more details about vpc

Enumeration/AWS.md

@@ -583,6 +583,86 @@ Transit Gateway allows multiple hops between VPCs through other VPCs.
 Client VPN is a simple VPN connection to the VPCs of an AWS account in use
 leveraging MFA authentication.
 
+#### Bind Public IP Address to Access a VPC
+
+A public Ip address is needed to have ingress on an EC2 VM.
+
+Allocate a public Ip address via aws cli
+
+```sh
+aws ec2 allocate-address
+```
+
+Find details about the ENI of the  EC2 instance you want to bind the Ip address
+to via aws cli.
+
+```sh
+aws ec2 describe-instances | jq '.Reservations[].Instances[].NetworkInterfaces[]'
+```
+Use found AllocationId and NetworkInterfaceId from the steps before. Attach the
+Ip address to the ENI via aws cli.
+
+```sh
+aws ec2 associate-address --allocation-id <AllocationId> --network-interface-id <NetworkInterfaceId>
+```
+
+##### Make the Ip address accessible from the Internet through an Internet Gateway
+
+Get the InternetGatewayId first via aws cli
+
+```sh
+internet_gateway_id=$(aws ec describe-internet-gateways | jq '.InternetGateways[].InternetGatewayId' -r)
+```
+
+Query the RouteTableId of a specific Tag (of an EC2) via aws cli.
+
+```sh
+route_table_id=$(aws ec2 desribe-route-tables | jq .'RouteTables[] | select(.Tags[] | select(.Key == "Name" and .Value == "MyGivenTag")) | .RouteTableId' -r)
+```
+
+Add the route through the InternetGateway via aws cli.
+
+```sh
+aws ec2 create-route --route-table-id $route_table_id --destination-cidr-block 0.0.0.0/0 --gateway-id  $internet_gateway_id
+```
+
+##### Modify the Security Group for Ingress from the Internet via aws cli
+
+Pick a desired Security Group via aws cli.
+
+```sh
+aws ec2 describe-security-groups | jq .
+```
+
+Create a rule for the security group to allow every connection via aws cli.
+
+```sh
+aws ec2 authorize-security-group-ingress --protocoll all --port 0-65535 --cidr 0.0.0.0/0 --group-id <GroupId>
+```
+
+##### Modify ACL for Access
+
+List available ACLs and find the desired `NetworkAclId` through aws cli.
+
+```sh
+aws ec2 describe-network-acls | jq .
+```
+
+Use this `NetworkAclId` to create an ingress rule on position 1 through any
+protocol on any address via aws cli.
+
+```sh
+aws ec2 create-network-acl-entry --cidr-block 0.0.0.0/0 --ingress --protocol -1 --rule-action allow --rule-number 1 --network-acl-id <NetworkAclId>
+```
+
+Create an egress rule as well via aws cli.
+
+```sh
+aws ec2 create-network-acl-entry --cidr-block 0.0.0.0/0 --egress --protocol -1 --rule-action allow --rule-number 1 --network-acl-id <NetworkAclId>
+```
+
+Now the VPC and EC2 is accessible through the internet.
+
 ### Metadata Service
 
 The instance (Openstack) Metadata service can be found under 169.254.169.254.
@@ -944,8 +1024,9 @@ via curl.
 curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/iam/security-credentials/${role_name}
 ```
 
-PS: 
-If you want to activate IMDSv2 an instance ID is needed to activate it through aws cli.
+PS:
+If you want to activate IMDSv2 an instance ID is needed to activate it through
+aws cli.
 
 ```sh
 instance_id=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
@@ -966,8 +1047,10 @@ List available ENIs through the webshell of the account.
 aws ec2 describe-network-interfaces
 ```
 
+
 #### EC2 & ELastic Block Storage (EBS)
 
+
 An EC2 instance has EBS as its set block device, either SSD or HDD.
 
 EBS storage is persistent, snapshots can be created.
@@ -1097,3 +1180,16 @@ List available load-balancers via aws cli.
 aws elbv2 describe-load-balancers --query Loadbalancers[].DNSName --output text
 ```
 
+### Encryption Services
+
+#### Key Management Service (KMS)
+
+Create encryption keys to be used on AWS services through their API.
+Encryption of storage can also be done through KMS keys.
+
+#### Amazon Certificate Manger (ACM)
+
+Manage certificate so 2e2 encryption through TLS which are then used for other
+AWS services.
+
+#### DNS & Route53