint access are necessary whenever using Amazon VPC endpoint for Amazon S3.
Sign into the …show more content…
losetup /dev/loop0 secretfs
#Copy encrypted password file from S3. The password is used to configure LUKE later on.
aws s3 cp s3://an-internalstoragekeybucket/LuksInternalStorageKey .
# Decrypt the password from the file with KMS, save the secret password in LuksClearTextKey
LuksClearTextKey=$(aws --region us-east-1 kms decrypt --ciphertext-blob fileb://LuksInternalStorageKey --output text --query Plaintext | base64 --decode)
# Encrypt storage in the device. cryptsetup will use the Linux
# device mapper to create, in this case, /dev/mapper/secretfs.
# Initialize the volume and set an initial key.
echo "$LuksClearTextKey" | cryptsetup -y luksFormat /dev/loop0
# Open the partition, and create a mapping to /dev/mapper/secretfs.
echo "$LuksClearTextKey" | cryptsetup luksOpen /dev/loop0 secretfs
# Clear the LuksClearTextKey variable because we don't need it anymore.
unset LuksClearTextKey
# Check its status (optional).
cryptsetup status secretfs
# Zero out the new encrypted device.
dd if=/dev/zero of=/dev/mapper/secretfs
# Create a file system and verify its status.
mke2fs -j -O dir_index /dev/mapper/secretfs
# List file system configuration
The created S3 bucket stores the encrypted password file. Encryption of the file system happens using such a password or key. When a boot happens for an Amazon EC2 instance, the files are copied, the encrypted password is read, the password is decrypted, and the plaintext password is retrieved. Utilization of this password happens when encrypting the file system on the instance store disk. Through the first step, the creation of an S# bucket occurs to enable the storage of the encrypted password file on it. Application of necessary permissions happens afterward. Additional permissions to the bucket to enable endpoint access are necessary whenever using Amazon VPC endpoint for Amazon S3.
Sign into the …show more content…
losetup /dev/loop0 secretfs
#Copy encrypted password file from S3. The password is used to configure LUKE later on.
aws s3 cp s3://an-internalstoragekeybucket/LuksInternalStorageKey .
# Decrypt the password from the file with KMS, save the secret password in LuksClearTextKey
LuksClearTextKey=$(aws --region us-east-1 kms decrypt --ciphertext-blob fileb://LuksInternalStorageKey --output text --query Plaintext | base64 --decode)
# Encrypt storage in the device. cryptsetup will use the Linux
# device mapper to create, in this case, /dev/mapper/secretfs.
# Initialize the volume and set an initial key.
echo "$LuksClearTextKey" | cryptsetup -y luksFormat /dev/loop0
# Open the partition, and create a mapping to /dev/mapper/secretfs.
echo "$LuksClearTextKey" | cryptsetup luksOpen /dev/loop0 secretfs
# Clear the LuksClearTextKey variable because we don't need it anymore.
unset LuksClearTextKey
# Check its status (optional).
cryptsetup status secretfs
# Zero out the new encrypted device.
dd if=/dev/zero of=/dev/mapper/secretfs
# Create a file system and verify its status.
mke2fs -j -O dir_index /dev/mapper/secretfs
# List file system configuration