📄️ 1 · Baseline (compliant)
Orient yourself in the Lambda MicroVM lab: the 16 built-in CTL.LAMBDA.MICROVM.* controls, the obs.v0.1 shape they read, and the capture → transform → evaluate loop. Build a compliant configuration and watch every control pass.
📄️ 2 · Over-privileged role
Plant an over-privileged MicroVM execution role (s3:*, secretsmanager:*, iam:PassRole) with a trust policy missing sts:TagSession, detect it with two built-in controls, remediate to least privilege, and re-verify to zero findings.
📄️ 3 · Missing TagSession
A least-privilege MicroVM execution role whose trust policy lacks sts:TagSession. One control fires; add TagSession and re-verify to zero. Shows a single-control test in isolation.
📄️ 3B · Over-Broad TagSession
A least-privilege MicroVM execution role whose trust policy grants sts:TagSession through an sts:* wildcard. The mirror of Lab 3 — there TagSession is missing; here it is present but granted over-broadly. One control fires; scope the actions and re-verify to zero.
📄️ 4 · Compound path
The finding per-resource scanners structurally cannot see. A MicroVM role reaches a production secret through an assume-role hop — each hop passes its individual check. Soufflé and Z3 compute the reachability; remediation breaks the chain.
📄️ 5 · Public S3 bucket
The S3 bucket holding a MicroVM image's source (Dockerfile + code zip) has Block Public Access off and versioning disabled. Two supply-chain controls fire; enable PAB + versioning and re-verify to zero.
📄️ 6 · Excessive idle/runtime
A MicroVM with maxIdleDurationSeconds and total runtime at the 8-hour ceiling. Two runtime controls fire; lower both within the org limit and re-verify. Shows an asserted signal the AWS API doesn't echo.
📄️ 7 · Secrets in snapshot
An image whose init code loads a secret at module scope, so it's baked into the Firecracker memory snapshot and persists in every MicroVM launched from it. One control fires; defer secret loading to a runtime hook and re-verify.