Security Engineering on AWS (AWSSO) – Outline

Gedetailleerde cursusinhoud

Day One

Module 0: Course introduction

  • Security in the AWS Cloud
  • AWS Shared Responsibility Model
  • Incident response overview
  • DevOps with security engineering

Module 1: Identifying entry points on AWS

  • Identify the different ways to access the AWS platform
  • Understanding IAM policies
  • IAM permissions boundary
  • Multi-factor authentication
  • AWS CloudTrail
  • Hands-on lab 1: Cross-account access

Module 2: Security considerations: web application environments

  • Threats in a three-tier architecture
  • Common threats: User access
  • Common threats: Data access
  • AWS Trusted Advisor

Module 3: Application security

  • Dedicated Amazon EC2 instances and hosts
  • Amazon machine images (AMIs)
  • Amazon Inspector
  • AWS Systems Manager
  • Hands-on lab 2: Using AWS Systems Manager and Amazon Inspector

Module 4: Securing network communications – part 1

  • Amazon VPC security considerations
  • Responding to compromised instances
  • Elastic Load Balancing
  • AWS Certificate Manager (ACM)

Day Two

Module 5: Data security

  • Data protection strategies
  • Encryption on AWS
  • Protecting data at rest with Amazon S3, Amazon RDS, and Amazon DynamoDB
  • Protecting archived data with Amazon S3 Glacier

Module 6: Security considerations: hybrid environments

  • AWS site-to-site and client VPN connections
  • AWS Direct Connect (DX)
  • AWS Transit Gateway
  • AWS Storage Gateway

Module 7: Monitoring and collecting logs on AWS

  • Amazon CloudWatch and CloudWatch Logs
  • AWS Config
  • Amazon CloudWatch logs
  • Amazon VPC Flow logs
  • Amazon S3 server access logs
  • ELB access logs
  • Hands-on lab 3 part 1: Server log analysis – log collection

Module 8: Processing Logs on AWS

  • Amazon Kinesis for log processing
  • Amazon Athena for log processing
  • Hands-on lab 3 part 2: Server log analysis – log analysis

Module 9: Securing network communications – part 2

  • Amazon VPC peering
  • Amazon VPC endpoints

Module 10: Out-of-region protection

  • Denial of service threats overview
  • Amazon Route 53
  • AWS WAF
  • Amazon CloudFront
  • AWS Shield
  • AWS Firewall Manager
  • DDoS mitigation on AWS

Day Three

Module 11: Account management on AWS

  • AWS Organizations
  • AWS Control Tower
  • AWS Single Sign-On (AWS SSO)
  • AWS Directory Service
  • Hands-on lab 4: Federated access with ADFS

Module 12: Security considerations: serverless environments

  • Amazon Cognito
  • Amazon API Gateway
  • Secure messaging with Amazon SQS and Amazon SNS
  • AWS Lambda
  • Hands-on lab 5: Monitor and respond with AWS Lambda and AWS Config

Module 13: Secrets Management on AWS

  • AWS Key Management Service (AWS KMS)
  • AWS CloudHSM
  • AWS Secrets Manager
  • Hands-on lab 6: Using AWS KMS

Module 14: Automating security on AWS

  • AWS CloudFormation
  • AWS Service Catalog
  • Hands-on lab 7: Security automation on AWS with AWS Service Catalog

Module 15: Threat detection and sensitive data monitoring

  • Amazon GuardDuty
  • Amazon Macie