Back to Course
Introduction to AWS Security
0% Complete
0/0 Steps
-
Introduction
About the course and authors -
AWS cloud architecture
-
Security concerns with our architecture
-
Regions and Availability Zones (AZs)
-
Shared responsibility in the cloud
-
[Cheat Sheet] AWS Security Services
-
Create a billing alert to avoid surprise bills
-
Infrastructure SecurityVPC networks
-
Default VPCs
-
[DEMO] Creating VPCs and Subnets
-
How many VPCs should you use?
-
[DEMO] Subnet, Route Table, and Gateway Configurations
-
[LAB] [Challenge] Create a VPC with public and private subnets
-
[LAB] Launching an EC2 instance
-
[DEMO] Security Groups (SGs)
-
Security Groups Best Practices
-
[DEMO] Network Access Control Lists (NACLs)
-
[Cheat Sheet] SGs vs. NACLs
-
[LAB] [Challenge] Configure security groups and NACLs to specific requirements
-
Elastic Load Balancers
-
[DEMO] AWS WAF
-
[LAB] [Challenge] Deploy AWS WAF ACL for Application Load Balancer
-
[DEMO] AWS Network Firewall - Part 1
-
[DEMO] AWS Network Firewall - Part 2
-
AWS Shield for DDoS Protection
-
AWS Firewall Manager
-
Identity and Access Management (IAM)Key Concepts of IAM in AWS
-
[DEMO] Getting started with IAM in AWS
-
[DEMO] Creating our first admin user
-
Assigning permissions with policies
-
[Cheat Sheet] Anatomy of an AWS IAM Policy
-
[DEMO] Using Identity Center AWS SSO
-
IAM Roles
-
[DEMO] Creating a role for EC2 instances to access S3 buckets
-
End-User Management with Amazon Cognito
-
IAM Access Analyzer
-
[DEMO] IAM Access Analyzer Unused Access
-
[LAB] Check policies for new access before deployment with IAM Access Analyzer
-
[LAB] Check IAM policies against a deny list with IAM Access Analyzer
-
Data ProtectionData protection in the cloud
-
EBS Data Protection and Encryption
-
[LAB] Encrypt Existing Unencrypted EBS Volumes and Snapshots
-
Amazon RDS Data Protection and Encryption
-
Key Management with AWS KMS
-
[Cheat Sheet] Getting Started with AWS KMS
-
[DEMO] Creating a Symmetric Encryption KMS Key
-
[Cheat Sheet] Encrypt and Decrypt Data with KMS and Data Keys
-
[LAB] Encrypt and Decrypt Data with KMS and Data Keys
-
Amazon S3 Bucket ProtectionUnderstanding Bucket Ownership
-
[LAB] Creating Buckets and Uploading Objects in S3
-
Managing Access to Buckets
-
[Cheat Sheet] S3 Bucket Policies vs. ACLs vs. IAM Policies
-
[LAB] [Challenge] Create an IAM role for secure access to S3 based on a scenario
-
Using Signed URLs
-
[LAB] S3 Presigned URLs
-
Encrypting S3 Data
-
[DEMO] Enable S3 Object Versioning
-
[Cheat Sheet] Amazon S3 Protection Summary
-
[Cheat Sheet] Create a least privilege S3 bucket policy
-
Logging, Monitoring, and Incident ResponseAWS Log Types and Auditing Options
-
[DEMO] Enable S3 Server Access Logs
-
AWS CloudTrail
-
Amazon CloudWatch
-
[DEMO] CloudTrail Security Automation with CloudWatch Logs and SNS
-
[DEMO] Amazon VPC Flow Logs
-
Proper Logging and Monitoring
-
Amazon GuardDuty
-
[LAB] [DEMO] Enable Threat Detection with GuardDuty
-
[DEMO] Amazon EventBridge
-
AWS Config
-
AWS Systems Manager
-
[LAB] Secure EC2 Access with SSM Session Manager and KMS
-
[DEMO] AWS Config Automated Remediation with SSM
-
[LAB] Remediate Open SSH Security Groups with AWS Config and SSM
-
Amazon Detective
-
[LAB] [DEMO] Amazon Inspector
-
[DEMO] Amazon Macie
-
[DEMO] AWS Security Hub
-
[DEMO] Must-have AWS monitoring and alerting with SSK
-
Multi-Account Security[DEMO] AWS Organizations
-
[DEMO] AWS SCPs and Management Policies
-
AWS Control Tower
-
Wrap-up and Key TakeawaysWhat did you think of the course?
-
What now?
Lesson available soon
Responses