* * *

JAM Overview
============

The AWS JAM is an event where participants experience a wide range of AWS services in a series of prepared scenarios (no more than 14) that represent common use-cases and operational tasks, such as remediation at scale, automation, forensics, incident response, compliance and many others. The event is gamified, with teams competing to score points by completing a series of challenges over the course of the event. AWS provides access to pre-created infrastructure that is based on common use cases that participants use to determine what happened, how to best respond, and deploy appropriate solutions. The challenges have varying degrees of difficulty and points associated with them. A live leader-board provides updates on stats and progress. Clues and guidance help your participants move through the challenges.

JAM Challenges Matrix
=====================

  

|   **Category**   |   **Challenge**   |   **Challenge Description**   |   **Covered Services and Skills**        |   **Level**   |   Points   |   **Average Execution Time**   |
| --- | --- | --- | --- | --- | --- | --- |
|   IAM   |   Least privilege, less hassle   |   Properly setup permissions for resources and applications to function as expected.   |   *    using IAM roles with EC2 instance      *   working with resource-based and identity-based policies      *   troubleshooting IAM permissions using CloudTrail and CloudWatch Logs      *   using Config to monitor public access permissions        |   Easy   |   80   |   30 minutes   |
|   IAM   |   Least privilege put to the test   |   The Dev-Team of your company just deployed a new Lambda Function. It is your job to evaluate if the Lambda Execution Role is setup according to the principle of least privilege. Find any unnecessary permissions and harden the IAM policy attached to the Lambda Execution Role!   |   *   using IAM roles with Lambda      *   working with identity-based policies and resource level permissions        |   Medium   |   150   |   45 minutes   |
|   IAM   |   Outside Access   |   Your CISO is concerned about access to your AWS environment from outside the company and wants you to implement an automated workflow to identify and report on potential external access. The CISO emphasized a preference for utilizing tools available in AWS, and a key deliverable is to implement a notification mechanism when cross-account access is discovered. After researching security tools available in AWS, you have decided to use several cloud native security services as part of your solution. Your challenge is to configure these tools, create the messaging capability, and enable event-driven workflows that integrate with these security services.   |   *   using IAM Access Analyzer to detect unintended external access to AWS resources      *   using CloudWatch Events to trigger a response flow      *   using Lambda to customize and send notification      *   using SecurityHub to analyze security events        |   Hard   |   150   |   60 minutes   |
|   Infrastructure Security   |    Do you really need this?   |   Get access to an EC2 instance in a completely isolated VPC without any internet gateway, NAT gateway, KeyPair or SSH open   |   *   using SSM Session Manager to securely manage EC2 instances        |   Easy   |   80   |   30 minutes   |
|   Infrastructure Security   |   Automate Network Reachability Assessment   |   This challenge revolves around how to build an automated solution for network assessment of EC2 instances.   |   *   using CloudWatch Event rules to react on changes in AWS environment      *   using Inspector network reachability assessment to assess EC2 network instance exposure        |   Medium   |   150   |   30 minutes   |
|   Infrastructure Security   |   Keep your secrets a secret   |   Your business is growing and new customers are flocking to the site everyday. The Customer database has lots of sensitive data and the password to the database is no longer a secret. We need to address this immediately!   |   *   using Secrets Manager to securely manage passwords      *   using Secrets Manager API to extract secrets        |   Medium   |   150   |   45 minutes   |
|   Data Protection   |   Fix The KMS Key   |   Properly set up permissions so that the resistance can access the encrypted classified plans to save the day   |   *   protecting access to S3 objects using resource-based policies and encryption      *   providing cross-account access to encrypted S3 objects      *   working with KMS keys policies        |   Medium   |   200   |   45 minutes   |
|   Data Protection   |   Secure Your Patient Data   |   An AWS environment that processes healthcare data needs to be configured to ensure patient data is secure.   |   *   using server-side encryption with S3 and EBS to protect sensitive data      *   configuring S3 events and CloudWatch alarms for continuous monitoring      *   using VPC Flow Logs for meeting logging requirements        |   Hard   |   150   |   60 minutes   |
|   Logging and Monitoring   |   Analyze the recent spike in your traffic   |   As part of your regular monitoring you're interested in learning more about the source of traffic. Are we going viral or is some bot traffic messing our stats?    |   *   using Athena to query files stored in S3      *   analyzing CloudFront logs to identify source of malicious activity        |   Easy   |   80   |   30 minutes   |
|   Logging and Monitoring   |   You Can't Secure What You Can't See!   |   As the Security architect in your company you are tasked to provide visibility into a specific EC2 configuration, _Instance Metadata Service_, across all your EC2 instances.   |   *   using CloudWatch events and Lambda for continuous security configurations validation      *   using SecurityHub as a single point of glass for viewing security events and detecting compliance violations      *   using SecurityHub custom actions to react to security events        |   Medium   |   150   |   45 minutes   |
|   Logging and Monitoring   |   Identify and mitigate configuration drift!   |   When you run a large fleet of EC2 instances, it's important to know the versions of software you run. And when instances run vulnerable software, you need to identify them and remediate them. In this challenge you will use services such as Amazon EC2, AWS Config and AWS Systems Manager.   |   *   using Config to detect configuration drift      *   using Systems Manager to collect inventory and to patch EC2 instances        |   Hard   |   200   |   60 minutes   |
|   Incident Response   |   Isolation Is Not Always Possible   |   It looks like someone compromised some of your EC2 instances. Network isolate all instances from each other quickly! Sounds like an easy job, doesn't it?   |   *   using VPC native features to restrict traffic flow to and from EC2 instances      *   learning EC2 instances isolation techniques        |   Easy   |   200   |   30 minutes   |
|   Incident Response   |   How to automate incident response and detection   |   This challenge revolves around how to build automated response systems for incidents at the infrastructure layer.   |   *   using GuardDuty to investigate security events      *   using VPC security features to quarantine a contaminated instance      *   automating incident response with lambda and CloudWatch Events        |   Medium   |   150   |   45 minutes   |

 **Attachments:**