Back to Course

Introduction to AWS Security

0% Complete
0/0 Steps
  1. Introduction

    About the course and authors
  2. AWS cloud architecture
  3. Security concerns with our architecture
  4. Regions and Availability Zones (AZs)
  5. Shared responsibility in the cloud
  6. [Cheat Sheet] AWS Security Services
  7. Create a billing alert to avoid surprise bills
  8. Infrastructure Security
    VPC networks
  9. Default VPCs
  10. [DEMO] Creating VPCs and Subnets
  11. How many VPCs should you use?
  12. [DEMO] Subnet, Route Table, and Gateway Configurations
  13. [LAB] [Challenge] Create a VPC with public and private subnets
  14. [LAB] Launching an EC2 instance
  15. [DEMO] Security Groups (SGs)
  16. Security Groups Best Practices
  17. [DEMO] Network Access Control Lists (NACLs)
  18. [Cheat Sheet] SGs vs. NACLs
  19. [LAB] [Challenge] Configure security groups and NACLs to specific requirements
  20. Elastic Load Balancers
  21. [DEMO] AWS WAF
  22. [LAB] [Challenge] Deploy AWS WAF ACL for Application Load Balancer
  23. [DEMO] AWS Network Firewall - Part 1
  24. [DEMO] AWS Network Firewall - Part 2
  25. AWS Shield for DDoS Protection
  26. [LAB] Reduce AWS attack surface with port scanning and Security Groups
  27. AWS Firewall Manager
  28. Identity and Access Management (IAM)
    Key Concepts of IAM in AWS
  29. [DEMO] Getting started with IAM in AWS
  30. [DEMO] Creating our first admin user
  31. Assigning permissions with policies
  32. [Cheat Sheet] Anatomy of an AWS IAM Policy
  33. [DEMO] Using Identity Center AWS SSO
  34. IAM Roles
  35. [DEMO] Creating a role for EC2 instances to access S3 buckets
  36. End-User Management with Amazon Cognito
  37. IAM Access Analyzer
  38. [DEMO] IAM Access Analyzer Unused Access
  39. [LAB] Check policies for new access before deployment with IAM Access Analyzer
  40. [LAB] Check IAM policies against a deny list with IAM Access Analyzer
  41. [LAB] IAM Credentials Report
  42. Data Protection
    Data protection in the cloud
  43. EBS Data Protection and Encryption
  44. [LAB] Encrypt Existing Unencrypted EBS Volumes and Snapshots
  45. Amazon RDS Data Protection and Encryption
  46. Key Management with AWS KMS
  47. [Cheat Sheet] Getting Started with AWS KMS
  48. [DEMO] Creating a Symmetric Encryption KMS Key
  49. [Cheat Sheet] Encrypt and Decrypt Data with KMS and Data Keys
  50. [LAB] Encrypt and Decrypt Data with KMS and Data Keys
  51. Amazon S3 Bucket Protection
    Understanding Bucket Ownership
  52. [LAB] Creating Buckets and Uploading Objects in S3
  53. Managing Access to Buckets
  54. [Cheat Sheet] S3 Bucket Policies vs. ACLs vs. IAM Policies
  55. [LAB] [Challenge] Create an IAM role for secure access to S3 based on a scenario
  56. Using Signed URLs
  57. [LAB] S3 Presigned URLs
  58. Encrypting S3 Data
  59. [DEMO] Enable S3 Object Versioning
  60. [Cheat Sheet] Amazon S3 Protection Summary
  61. [Cheat Sheet] Create a least privilege S3 bucket policy
  62. AWS Log Types and Auditing Options
  63. Logging, Monitoring, and Incident Response
    [DEMO] Enable S3 Server Access Logs
  64. AWS CloudTrail
  65. Amazon CloudWatch
  66. [DEMO] CloudTrail Security Automation with CloudWatch Logs and SNS
  67. [LAB] Amazon VPC Flow Logs
  68. Proper Logging and Monitoring
  69. Amazon GuardDuty
  70. [LAB] [DEMO] Enable Threat Detection with GuardDuty
  71. [DEMO] Amazon EventBridge
  72. AWS Config
  73. AWS Systems Manager
  74. [LAB] Secure EC2 Access with SSM Session Manager and KMS
  75. [DEMO] AWS Config Automated Remediation with SSM
  76. [LAB] Automated S3 Remediation to Enforce Block Public Access
  77. [LAB] Remediate Open SSH Security Groups with AWS Config and SSM
  78. Amazon Detective
  79. [DEMO] Amazon Inspector
  80. [LAB] Find vulnerable Lambda Functions with Amazon Inspector
  81. About Amazon Macie
  82. [DEMO] Deploying Amazon Macie
  83. [DEMO] AWS Security Hub CSPM
  84. [DEMO] Must-have AWS monitoring and alerting with SSK
  85. [DEMO] AWS Organizations
  86. Multi-Account Security
    [DEMO] Centrally managing root access
  87. [DEMO] AWS SCPs and Management Policies
  88. [DEMO] Resource Control Policies (RCPs)
  89. AWS Control Tower
  90. [DEMO] Using RAM to share resources across accounts
  91. About IaC
  92. Infrastructure as Code (IaC)
    [DEMO] Deploying resources with CloudFormation
  93. [DEMO] Deploying a Lambda function with CloudFormation
  94. [DEMO] Multi-account and multi-region deployments
  95. [DEMO] Detecting drift
  96. [LAB] CloudFormation Guard
  97. [DEMO] Using AWS Service Catalog - Part 1
  98. [DEMO] Using AWS Service Catalog - Part 2
  99. [DEMO] Getting started with the Cloud Development Kit (CDK)
  100. [DEMO] Deploying a project with the CDK
  101. Wrap-up and Key Takeaways
    What next?
Lesson 6 of 101
In Progress

[Cheat Sheet] AWS Security Services

Christophe October 30, 2023

As you begin this course, here’s a cheat sheet that gives a high-level overview of AWS’ security-focused services and how they fit into each security category. We will cover most of these services in this course, so feel free to download this as a reference point!

AWS Security Services Cheat Sheet

Responses

Your email address will not be published. Required fields are marked *

  1. Thank you for the AWS security cheat sheet, very helpful to see it organized in a way that allows me to quickly call back to a particular topic