Security Engineering on AWS

Register Now

• Use the AWS shared security responsibility model.
• Architect and build AWS application infrastructures that are protected against the most common
  security threats.
• Use encryption to protect data at rest and in transit.
• Apply security checks and analyses in an automated and reproducible way.
• Configure authentication for resources and applications in the AWS Cloud.
• Gain insight into events by capturing, monitoring, processing, and analyzing logs.
• Identify and mitigate incoming threats against applications and data.
• Perform security assessm.

Intended audience:
This course is intended for:

• Security Engineers.
• Security Architects.
• Information Security professionals.

Prerequisites:
We recommend that attendees of this course have:

• Working knowledge of IT security practices and infrastructure concepts.
• Familiarity with cloud computing concepts.
• Completed AWS Cloud Practitioner Essentials (Second Edition) free digital course or classroom course, AWS
  Security Fundamentals digital training, and Architecting on AWS classroom training.

• Security in the AWS Cloud.
• AWS Shared Responsibility Model.
• Incident response overview.
• DevOps with security engineering.

Module 1: Identifying entry points on AWS

• Identify the different ways to access the AWS platform.
• Understanding IAM policies.
• IAM permissions boundary.
• Multi-factor authentication.
• AWS CloudTrail.
• Hands-on lab 1: Cross-account access.

Module 2: Security considerations: web application environments

• Threats in a three-tier architecture.
• Common threats: User access.
• Common threats: Data access.
• AWS Trusted Advisor.

Module 3: Application security

• Dedicated Amazon EC2 instances and hosts.
• Amazon machine images (AMIs).
• Amazon Inspector.
• AWS Systems Manager.
• Hands-on lab 2: Using AWS Systems Manager and Amazon Inspector.

Module 4: Securing network communications – part 1

• Amazon VPC security considerations.
• Responding to compromised instances.
• Elastic Load Balancing.
• AWS Certificate Manager (ACM).

Day Two
Module 5: Data security

• Data protection strategies.
• Encryption on AWS.
• Protecting data at rest with Amazon S3, Amazon RDS, and Amazon DynamoDB.
• Protecting archived data with Amazon S3 Glacier.

Module 6: Security considerations: hybrid environments

• AWS site-to-site and client VPN connections.
• AWS Direct Connect (DX).
• AWS Transit Gateway.
• AWS Storage Gateway.

Module 7: Monitoring and collecting logs on AWS

• Amazon CloudWatch and CloudWatch Logs.
• AWS Config.
• Amazon CloudWatch logs.
• Amazon VPC Flow logs.
• Amazon S3 server access logs.
• ELB access logs.
• Hands-on lab 3 part 1: Server log analysis – log collection.

Module 8: Processing Logs on AWS

• Amazon Kinesis for log processing.
• Amazon Athena for log processing.
• Hands-on lab 3 part 2: Server log analysis – log analysis.

Module 9: Securing network communications – part 2

• Amazon VPC peering.
• Amazon VPC endpoints.

Module 10: Out-of-region protection

• Denial of service threats overview.
• Amazon Route 53.
• AWS WAF.
• Amazon CloudFront.
• AWS Shield.
• AWS Firewall Manager.
• DDoS mitigation on AWS.

Day Three
Module 11: Account management on AWS

• AWS Organizations.
• AWS Control Tower.
• AWS Single Sign-On (AWS SSO).
• AWS Directory Service.
• Hands-on lab 4: Federated access with ADFS.

Module 12: Security considerations: serverless environments

• Amazon Cognito.
• Amazon API Gateway.
• Secure messaging with Amazon SQS and Amazon SNS.
• AWS Lambda.
• Hands-on lab 5: Monitor and respond with AWS Lambda and AWS Config.

Module 13: Secrets Management on AWS

• AWS Key Management Service (AWS KMS).
• AWS CloudHSM.
• AWS Secrets Manager.
• Hands-on lab 6: Using AWS KMS.

Module 14: Automating security on AWS

• AWS CloudFormation.
• AWS Service Catalog.
• Hands-on lab 7: Security automation on AWS with AWS Service Catalog.

Module 15: Threat detection and sensitive data monitoring

• Amazon GuardDuty.
• Amazon Macie.