Time required: 2 Hours
In this lab, you will stop a simulated DDoS attack. You have three instances. One of the private instances is pinging your primary instance. You need to determine which one it is and block ONLY that instance to clear the alarm. If you block both instances, your boss will not be very happy as this is a "production" website.
Note: This lab may take a long time to deploy. The lab itself will take up to 5 minutes. The CloudWatch alarm could take another 5 after that. Once you have configured your Flow Logs, it could take up to 10 minutes before the proper logs are shown.
You have a CloudWatch alarm on your instance. You need to use Flow Logs to find the attacker and block this attacker.