Overview
-
Learn how to use AWS advanced security services, techniques, and tools to secure cloud-based architecture.
Syllabus
-
Introduction
- Welcome
- What you should know
- About using cloud services
- AWS Shared Security Responsibility Model overview
- Well-architected five security principles
- Core AWS account tools
- Core AWS IAM objects
- AWS organizations and root account
- Object tagging
- Billing management
- CloudWatch logs and alerts
- CloudTrail analysis with Athena
- Trusted Advisor security alerts
- IAM users and groups
- IAM policies
- IAM roles
- Design user authentication
- User authentication using AWS Simple AD
- Secure authentication with Cognito
- Secure user authentication using AD Federation
- Infrastructure and threat models
- VPC and security groups
- VPC Flow Logs and GuardDuty
- Certificate Manager and WAF to secure load balancers
- Inspector to monitor EC2 configurations
- Config for locking service deployment
- Service Catalog for AMI deployment
- Systems Manager for OS management
- Data classification and protection
- Use Macie to locate sensitive data
- Encryption on AWS
- AWS IAM Key Management Service
- Data protection at rest in S3
- Encrypt data in transit and VPC endpoints
- Data backup, replication, and recovery
- Application security concerns
- Secure a serverless website
- Secure a dynamic website
- Secure an internal business application
- Secure a big data pipeline
- Secure an IoT and machine learning application
- Prepare for a security audit
- Next steps
