Overview
-
Implement AWS securely. Learn about the different security tools within AWS—Identity and Access Management (IAM), Key Management Service (KMS), and more—as well as how to use them.
Syllabus
-
Introduction
- AWS security overview
- What you should know
- Understanding shared responsibility
- Understanding the AWS security landscape
- Understanding separation of duties
- Implementing separation of duties
- Understanding CloudTrail
- Enabling CloudTrail
- Understanding Organizations
- Installing the command line interface (CLI) for Mac
- The command line interface (CLI) for Windows
- Understanding Identity and Access Management
- Understanding IAM policies
- Configuring IAM policies
- Understanding IAM groups
- Configuring IAM groups
- Configuring a password policy
- Configuring IAM users: Web console
- Challenge: IAM
- Solution: IAM
- Understanding IAM roles
- Configuring IAM roles
- Validating an IAM role
- Understanding Security Token Service
- Creating a temporary access role
- Creating a temporary access policy
- Validating temporary access
- Challenge: Super admin
- Solution: Super admin
- Illustrating access restrictions
- Exploring IAM policy simulator
- Understanding federated access
- Enabling federated access
- Securing financial access
- Enabling financial access
- Understanding Control Tower
- Exploring S3 management options
- Accessing S3 privately
- Configuring private S3 access
- Managing S3 with IAM
- Restricting S3 access with IAM
- Validating custom IAM S3 policy
- Leveraging a custom IAM S3 policy
- Creating an S3 bucket policy
- Illustrating an S3 bucket policy with the CLI
- Understanding S3 access control lists
- Understanding public access in S3
- Exploring presigned URLs
- Reviewing S3 security
- Understanding Key Management Service
- Creating a KMS key
- Creating a multi-Region KMS key
- Using a KMS with S3 objects
- Using KMS and an IAM role
- Automating KMS key rotation
- Deleting a KMS key
- Enabling default EBS encryption
- Understanding Secrets Manager
- Using Secrets Manager
- Enabling autorotation with Secrets Manager
- Creating a multi-Region secret
- Understanding Systems Manager
- Using Systems Manager Parameter Store
- Understanding AWS CloudHSM
- Understanding AWS Config
- Enabling AWS Config
- Exploring AWS Config results
- Using conformance packs
- Understanding AWS GuardDuty
- Exploring AWS GuardDuty
- Understanding Amazon Macie
- Configuring a Macie job
- Exploring Macie results
- Understanding IAM Access Analyzer
- Understanding Amazon Detective
- Exploring Amazon Detective
- Understanding Amazon Inspector
- Exploring Amazon Inspector
- Resolving an Inspector finding
- Understanding Web Application Firewall
- Exploring Web Application Firewall
- Configuring Web Application Firewall
- Validating Web Application Firewall
- Understanding AWS Shield
- Understanding Certificate Manager
- Configuring a private certificate authority
- Creating a private certificate
- Using a private certificate
- Understanding AWS Security Hub
- Using AWS Security Hub
- Rotating access keys
- Understanding AWS Artifact
- Understanding Trusted Advisor
- Exploring Trusted Advisor
- Preparing for a security audit
- Next steps
