# Amazon Q - The Ultimate AI Agent ## Метаданные - **Канал:** Loi Liang Yang - **YouTube:** https://www.youtube.com/watch?v=3aW15M3pTD8 - **Источник:** https://ekstraktznaniy.ru/video/38740 ## Транскрипт ### Segment 1 (00:00 - 05:00) [] Boys and girls, I have something super interesting to show you today. And this is where we have Amazon Loy developer. I mean Amazon Q developer. And this is how it's going to work. Imagine this. You have your best friend forever, Mr. Hackaloy, right beside you all of the time helping you analyze your web application firewall locks telling you, "Hey, if your gut duty a threat detection service has a finding, what can we do about it? How can we get our evidences? And can Mr. Hackaloy help you even remediate your findings inside your AWS environment. Are you ready for that? Let's go. So this is Amazon Q developer and you can get this and access this directly from AWS. So this is available wherever you work. So it can be in your integrated development environments or in a command line in a management console, GitLab Duo, Amazon Q and so on. So this is really powerful and you literally have your best friend forever, Hackaloy, right beside you teaching you AWS helping you and guide you throughout the entire process. And for today's tutorial, I'll be using Visual Studio Code with a plugin from Amazon Q. So all you have to do is select onto install and you'll be able to get this up and running inside Visual Studio Code. So super easy to use. So you can see right here I have Visual Studio Code running and I have Amazon Q plugin. So you can see the following. ask you to review your code and see results in a code issue panels. You can even ask more questions. Say for example, what can Amazon Q developer help me in areas of security? You hit enter on this and you can see the following right at the bottom. We have clot sonnet for. So you can select on it. You can run for example code security analysis, secrets detection, security best practices, infrastructure security, helping review your infrastructure as code. Even going right now to your AWS environment, telling you, hey, this is the list of things I'm seeing and I can even help you remediate that, which we'll see in a second. Now, before we go any further, the architecture of things is so important because first of all, your best friend forever, Mr. Heckaloy, is going to access over into a service or server and is fronted by Amazon called front a CDN. And this CDN is also protected at the same time by web application firewall. And after which it is going to be streamed over into EC2 where you have your get request, post request and so on and so forth. And what's going to happen here is its ability to stream the web application firewall logs over into cloudatch logs. And what's going to happen here typically is that it takes a lot of scales, a lot of time to analyze what's happening. And this is the magical part. This is where Amazon Q can really help us. So Amazon Q is going to be able to help us analyze into Cloudatch logs and say, "Hey, out of all those different events happening within your workload, we are identifying this set of IP addresses that are malicious and we want to help you block that out. " And Amazon Q can do all of this automatically and really quickly for you. And now before we go any further, kids, remember to put on your AWS thinking cap so that we can go ahead and get started. Now the first thing you need to do is to authenticate into your AWS account through say for example the terminal. So you can do a right click new terminal and all you have to do right now is enter to say for example AWS configure SSO. So hit enter on this and you have the session name you have all this different information. So I can enter to say for example the session name is Hacker Loy and there's a pop-up and then click on the following of confirm and continue and click allow access. Boom. Done. Request approved. So if I head back over into my Visual Studio Code you can see the following right here. There are four AWS accounts available to you. So in my case I am going to be using developer Loy and I have the default client region. All right. So you can enter on that output format. Hit enter on that. Profile name I can say hacker Loy. Hit enter on this and then done. All right. So to verify that everything is working as intended. All you have to do is enter to say for example AWS S3 LS- profile hacker law. Hit enter on that and you can see the following. Okay. So this is the part where we can see for example whether we have those services all right that is up and running. Okay so I enter the following s. So it should be for some s3 ls d- profile hackery. Okay done. So we managed to list now all of those S3 buckets and we have for example in this case we're authenticated we're authorized we can access the adables account to help us run analysis. So right here we're really excited. Let's go ahead and get started. start up my CloudFront distribution as well as a stop EC2 instance in AP service one with WordPress name. Use my profile of hackery as I am already authenticated and authorized to access this services. All right, so go ahead and hit enter on this and let's see what Amazon Q developer can do for us. I'll help you start up your cloud distribution EC2. All right. So you see the following. So I already have created and used Amazon Q4 and it's created a script for us. All right. So we can see the following. All right. We have shell, we have startup AWS resources. bat. And all you have to do right now is ### Segment 2 (05:00 - 10:00) [5:00] click run on this. And there's a bunch of information and commands already created to help us run all of that. So all I have to do right now is go ahead and run the bash script directly with full path to start ads resources. And you can see the following. All right. We have EC2 describe instances. All right. region AP service one with the profit hacker law and so on so forth it's looking for an EC2 instance with the name of WordPress and then once that is available for us all right you click run on this it identifies it and then what we will do right now is to help us run of that so list or stop instances to find a WordPress one all right click start and we have three of this right all right so describe instances so the one right over here WordPress is going to be the target so it has identified that as input for us over here and we just have to click run on this. So as you're running through all this, continue to verify the commands that are going to be placed over into your environment. The next up here is going to be listing CloudFront distributions. So I click run on this. It will go again to my ads environment and say hey you have a specific CloudFront distribution ID. We have noted down the ID. We've saved it down and we've placed it into subsequent command to help us start up the CloudFront distribution. All right. So you can see the following over here. We have distribution-config. json. All right. It's working on this to enable CloudFront. Okay. So once it's ready, click run. We'll be able to start up the CloudFront distribution. And the Cloud distribution may take a little while to be enabled. Okay. So right here, update distribution. Profitful Hacker Loy gives you the detail, gives you response back very quickly. And you can see right here the EC2 now is started and a CloudFront distribution has been enabled and it's currently deploying. So I've logged right in to the console and you can see right here with the distribution and then you can see right here it is currently deploying. Likewise when I head over to the EC2 service you can see WordPress has the instance state of running here too. So perfect it's all up and running. Just give it a while for cloud distribution to start up to deploy. And you can see right here we have website health check tool. So this is what is running on the EC2 and say for example we want to start spamming it with different type of malicious payload. Say for example I want to put single code or one which is a form of SQL injection. I click check. Now we got a block. All right. So the web application firewall is running and logging what is happening right here. Or say for example I want to put like a cross-ite script. I'll put like script over here and then I will say for example alert the following of hacked by Ly. All right, I put something like this. I hit enter on that. Once again, 43 error. The request could not be satisfied. Now, on an actual website, you'll be seeing tons of such requests and you want to be able to analyze them quickly and put a block to all of these IP addresses so that they can never ever access your services again or at least for a temporary period of time. And of course, if I head over to AWS web application firewall, you can see right here we have the traffic overview, we have the rules, we have the associate as resources and so forth. Okay. So what's important is going under logging and metrics and you can see right here we have a logging destination of Amazon CloudWatch logs log group with AWS W locks WordPress. Now, this is the super exciting part because you have literally Amazon Q developer like a hackaloy that is right beside you helping you analyze what's going on and even helping you remediate this kind of bad IP addresses by blocking them out using a creation of an IP set and attaching it automatically to your web application firewall rule. So right here all you have to say I would like to analyze the top offending IP addresses. All right. In cloud watch logs group for my WordPress site. Help me analyze the past 30 minutes. I hit enter on this and you can see the following. Now we're working with Amazon kill developer. I help you analyze. All right. And it provides the instructions right here. And verify describe log groups query and so on. It's working. Okay. And then we can now describe lock groups in AP service one. Checking W locks which likely contain WordPress traffic and IP address. Click start on this. So most likely we would have to use US East1 because that is where the destination is. So I want to enter the following. Use US East1 where the Cloudatch logs lock groups recite. All right, hit enter on this and you can see the following is working once again to help us check out where are all of this. Now with that I click run and you can see the following. Okay, so we have one specific here it was w logs WordPress. It can also do the troubleshooting automatically for you but since I already know where the lock destination is, I can just simply run it ### Segment 3 (10:00 - 14:00) [10:00] for us. Okay. So we click run for this and you can see the following. Starting cloudatch insights query to analyze top offending IP addresses from WordPress wlock locks. Click run on that. Getting the results. Running a more detailed query to get IP addresses and a request counts with blocked actions. Fantastic. Mhm. Running query to get all IP addresses. Mhm. Perfect. So you can see right here total requests are four requests. to block the request that you saw earlier which is the SQL injection of crossite scripting. All right. So you can see the following information right here. What is the offending IP address? I would like to block that offending IP address. Can you help me place the offending IP address into an IP set and add that into my WAF web ACL. Hit enter on this. All right. So, we want to uncover the offending IP and automatically just block it out. Getting the specific IP addresses that were blocked by W. So, I click run on this. Click run again to get the query results. And you can see right here, all right, we have the following information. It's all available and accessible. All right. And it's all analyzed very quickly for us. All right. So that we can add in the protection very quickly. Okay. All right. Try a different approach to get a raw log entries. So it even reads and understand the results and then if it has to, it will try and attempt other methods for you. Perfect. So it found the offending IP address 121. 6244106 from Singapore. So that's exactly where I'm coming from. All right. So this IP was attempting SQL injection and cross-ite scripting attacks on cmd3. php. Now I create an IP set and add it into your W web ACL. Click run on this. Mhm. All right. So it's autocorrecting itself. If it's not giving the right input, all right, the right parameter, it would check, it will evaluate and it will give you a new form of parameter of new form of complete command. It's working right now. All right, it's putting the new IP blocking rule as highest priority. All right, click run on this. So we're updating it. All right. So you can see right here parameter validation fail invalid length for parameter description value and so on. Updating the web ACL with the corrected configuration. So it's correcting itself correcting the configuration for you. Okay, perfect. So it says the following. I've successfully identified the offending IP address, the attack details, created the IP set, and then now we have updated the web access control list. All right. is now permanently blocked at the waft lever. Any future requests from this IP will be immediately blocked before reaching your WordPress site. So this is amazing. Let's go ahead and verify configuration in the console. Right here I'm back into the W web ACL and I can hit over into rules. And in rules I can do a refresh over here and let's see whether we have the new rule being added for us. Click on the rules again. Done. Block malicious IPs. I clicked on this. This will show us the IP set and this is it. It's all done fully automatically for us. Now I head back over in K Linux and I try to run any form of command or even trying to access the site. I do a refresh of the site. I click a resend. Boom. 403. We are now permanently blocked. This is absolutely amazing. Imagine your best friend forever. Hackaloy can now live in your IDE through Q developer. Go ahead, try it out. Let me know how it goes.