AWS - Security Engineering on AWS

3 days

Course Description

Efficiently use AWS security services, stay secure and compliant in the AWS Cloud!

The three-day intermediate-level course focus and elaborates on how to professionally use AWS security services to stay secure on AWS cloud. It focuses on security features of AWS key services, including compute, storage, networking, and database services. You learn how to leverage AWS services and tools for automation, continuous monitoring and logging, and responding to security incidents.

The Security Engineering on AWS training is recommended for earning the AWS Certified Security-Specialty certification.

Note: Lab time available only for class duration & not beyond. Additional lab charges apply for “repeat students”.

Course Objectives:

  • Use the AWS shared security responsibility model

  • Architect and build AWS application infrastructures that are protected against the most common security threats

  • Use encryption to protect data at rest and in transit

  • Apply security checks and analyses in an automated and reproducible way

  • Configure authentication for resources and applications in the AWS Cloud

  • Gain insight into events by capturing, monitoring, processing, and analyzing logs

  • Identify and mitigate incoming threats against applications and data

  • Perform security assessments to ensure that common vulnerabilities are patched and security best practices are applied

Who Should Attend?

This course is intended for:

  • Security engineers

  • Security architects

  • Security operations

  • Information security

Prerequisites

Recommended

  • AWS Security Fundamentals

  • Familiarity with cloud computing concepts

  • Working knowledge of IT security practices and infrastructure concepts

  • Architecting on AWS

  • AWS Cloud Practitioner Essentials

Course Outline:

Note: The curricula below comprise activities typically covered in a class at this skill level. The instructor may, at his/her discretion, adjust the lesson plan to meet the needs of the class based on regional location and/or language in which the class is served.

  1. Introduction

    • Security in the AWS Cloud
    • AWS Shared Responsibility Model
    • Incident response overview
    • DevOps with security engineering
  2. Identifying entry points on AWS

    • Identify the different ways to access the AWS platform
    • Understanding IAM policies
    • IAM permissions boundary
    • Multi-factor authentication
    • AWS CloudTrail
  3. Security considerations: web application environments

    • Threats in a three-tier architecture
    • Common threats: User access
    • Common threats: Data access
    • AWS Trusted Advisor
  4. Application security

    • Dedicated Amazon EC2 instances and hosts
    • Amazon machine images (AMIs)
    • Amazon Inspector
    • AWS Systems Manager
  5. Securing network communications - part 1

    • Amazon VPC security considerations
    • Responding to compromised instances
    • Elastic Load Balancing
    • AWS Certificate Manager (ACM)
  6. Data security

    • Data protection strategies
    • Encryption on AWS
    • Protecting data at rest with Amazon S3, Amazon RDS, and Amazon DynamoDB
    • Protecting archived data with Amazon S3 Glacier
  7. Security considerations: hybrid environments

    • AWS site-to-site and client VPN connections
    • AWS Direct Connect (DX)
    • AWS Transit Gateway
    • AWS Storage Gateway
  8. Monitoring and collecting logs on AWS

    • Amazon CloudWatch and CloudWatch Logs
    • AWS Config
    • Amazon CloudWatch logs
    • Amazon VPC Flow logs
    • Amazon S3 server access logs
    • ELB access logs
  9. Processing Logs on AWS

    • Amazon Kinesis for log processing
    • Amazon Athena for log processing
  10. Securing network communications - part 2

    • Amazon VPC peering
    • Amazon VPC endpoints
  11. Out-of-region protection

    • Denial of service threats overview
    • Amazon Route 53
    • AWS WAF
    • Amazon CloudFront
    • AWS Shield
    • AWS Firewall Manager
    • DDoS mitigation on AWS
  12. Account management on AWS

    • AWS Organizations
    • AWS Control Tower
    • AWS Single Sign-On (AWS SSO)
    • AWS Directory Service
  13. Security considerations: serverless environments

    • Amazon Cognito
    • Amazon API Gateway
    • Secure messaging with Amazon SQS and Amazon SNS
    • AWS Lambda
  14. Secrets Management on AWS

    • AWS Key Management Service (AWS KMS)
    • AWS CloudHSM
    • AWS Secrets Manager
  15. Automating security on AWS

    • AWS CloudFormation
    • AWS Service Catalog
  16. Threat detection and sensitive data monitoring

    • Amazon GuardDuty
    • Amazon Macie