Back to Course

Introduction to AWS Security

0% Complete
0/0 Steps

  1. Introduction

    About the course and authors
  2. AWS cloud architecture
  3. Security concerns with our architecture
  4. Regions and Availability Zones (AZs)
  5. Shared responsibility in the cloud
  6. [Cheat Sheet] AWS Security Services
  7. [LAB] Create a billing alert to avoid surprise bills
  8. Infrastructure Security
    VPC networks
  9. Default VPCs
  10. [DEMO] Creating VPCs and Subnets
  11. How many VPCs should you use?
  12. [DEMO] Subnet, Route Table, and Gateway Configurations
  13. [LAB] [Challenge] Create a VPC with public and private subnets
  14. [DEMO] Security Groups (SGs)
  15. Security Groups Best Practices
  16. [DEMO] Network Access Control Lists (NACLs)
  17. [Cheat Sheet] SGs vs. NACLs
  18. [LAB] [Challenge] Configure security groups and NACLs to specific requirements
  19. Elastic Load Balancers
  20. [DEMO] AWS WAF
  21. [LAB] [Challenge] Deploy AWS WAF ACL for Application Load Balancer
  22. [DEMO] AWS Network Firewall - Part 1
  23. [DEMO] AWS Network Firewall - Part 2
  24. AWS Shield for DDoS Protection
  25. AWS Firewall Manager
  26. Identity and Access Management (IAM)
    Key Concepts of IAM in AWS
  27. [DEMO] Getting started with IAM in AWS
  28. [DEMO] Creating our first admin user
  29. Assigning permissions with policies
  30. [Cheat Sheet] Anatomy of an AWS IAM Policy
  31. [DEMO] Using Identity Center AWS SSO
  32. IAM Roles
  33. [DEMO] Creating a role for EC2 instances to access S3 buckets
  34. End-User Management with Amazon Cognito
  35. Data Protection
    Data protection in the cloud
  36. EBS Data Protection and Encryption
  37. Amazon RDS Data Protection and Encryption
  38. Key Management with AWS KMS
  39. [DEMO] Creating a Symmetric Encryption KMS Key
  40. Amazon S3 Bucket Protection
    Understanding Bucket Ownership
  41. Managing Access to Buckets
  42. [Cheat Sheet] S3 Bucket Policies vs. ACLs vs. IAM Policies
  43. [LAB] [Challenge] Create an IAM role for secure access to S3 based on a scenario
  44. Using Signed URLs
  45. Encrypting S3 Data
  46. [DEMO] Enable S3 Object Versioning
  47. [Cheat Sheet] Amazon S3 Protection Summary
  48. [Cheat Sheet] Create a least privilege S3 bucket policy
  49. Logging, Monitoring, and Incident Response
    AWS Log Types and Auditing Options
  50. [DEMO] Enable S3 Server Access Logs
  51. AWS CloudTrail
  52. Amazon CloudWatch
  53. [DEMO] CloudTrail Security Automation with CloudWatch Logs and SNS
  54. [DEMO] Amazon VPC Flow Logs
  55. Proper Logging and Monitoring
  56. Amazon GuardDuty
  57. [LAB] [DEMO] Enable Threat Detection with GuardDuty
  58. [DEMO] Amazon EventBridge
  59. AWS Config
  60. AWS Systems Manager
  61. [DEMO] AWS Config Automated Remediation with SSM
  62. Amazon Detective
  63. [LAB] [DEMO] Amazon Inspector
  64. [DEMO] Amazon Macie
  65. [DEMO] AWS Security Hub
  66. [DEMO] Must-have AWS monitoring and alerting with SSK
  67. Multi-Account Security
    [DEMO] AWS Organizations
  68. [DEMO] AWS SCPs and Management Policies
  69. AWS Control Tower
  70. Wrap-up and Key Takeaways
    What now?
Introduction to AWS Security About the course and authors
Lesson 1 of 70
In Progress

About the course and authors

Christophe October 18, 2022

Access the interactive diagram’s table of contents here. (It may ask you to create a free account in order to view. You do not need paid features to view this course’s content so you can ignore that!)

Hello, and welcome to our course!

About the authors

This course was developed and produced in a collaboration between myself, Christophe Limpalair, and Konstantinos Papapanagiotou, who goes by Kostas.

Kostas is a Cyber Security Consultant with over 19 years of security and IT consulting and research experience. He’s also been a volunteer for the OWASP nonprofit organization for over 17 years, and is an OWASP Chapter Leader in Greece.

For more details about his background and experience, please visit his LinkedIn profile.

About the authors Christophe and Kostas

I’m the founder and an author at Cybr, where I’ve published many courses on topics of ethical hacking. You may also know me from Linux Academy, where I taught multiple AWS courses including AWS certification courses. I taught for the AWS Certified Developer, AWS Certified SysOps, AWS Certified DevOps Engineer Professional, and the AWS Cloud Practitioner certifications.

If you’re familiar with Linux Academy, we provided hands-on labs that auto-deployed resources for learners with various scenarios. I was one of the first employees there to work on the labs platform, to add new features, and to defend against frequent attacks where malicious actors tried to use our lab environments to mine for cryptocurrencies or to launch attacks from our resources.

Example of labs built in the past

Through that and other experiences, I learned how to properly design and secure AWS environments and resources, so I’ve been able to add to Kostas’ material based on my own experiences.

All that to say: between Kostas and me, we have years of experience working in AWS and building as well as securing production environments, and we’re going to share that experience in this course to help you get started learning how to secure AWS resources.

(For more details about my background, check out my LinkedIn profile.)

About the course

This course will cover many basic aspects of security in AWS. To do that, we will make use of interactive diagrams as well as walkthroughs of the AWS console to be able to visualize what we’re talking about and to go beyond just theory. We call this Project Phoenix (based on our logo!), and we’re super excited for you to try it and to hear your feedback!

Example diagram we will be using in the course

We begin by looking at a common multi-tier AWS architecture so that we can then start to think about security concerns with that architecture. We then discuss AWS Regions and Availability Zones which are important to understand when launching resources in the cloud, because they can have an impact on business continuity.

After that, we talk about shared responsibility. Shared responsibility helps us understand what parts of the cloud are our responsibility to secure and maintain, and what parts are the cloud provider’s responsibility. Misunderstanding responsibility has been the result of many costly breaches in the cloud, so this is definitely a topic we need to cover before getting started.

After covering these topics in the introduction section of the course, we start talking about how you can secure your AWS infrastructure and the solutions that AWS provides for securing your cloud network.

In the next section, we learn about how AWS helps you deal with Identity and Access management in the cloud, which has to do with creating and managing users, policies, roles, and overall permissions, and also how to manage application end-users.

Protecting data in the cloud is one of the main worries of organizations that are moving to the cloud, especially if they’re handling sensitive data. In the following section, we analyze how AWS helps you encrypt, control access, and protect your data, according to that data’s sensitivity and your organization’s security requirements by looking at data protection concepts.

Data protection is so important, that we even created a dedicated section to protecting Amazon S3 buckets and objects. Amazon S3 is another common source of breaches due to misconfiguration, so this is an important section.

Finally, we have a section dedicated to logging, monitoring, and auditing. Once we have security controls in place, we want to make sure that we have the proper logging and monitoring in place to keep eyes on our environments. We need to be able to understand how our systems our operating at all times, and we need to know whether someone is trying to breach or has succeeded in breaching our defenses. Logs can also be crucial in maintaining regulatory compliance…so overall, logging and monitoring is another important section.

Conclusion

This was a very fun course to create, and so I hope you have just as much fun learning from it!

Thanks for joining us on this journey, and let’s get started!

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts

Please allow a few minutes for this process to complete.

Report

You have already reported this .