COMPLETE BEFORE WEEK 1
Week 0: Environment Setup
Install and configure every tool you'll use across the 8-week bootcamp. Complete all steps below before starting Lab 1.
Estimated time: 45–60 minutes
Create your AWS account
Go to aws.amazon.com/free and click "Create a Free Account." You'll need a credit card (you won't be charged for Free Tier usage), an email address, and a phone number for verification.
COST WARNING
The Free Tier covers most services we'll use. The one exception is NAT Gateways (~$32/month). We'll create and delete these only when actively labbing. I'll remind you every time.
Secure the root account
Log into the AWS Console. Go to IAM → Security credentials → Assign MFA device. Choose "Virtual MFA device." Scan the QR code with Google Authenticator or Authy (download from your phone's app store if you don't have one). Enter two consecutive codes to complete setup.
NON-NEGOTIABLE
If your root account is compromised without MFA, an attacker has unlimited access to your AWS organization — they can delete everything, create resources, and rack up charges. Do this now.
Create an IAM admin user
Never use the root account for daily work. In the AWS Console, go to IAM → Users → Create user.
Username: bootcamp-admin
Check "Provide user access to the AWS Management Console"
Attach the AdministratorAccess policy directly (we'll lock this down in Week 1 Lab 1).
On the final screen, click Create access key → choose "Command Line Interface (CLI)" → create the key. Download the CSV or copy both values somewhere secure:
# Your values will be different
Access Key ID: AKIAIOSFODNN7EXAMPLE
Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
SECURITY NOTE
Never commit these keys to git, paste them in Slack, or store them in plain text files. We'll replace this admin user with a scoped one in Week 1 Lab 1.
Configure a secure AI helper for labs
Throughout this bootcamp, you'll use an AI assistant (ChatGPT, Claude, or similar) to help debug errors, explain concepts, and draft configurations. Set it up safely now.
Task:
- Create a free account on your chosen AI platform (ChatGPT, Claude, Gemini, etc.).
- In your first message, paste this system-level instruction:
You are my secure cloud security tutor for an 8-week bootcamp.
Never ask me to paste API keys, AWS credentials, or internal hostnames.
If I accidentally paste secrets, remind me to rotate them immediately.
Explain concepts clearly and point out security risks in any code or config I show you.
AI FUNDAMENTALS
System prompt = instructions the AI follows across the entire conversation.
User prompt = each individual question you ask.
By setting a security-focused system prompt, you reduce the risk of accidentally leaking sensitive data.
Document your AI acceptable-use policy
AI tools can accelerate learning, but they can also leak data if you're not careful. Define your personal rules now.
Task: Create a file called ai-use-policy.md in your bootcamp notes folder (or a section in your README) with these three rules:
# AI Acceptable Use Policy
## I will NEVER paste into AI tools:
- AWS Access Keys or Secret Keys
- Customer data or PII
- Internal IP addresses or hostnames
- Proprietary company code (if working professionally)
## I CAN paste into AI tools:
- Sanitized logs (with IPs/IDs removed)
- Public documentation or error messages
- Generic configuration templates
## If I accidentally paste a secret:
1. Rotate the credential immediately via AWS Console
2. Delete the AI conversation thread
3. Document the incident in my lab notes
AI SECURITY PRINCIPLE
AI providers may use your inputs to improve their models. Even if they promise not to, treat every prompt as potentially logged or reviewed by humans. Data classification (public vs internal vs secret) is a core security practice that applies to AI tools just like any other third-party service.
SECTION CHECKPOINT
- AWS Free Tier account created and verified
- MFA enabled on root account
- IAM admin user created with access key downloaded
- AI helper configured with security-focused system prompt
- AI acceptable-use policy documented in notes
Install AWS CLI v2
$ sudo apt update && sudo apt install -y unzip curl
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
$ unzip awscliv2.zip
$ sudo ./aws/install
$ rm -rf awscliv2.zip aws/
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
$ unzip awscliv2.zip
$ sudo ./aws/install
$ rm -rf awscliv2.zip aws/
Verify installation
$ aws --version
aws-cli/2.x.x Python/3.x.x Linux/x86_64
If it returns a version starting with 2., you're good. Version 1.x won't work for some labs.
Configure credentials
Use the Access Key ID and Secret Access Key from the previous section:
$ aws configure
AWS Access Key ID [None]: paste your Access Key ID
AWS Secret Access Key [None]: paste your Secret Access Key
Default region name [None]: us-east-1
Default output format [None]: json
REGION
Use us-east-1 for all labs. Some AWS services launch in us-east-1 first, and our IAM policies are scoped to this region. Stay consistent throughout the bootcamp.
Test your credentials
$ aws sts get-caller-identity
{
"UserId": "AIDAEXAMPLEID",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/bootcamp-admin"
}
If you see your account ID and username, your CLI is configured correctly. If you get an error, double-check that you pasted the access key and secret key correctly.
SECTION CHECKPOINT
- AWS CLI v2 installed (aws --version returns 2.x)
- Credentials configured with aws configure
- aws sts get-caller-identity returns your account info
Install Docker
# Download Docker Desktop from docker.com/products/docker-desktop
# Or install via Homebrew:
$ brew install --cask docker
# Open Docker Desktop from Applications to start the daemon
# Option A: Install Docker Desktop for Windows (recommended)
# Download from docker.com/products/docker-desktop
# Enable WSL 2 integration in Docker Desktop settings
# Option B: Install Docker Engine directly in WSL
$ sudo apt update
$ sudo apt install -y ca-certificates curl
$ sudo install -m 0755 -d /etc/apt/keyrings
$ sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
-o /etc/apt/keyrings/docker.asc
$ echo "deb [arch=$(dpkg --print-architecture) \
signed-by=/etc/apt/keyrings/docker.asc] \
https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
$ sudo apt update && sudo apt install -y docker-ce docker-ce-cli containerd.io
$ sudo usermod -aG docker $USER
# Log out and back in for group change to take effect
$ sudo apt update
$ sudo apt install -y ca-certificates curl
$ sudo install -m 0755 -d /etc/apt/keyrings
$ sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
-o /etc/apt/keyrings/docker.asc
$ echo "deb [arch=$(dpkg --print-architecture) \
signed-by=/etc/apt/keyrings/docker.asc] \
https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
$ sudo apt update && sudo apt install -y docker-ce docker-ce-cli containerd.io
$ sudo usermod -aG docker $USER
Verify installation
$ docker --version
Docker version 27.x.x, build xxxxxxx
$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
If docker run gives a permission error, either log out and back in (for the group change) or prefix with sudo.
Install kubectl
$ curl -LO "https://dl.k8s.io/release/$(curl -L -s \
https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
$ sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
$ rm kubectl
$ curl -LO "https://dl.k8s.io/release/$(curl -L -s \
https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
$ sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
$ rm kubectl
Install kind (Kubernetes in Docker)
kind lets you run local Kubernetes clusters inside Docker containers. We'll use it for Weeks 4–6 before moving to EKS.
$ [ $(uname -m) = x86_64 ] && curl -Lo ./kind \
https://kind.sigs.k8s.io/dl/v0.25.0/kind-linux-amd64
$ chmod +x ./kind
$ sudo mv ./kind /usr/local/bin/kind
$ [ $(uname -m) = x86_64 ] && curl -Lo ./kind \
https://kind.sigs.k8s.io/dl/v0.25.0/kind-linux-amd64
$ chmod +x ./kind
$ sudo mv ./kind /usr/local/bin/kind
Verify both tools
$ kubectl version --client
Client Version: v1.x.x
$ kind version
kind v0.25.0 go1.x.x linux/amd64
NOTE
Don't create a kind cluster yet — we'll do that in Week 4 with specific security configurations. For now, just verify the binaries are installed.
Run the full verification script
Copy and paste this entire block. It checks every tool in one shot:
$ echo "═══════════════════════════════════════"
echo "RAPID CYBER AI — Environment Verification"
echo "═══════════════════════════════════════"
echo ""
echo -n "AWS CLI: " && aws --version 2>&1 | head -1 || echo "NOT INSTALLED"
echo -n "AWS Auth: " && aws sts get-caller-identity --query 'Arn' --output text 2>&1 || echo "NOT CONFIGURED"
echo -n "Terraform: " && terraform version 2>&1 | head -1 || echo "NOT INSTALLED"
echo -n "Docker: " && docker --version 2>&1 || echo "NOT INSTALLED"
echo -n "kubectl: " && kubectl version --client --short 2>&1 || echo "NOT INSTALLED"
echo -n "kind: " && kind version 2>&1 || echo "NOT INSTALLED"
echo ""
echo "═══════════════════════════════════════"
echo "If all lines show versions, you're ready."
echo "═══════════════════════════════════════"
Install bonus tools (optional but recommended)
These tools are used in specific labs. You can install them now or when you reach those weeks:
# jq — JSON processor (used constantly)
$ sudo apt install -y jq
# Trivy — container image scanner (Week 3)
$ sudo apt install -y wget apt-transport-https
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | \
gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] \
https://aquasecurity.github.io/trivy-repo/deb generic main" | \
sudo tee /etc/apt/sources.list.d/trivy.list
sudo apt update && sudo apt install -y trivy
# Checkov — IaC security scanner (Week 2)
$ pip3 install checkov --break-system-packages
# Helm — Kubernetes package manager (Week 4+)
$ curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
Set up your text editor
You'll be editing JSON, YAML, Terraform, and Dockerfiles throughout the bootcamp. VS Code with the following extensions is recommended:
HashiCorp Terraform — syntax highlighting + autocomplete for .tf files
Docker — Dockerfile syntax + container management
Kubernetes — YAML validation for K8s manifests
YAML — general YAML support
AWS Toolkit — AWS resource browsing (optional)
YOU'RE READY FOR WEEK 1
- AWS Free Tier account with MFA on root
- IAM admin user with CLI access configured
- AWS CLI v2 returning your account identity
- Terraform installed and returning a version
- Docker installed and running hello-world
- kubectl and kind installed
- Text editor set up with relevant extensions