In this instructor-led course students will learn how to efficiently use AWS security services for optimal security and compliancy in the AWS cloud. This course focuses on the AWS-recommended best practices that you can implement to enhance the security of your data and systems in the cloud. The course highlights the security features of AWS key services including compute, storage, networking, and database services. This course also refers to the common security control objectives and regulatory compliance standards.

Course Instructor: Dennis Chow

Course Outline

01. Introduction to Amazon AWS Security

  • Amazon Security basics
  • AWS Security and compliance

02. Associate Level Review

  • Global infrastructure review
  • Elastic Compute Cloud (EC2)
  • Lambda
  • VPC review
  • S3 review
  • EC2 load balancers

03. Services Review

  • IAM review
  • KMS
  • CloudWatch, CloudTrail, and config
  • Firewall
  • More security and Identity Services

04. Incident Response

  • Incident Response
  • Steps for installing Inspector Agent and SSM Agent
  • Configuring alarms

05. Identity and Access Management

  • Policy evaluation order
  • IAM users and rules
  • Best practices for IAM users and account security
  • Cross account access
  • AWS organization
  • SCP guard rails
  • Account security status
  • AWS cognito and web identity federation

06. Infrastructure Security

  • VPCs
  • Setting up VPCs
  • Network Access Control Lists (NACLs)
  • VPC peering
  • VPC endpoints
  • VPC endpoint policies
  • Systems manager setup
  • AWS system manager patch management
  • AWS system manager parameter store
  • AWS system manager run command
  • Amazon inspector
  • AWS load balancers
  • Security with AWS CloudFront
  • AWS Trusted Advisor
  • Web application firewall
  • AWS Shield
  • AWS Guard Duty
  • Amazon Macie
  • AWS Artifact
  • AWS network firewall
  • AWS Lambda security
  • Penetration testing

07. Logging and Monitoring

  • Cloud monitoring tools
  • Working with CloudWatch
  • Working with Simple Storage Service (S3)
  • Working with CloudTrail
  • CloudTrail Cross-Account logging
  • Working with CloudWatch
  • AWS config and conformance packs
  • VPC Flow logs and AWS Athena

08. Data Protection

  • S3 Overview
  • IAM policies, bucket policies, and ACLs
  • S3 encryption
  • S3 pre-signed url
  • S3 cross region replication
  • Amazon S3 access tiering and Glacier
  • KMS overview and operations
  • AWS KMS key policies and grants
  • Using KMS with S3 and EBS
  • Using VPC endpoints with KMS
  • Deleting customer KMS keys
  • Cloud HSM
  • EC2 encryption with key pairs
  • Using certificate manager with CloudFront

Skills Learned

After completing this online training course, students will be able to:

  • Identify security benefits and responsibilities of using the AWS Cloud
  • Describe the access control and management features of AWS
  • Understand the different methods to secure data
  • Describe how to secure network access to your AWS resources
  • Determine which AWS services can be used for monitoring and incident response