diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..26d3352
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,3 @@
+# Default ignored files
+/shelf/
+/workspace.xml
diff --git a/.idea/DevOpsBootcampUPES.iml b/.idea/DevOpsBootcampUPES.iml
new file mode 100644
index 0000000..8a05c6e
--- /dev/null
+++ b/.idea/DevOpsBootcampUPES.iml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..dc9ea49
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,4 @@
+
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..850607b
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..35eb1dd
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/k8smanifests/2048.yaml b/k8smanifests/2048.yaml
new file mode 100644
index 0000000..8affc14
--- /dev/null
+++ b/k8smanifests/2048.yaml
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: 2048-game
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: 2048-game
+ template:
+ metadata:
+ labels:
+ app: 2048-game
+ spec:
+ containers:
+ - name: 2048-game
+ image: alexwhen/docker-2048
+ ports:
+ - containerPort: 5858
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: 2048-service
+spec:
+ selector:
+ app: 2048-game
+ ports:
+ - protocol: TCP
+ port: 5858
+ targetPort: 5858
\ No newline at end of file
diff --git a/k8smanifests/grafana.yaml b/k8smanifests/grafana.yaml
new file mode 100644
index 0000000..ed94f0e
--- /dev/null
+++ b/k8smanifests/grafana.yaml
@@ -0,0 +1,55 @@
+#Distribute credentials securely using secrets
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: grafana
+spec:
+ selector:
+ matchLabels:
+ app: grafana
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: grafana
+ spec:
+ containers:
+ - name: grafana
+ image: grafana/grafana
+ ports:
+ - containerPort: 3000
+ env:
+ - name: GF_AUTH_BASIC_ENABLED
+ value: "true"
+ - name: GF_SECURITY_ADMIN_USER
+ valueFrom:
+ secretKeyRef:
+ name: grafana-creds
+ key: username
+ - name: GF_SECURITY_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: grafana-creds
+ key: password
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: grafana
+spec:
+ selector:
+ app: grafana
+ ports:
+ - port: 3000
+ targetPort: 3000
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: grafana-creds
+data:
+ username: #name you want with echo -n "name" | base64
+ password: #password you want with echo -n "password" | base64
+
+---
diff --git a/k8smanifests/grafana_statefullset.yaml b/k8smanifests/grafana_statefullset.yaml
new file mode 100644
index 0000000..1a848da
--- /dev/null
+++ b/k8smanifests/grafana_statefullset.yaml
@@ -0,0 +1,71 @@
+#Before you apply the below manifest, delete your grafana deployment by:
+#kubectl delete deployment grafana
+
+#Before we start, we need to enable the EBS CSI plugin in EKS, allowing the cluster
+#to create EBS for individual pods (should be done only once per cluster).
+# In your EKS cluster main page, choose the Add-ons tab.
+# Choose Add new.
+# Select Amazon EBS CSI Driver for Name.
+# Add your cluster node role the AmazonEBSCSIDriverPolicy permission.
+
+#The below example will create an
+#EBS volume in AWS which dedicated to store Grafana data for a single pod.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: grafana
+spec:
+ replicas: 1
+ serviceName: grafana-svc
+ selector:
+ matchLabels:
+ app: grafana
+ template:
+ metadata:
+ name: grafana
+ labels:
+ app: grafana
+ spec:
+ securityContext:
+ runAsUser: 472
+ runAsGroup: 8020
+ fsGroup: 8020
+ containers:
+ - name: grafana
+ image: grafana/grafana
+ ports:
+ - name: grafana
+ containerPort: 3000
+ env:
+ - name: GF_AUTH_BASIC_ENABLED
+ value: "true"
+ - name: GF_SECURITY_ADMIN_USER
+ valueFrom:
+ secretKeyRef:
+ name: grafana-creds
+ key: username
+ - name: GF_SECURITY_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: grafana-creds
+ key: password
+ volumeMounts:
+ - name: grafana-datasources-vol
+ mountPath: "/etc/grafana/provisioning/datasources"
+ - name: grafana-storage
+ mountPath: "/var/lib/grafana"
+ volumes:
+ - name: grafana-datasources-vol
+ configMap:
+ name: grafana-datasources
+ volumeClaimTemplates:
+ - metadata:
+ name: grafana-storage
+ spec:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: gp2
+ resources:
+ requests:
+ storage: 5Gi
+
+
diff --git a/k8smanifests/ingress.yaml b/k8smanifests/ingress.yaml
new file mode 100644
index 0000000..54afec4
--- /dev/null
+++ b/k8smanifests/ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: game-ingress
+spec:
+ rules:
+ - host: nishant-2048.upes-int-devops.com
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: game-service
+ port:
+ number: 80
+ ingressClassName: nginx
\ No newline at end of file
diff --git a/k8smanifests/live-readprobe.yaml b/k8smanifests/live-readprobe.yaml
new file mode 100644
index 0000000..d81d44e
--- /dev/null
+++ b/k8smanifests/live-readprobe.yaml
@@ -0,0 +1,70 @@
+#liveness probe
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ test: liveness
+ name: liveness-exec
+spec:
+ containers:
+ - name: liveness
+ image: registry.k8s.io/busybox
+ args:
+ - /bin/sh
+ - -c
+ - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600
+ livenessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/healthy
+ initialDelaySeconds: 5
+ periodSeconds: 5
+
+---
+#liveness using HTTP get request
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ test: liveness
+ name: liveness-http
+spec:
+ containers:
+ - name: liveness
+ image: registry.k8s.io/liveness
+ args:
+ - /server
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8080
+ httpHeaders:
+ - name: Custom-Header
+ value: Awesome
+ initialDelaySeconds: 3
+ periodSeconds: 3
+
+---
+#readiness probe
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ test: liveness
+ name: liveness-exec
+spec:
+ containers:
+ - name: liveness
+ image: registry.k8s.io/busybox
+ args:
+ - /bin/sh
+ - -c
+ - touch /tmp/healthy; sleep 30; rm -f /tmp/healthy; sleep 600
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /tmp/healthy
+ initialDelaySeconds: 5
+ periodSeconds: 5
\ No newline at end of file
diff --git a/k8smanifests/mem-cpudemo.yaml b/k8smanifests/mem-cpudemo.yaml
new file mode 100644
index 0000000..94d44af
--- /dev/null
+++ b/k8smanifests/mem-cpudemo.yaml
@@ -0,0 +1,35 @@
+#cpu-demo
+apiVersion: v1
+kind: Pod
+metadata:
+ name: cpu-demo
+spec:
+ containers:
+ - name: cpu-demo-ctr
+ image: vish/stress
+ args:
+ - -cpus
+ - "2"
+ resources:
+ limits:
+ cpu: "1"
+ requests:
+ cpu: "0.5"
+
+---
+#memory demo
+apiVersion: v1
+kind: Pod
+metadata:
+ name: memory-demo
+spec:
+ containers:
+ - name: memory-demo-ctr
+ image: polinux/stress
+ command: ["stress"]
+ args: ["--vm", "1", "--vm-bytes", "150M", "--vm-hang", "1"]
+ resources:
+ requests:
+ memory: "50Mi"
+ limits:
+ memory: "100Mi"
\ No newline at end of file
diff --git a/k8smanifests/nginx-deployment.yaml b/k8smanifests/nginx-deployment.yaml
new file mode 100644
index 0000000..4dacdc5
--- /dev/null
+++ b/k8smanifests/nginx-deployment.yaml
@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx-deployment
+spec:
+ selector:
+ matchLabels:
+ app: nginx
+ replicas: 2 # tells deployment to run 2 pods matching the template
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: nginx:1.14.2
+ ports:
+ - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: mynginx
+spec:
+ selector:
+ app: nginx
+ ports:
+ - port: 8080
+ targetPort: 80
+
+
+#Apply the file by kubectl apply -f youryamlname.yaml
\ No newline at end of file
diff --git a/projects/bash_networking_security/SOLUTION b/projects/bash_networking_security/SOLUTION
index 2edfbaf..7bc7257 100644
--- a/projects/bash_networking_security/SOLUTION
+++ b/projects/bash_networking_security/SOLUTION
@@ -1,16 +1,16 @@
Local DNS Server IP
-------------------
-
-
-
+127.0.0.53
Default gateway IP
-------------------
-
-
-
+10.0.0.1
DHCP IP allocation sys-logs
-------------------
-
+Jun 19 09:42:53 ip-10-0-0-216 dhclient[377]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x13d73e2a)
+Jun 19 09:42:53 ip-10-0-0-216 dhclient[377]: DHCPOFFER of 10.0.0.216 from 10.0.0.1
+Jun 19 09:42:53 ip-10-0-0-216 dhclient[377]: DHCPREQUEST for 10.0.0.216 on eth0 to 255.255.255.255 port 67 (xid=0x2a3ed713)
+Jun 19 09:42:53 ip-10-0-0-216 dhclient[377]: DHCPACK of 10.0.0.216 from 10.0.0.1 (xid=0x13d73e2a)
+
diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh
old mode 100644
new mode 100755
index a9bf588..112c84e
--- a/projects/bash_networking_security/bastion_connect.sh
+++ b/projects/bash_networking_security/bastion_connect.sh
@@ -1 +1,23 @@
#!/bin/bash
+COMMAND=$3
+
+# Check if the KEY_PATH environment variable is set
+if [ -z "$KEY_PATH" ]; then
+ echo "KEY_PATH env var is expected"
+ exit 5
+fi
+
+# Check if the public instance IP is provided
+if [ -z "$1" ]; then
+ echo "Please provide bastion IP address"
+ exit 5
+fi
+
+# If both public and private instance IPs are provided, connect to the private instance via the public instance
+if [ -n "$2" ]; then
+ ssh -ti "$KEY_PATH" ubuntu@"$1" ssh -i "nishant-pro.pem" ubuntu@"$2" "$COMMAND"
+
+# Otherwise, connect to the public instance
+else
+ ssh -i "$KEY_PATH" ubuntu@"$1"
+fi
diff --git a/projects/bash_networking_security/cert-ca-aws.pem b/projects/bash_networking_security/cert-ca-aws.pem
new file mode 100644
index 0000000..947d4eb
--- /dev/null
+++ b/projects/bash_networking_security/cert-ca-aws.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFizCCA3OgAwIBAgIUemcqecG7c1QdD56aG+JjIuH1SNQwDQYJKoZIhvcNAQEL
+BQAwVTELMAkGA1UEBhMCSUwxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAwwFTmFtZTEwHhcNMjMw
+NDE5MTEyMzU4WhcNMjQwNDE4MTEyMzU4WjBVMQswCQYDVQQGEwJJTDETMBEGA1UE
+CAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
+MQ4wDAYDVQQDDAVOYW1lMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AMkIV3cm0Y9FyTHg53JODRpYQx+eR6q78BarnzXOKU21TYVYKEYH0MNskrN95ogO
+2lnG/kXDFxd1i+zaRTsYX//DK+b506tZSwRfA+siXpMJBUiQ5ryfavGw9QhlnuAX
+mZUf8NujsAXY3qitH/kwUwccknChvwihLZcKDqo3rSOuim0LDQhMJx0gOlRtNCjO
+4RqFnhLXh2Vcln05T86ACE3BKGC5LT74mSV+o3WvzDrvLODx8TJ9P199q9ixSCFB
+QowzhriaA1Rh2JDQGug2qpoYZgHIAuBj0Bdzpjm3GpNAzrMvl/UfWfFBVkMz00ZF
+8aNG81pMHMN7iJ+rE9SbceaWF1PQhizIoejQ6bjSrqCg7hCXxpdNwTceEVwimARQ
+pOaosONvhMAM5ud7KbClm57cJwmZSw+2PtpUUWZs3UAhfcFOaEZ2IHM5hUIktmqp
+mIkhk0TUjebB0DED26T/f1afMJhy7qfQ2hKynUC8/LMvIJ2yDmZ/CWhqpWb9vnuN
+4o+UaLvEN7B9LiiMJSqdKjRJHpKpihILrZd2YvlcZCISKMFuFHXwJbCyZB82un8q
+dq68rM9Qb84qpqxdWPlpB5Gpslh9IBs6G/KBq8tF/tfS+pOu6IxILczejlBOMgTb
+qXPYtfrjWIoeYp+zaGGtM5oLA4R6ES90jI1yXP/v/hpNAgMBAAGjUzBRMB0GA1Ud
+DgQWBBTL7POPxIP5De9H7yj2xS4znhqhXDAfBgNVHSMEGDAWgBTL7POPxIP5De9H
+7yj2xS4znhqhXDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCz
+BVeXPhFA6zAT4cwryq4Z3xxMl27+jfdHzL3ftj1shq7MMQTwJh1DGEossR5D+npi
+zeznGx4mmLUemATQrs0v21aKxevImz8iI+HkhVzRCNLl785IxC+Nq+Cxp0jYY6Xd
+8ZblQdFuTCJapTidvtEbqhhVK8tT0iiw6+KOV6hpE51/C19v1muxQahCyk+AKqvf
+b3Z4GzL7QIyH49LKVZofjKNSqcBhj1sVycujyXgSrqQZNWyUYhgg1B284xuGIa0x
+9WHcD7xWToKgGOgg9B8GTqfshXeALMS4eT1XHu/UHCCW5JuK+mQuLovjWDib8rW2
+iLpj6/lHsUPTfSkL0AVKgfd4gTwxjDYu2AK1vkvv+ViPh3R4lfxUUo23unTPmpVP
+FcPVcVC0UzqfusTxm5FG5IKkAnAZBm+HNG3Mcc0AMdpL2PuvGS+nXvPs3/MdWKgu
+d04z7X4JsNpRkFwwvS02AsEFA2NpPTY9omedRE/APPrr0LoYsXqmRYz+bwsGDqwB
+bOaVH/0OKjmes5QdzgzsB2uXdhuEvoGSt0PN3G+al/Gut0BZ917gCe5Vtw/9MIEX
+rakUkeBHUMtqIyTvf+vtF8vb0vRPHloeyZGTgLenZuGl98KZlvGAsElR8ZHiO1IX
+3pu+eTiDtwCSOirD2qefKaX8XHm9mFk/sd8PAVM0RA==
+-----END CERTIFICATE-----
diff --git a/projects/bash_networking_security/cert.pem b/projects/bash_networking_security/cert.pem
new file mode 100644
index 0000000..d8c2611
--- /dev/null
+++ b/projects/bash_networking_security/cert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFizCCA3OgAwIBAgIUemcqecG7c1QdD56aG+JjIuH1SNQwDQYJKoZIhvcNAQEL
+BQAwVTELMAkGA1UEBhMCSUwxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAwwFTmFtZTEwHhcNMjMw
+NDE5MTEyMzU4WhcNMjQwNDE4MTEyMzU4WjBVMQswCQYDVQQGEwJJTDETMBEGA1UE
+CAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
+MQ4wDAYDVQQDDAVOYW1lMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AMkIV3cm0Y9FyTHg53JODRpYQx+eR6q78BarnzXOKU21TYVYKEYH0MNskrN95ogO
+2lnG/kXDFxd1i+zaRTsYX//DK+b506tZSwRfA+siXpMJBUiQ5ryfavGw9QhlnuAX
+mZUf8NujsAXY3qitH/kwUwccknChvwihLZcKDqo3rSOuim0LDQhMJx0gOlRtNCjO
+4RqFnhLXh2Vcln05T86ACE3BKGC5LT74mSV+o3WvzDrvLODx8TJ9P199q9ixSCFB
+QowzhriaA1Rh2JDQGug2qpoYZgHIAuBj0Bdzpjm3GpNAzrMvl/UfWfFBVkMz00ZF
+8aNG81pMHMN7iJ+rE9SbceaWF1PQhizIoejQ6bjSrqCg7hCXxpdNwTceEVwimARQ
+pOaosONvhMAM5ud7KbClm57cJwmZSw+2PtpUUWZs3UAhfcFOaEZ2IHM5hUIktmqp
+mIkhk0TUjebB0DED26T/f1afMJhy7qfQ2hKynUC8/LMvIJ2yDmZ/CWhqpWb9vnuN
+4o+UaLvEN7B9LiiMJSqdKjRJHpKpihILrZd2YvlcZCISKMFuFHXwJbCyZB82un8q
+dq68rM9Qb84qpqxdWPlpB5Gpslh9IBs6G/KBq8tF/tfS+pOu6IxILczejlBOMgTb
+qXPYtfrjWIoeYp+zaGGtM5oLA4R6ES90jI1yXP/v/hpNAgMBAAGjUzBRMB0GA1Ud
+DgQWBBTL7POPxIP5De9H7yj2xS4znhqhXDAfBgNVHSMEGDAWgBTL7POPxIP5De9H
+7yj2xS4znhqhXDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCz
+BVeXPhFA6zAT4cwryq4Z3xxMl27+jfdHzL3ftj1shq7MMQTwJh1DGEossR5D+npi
+zeznGx4mmLUemATQrs0v21aKxevImz8iI+HkhVzRCNLl785IxC+Nq+Cxp0jYY6Xd
+8ZblQdFuTCJapTidvtEbqhhVK8tT0iiw6+KOV6hpE51/C19v1muxQahCyk+AKqvf
+b3Z4GzL7QIyH49LKVZofjKNSqcBhj1sVycujyXgSrqQZNWyUYhgg1B284xuGIa0x
+9WHcD7xWToKgGOgg9B8GTqfshXeALMS4eT1XHu/UHCCW5JuK+mQuLovjWDib8rW2
+iLpj6/lHsUPTfSkL0AVKgfd4gTwxjDYu2AK1vkvv+ViPh3R4lfxUUo23unTPmpVP
+FcPVcVC0UzqfusTxm5FG5IKkAnAZBm+HNG3Mcc0AMdpL2PuvGS+nXvPs3/MdWKgu
+d04z7X4JsNpRkFwwvS02AsEFA2NpPTY9omedRE/APPrr0LoYsXqmRYz+bwsGDqwB
+bOaVH/0OKjmes5QdzgzsB2uXdhuEvoGSt0PN3G+al/Gut0BZ917gCe5Vtw/9MIEX
+rakUkeBHUMtqIyTvf+vtF8vb0vRPHloeyZGTgLenZuGl98KZlvGAsElR8ZHiO1IX
+3pu+eTiDtwCSOirD2qefKaX8XHm9mFk/sd8PAVM0RA==
+-----END CERTIFICATE-----
+
diff --git a/projects/bash_networking_security/encSampleMsg.txt b/projects/bash_networking_security/encSampleMsg.txt
new file mode 100644
index 0000000..f86a383
--- /dev/null
+++ b/projects/bash_networking_security/encSampleMsg.txt
@@ -0,0 +1 @@
+U2FsdGVkX19K3YJdeDc/rKiFx+CGVBVPo+n1o4R8RczR/nQ4pmtPD9apioCQUjTK6pr+LDt+41nKWh7pfSlAhnPnAAkAQnQrnDPJzrMLAYc=
diff --git a/projects/bash_networking_security/encSampleMsgReady.txt b/projects/bash_networking_security/encSampleMsgReady.txt
new file mode 100644
index 0000000..f8720c7
Binary files /dev/null and b/projects/bash_networking_security/encSampleMsgReady.txt differ
diff --git a/projects/bash_networking_security/masterKey.txt b/projects/bash_networking_security/masterKey.txt
new file mode 100644
index 0000000..5eafda1
--- /dev/null
+++ b/projects/bash_networking_security/masterKey.txt
@@ -0,0 +1 @@
+woW4pl2wI6iupQzsrcUvL1oBBZkkxBU/+UyZxpYIxqw=
diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh
old mode 100644
new mode 100755
index a9bf588..d4ff0e4
--- a/projects/bash_networking_security/tlsHandshake.sh
+++ b/projects/bash_networking_security/tlsHandshake.sh
@@ -1 +1,52 @@
-#!/bin/bash
+#!/bin/bash -x
+
+# Step 1 - Client Hello (Client -> Server)
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+ "version": "1.3",
+ "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
+ "message": "Client Hello"
+}' http://18.191.191.154:8080/clienthello)
+
+# Step 2 - Server Hello (Server -> Client)
+SESSION_ID=$(jq -r '.sessionID' <<< "$RESPONSE")
+
+echo "$RESPONSE" | jq -r '.serverCert' > cert.pem
+
+
+# Step 3 - Server Certificate Verification
+wget https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem -O cert-ca-aws.pem
+
+VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)
+
+if [ "$VERIFICATION" != "cert.pem: OK" ]; then
+ echo "Server Certificate is invalid"
+ exit 5
+fi
+
+
+# Step 4 - Client-Server master-key exchange
+openssl rand -out masterKey.txt -base64 32
+
+MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 -w 0)
+
+
+# Step 5 - Server verification message
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+ "sessionID": "'"$SESSION_ID"'",
+ "masterKey": "'"$MASTER_KEY"'",
+ "sampleMessage": "Hi server, please encrypt me and send to client!"
+}' http://18.191.191.154:8080/keyexchange)
+
+
+# Step 6 - Client verification message
+echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
+cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt
+
+decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)
+
+if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
+ echo "Server symmetric encryption using the exchanged master-key has failed."
+ exit 6
+else
+ echo "Client-Server TLS handshake has been completed successfully"
+fi
\ No newline at end of file
diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh
index 951abba..c2991ca 100644
--- a/projects/bash_networking_security/vpc.sh
+++ b/projects/bash_networking_security/vpc.sh
@@ -1,4 +1,4 @@
-REGION=""
-VPC_ID=""
-PUBLIC_INSTANCE_ID=""
-PRIVATE_INSTANCE_ID=""
\ No newline at end of file
+REGION="us-east-2"
+VPC_ID="vpc-02babaccdfc64e095"
+PUBLIC_INSTANCE_ID="18.191.191.154"
+PRIVATE_INSTANCE_ID="10.0.1.115"
\ No newline at end of file