Candidate.HackerClub.net

Fun and short cyber security challenges

Candidate Security Architect

Challenge 2 — AWS Architecture Review

You have reached a simulated AWS architecture review.

Review the architecture below and identify the most significant security weakness.

For your notes, record:

You will submit these at the final stage.

To reach the next challenge, replace unlock in the current URL with the insecure EC2 metadata-service version shown in the diagram.

Use lowercase characters in the URL.

Example format:

https://candidate.hackerclub.net/security-architect/unlock/

https://candidate.hackerclub.net/security-architect/your-answer/


Architecture

                          Internet
                              │
                              ▼
                    Application Load Balancer
                              │
                              ▼
                  EC2 URL Preview Application
              ┌──────────────────────────────────┐
              │ Accepts a user-supplied URL      │
              │ and retrieves its content        │
              │                                  │
              │ Instance profile:                │
              │ CandidateApplicationRole         │
              │                                  │
              │ IMDSv1: enabled                  │
              │ IMDSv2: optional                 │
              └───────────────┬──────────────────┘
                              │
                              ▼
                     Private Amazon S3 bucket