I. Overview:

Security is a concern for both customers in the cloud, and those considering cloud adoption. An increase in cyberattacks and data leaks remains top of mind for most industry personnel. The Security Engineering on AWS course addresses these concerns by helping you better understand how to interact and build with Amazon Web Services (AWS) in a secure way. In this course, you will learn about managing identities and roles, managing and provisioning accounts, and monitoring API activity for anomalies. You will also learn about how to protect data stored on AWS. The course explores how you can generate, collect, and monitor logs to help identify security incidents. Finally, you will review detecting and investigating security incidents with AWS services.

II. Duration: 24 hours (3 days)

III. Objectives:

• Understand AWS cloud security based on the Confidentiality, Integrity, and Availability (CIA) triad
• Create and analyze authentication and authorization with AWS Identity and Access Management (IAM)
• Manage and provision accounts on AWS with appropriate AWS services
• Identify how to manage secrets using AWS services
• Monitor sensitive information and protect data through encryption and access controls
• Identify AWS services that address attacks from external sources
• Monitor, generate, and collect logs
• Identify indicators of security incidents
• Identify how to investigate and mitigate threats using AWS services.

IV. Intended Audience:

• Security engineers
• Security architects
• Cloud architects.

V. Prerequisites:

Completion of the following courses: AWS Security Essentials or AWS Security Fundamentals, 2nd edition, Architecting on AWS. Working knowledge of IT security practices and infrastructure concepts. Familiarity with the AWS Cloud.

VI. Course outlines:

1. Module 1: Security Overview

• Overview
• Security Overview
• Security Priorities
• Threat Modeling
• Tech Talk: Getting Started with Security
• Knowledge Check

2. Module 2: Access and Authorizations on AWS

• Overview
• Accessing the AWS Cloud
• Getting Started with IAM
• Demo: AWS CloudTrail
• Compromised Long-Term Credentials
• Tech Talk: AWS Well-Architected Framework Tool
• Overly Permissive and Misconfigured Policies
• IAM Policy Operation and Analysis
• Delegating and Constraining Permissions
• Anomalous IAM Entity Behavior
• Knowledge Check
• Lab 1: Using Identity and Resource Based Policies

3. Module 3: Account Management

• Overview
• Managing Multiple AWS Accounts
• AWS Control Tower
• Demo: AWS Control Tower
• Federation and IAM Identity Center
• Amazon Cognito and Web Identity Providers
• Demo: AWS Organizations
• Knowledge Check
• Lab 2: Managing Domain User Access with AWS Directory Service

4. Module 4: Managing Key and Secrets on AWS

• Overview
• Managing Keys and Secrets on AWS
• AWS KMS
• Demo: AWS KMS
• CloudHSM
• Protecting Data In-Transit
• AWS Secrets Manager
• Knowledge Check
• Lab 3: Using AWS KMS to Encrypt Secrets in Secrets Manager

5. Module 5: Data Security

• Overview
• Protecting Data: Amazon S3
• Amazon S3 Data Encryption
• Amazon S3 Access Control
• Amazon S3 Data Resiliency
• Tech Talk: Amazon S3 Object Lock and Versioning
• Protecting Data: Amazon RDS Databases
• Protecting Data: Amazon DynamoDB Databases
• Protecting Data: EBS Volumes
• Protecting Archival Data
• Knowledge Check
• Lab 4: Data Security in Amazon S3

6. Module 6: Infrastructure and Edge Protection

• Overview
• Protecting Infastructure Inside the VPC
• Traffic Flows in Your VPC
• VPC Endpoints
• Reliable and Controlled Access
• Demo: Amazon Route 53 Health Check
• Protection from External Threats
• Demo: Web Application Firewall Rules
• Knowledge Check
• Lab 5: Using AWS WAF to Mitigate Malicious Traffic

7. Module 7: Logging and Monitoring

• Overview
• Importance of Security Monitoring
• Monitoring to Identify Threats
• Tech Talk: AWS Config
• Monitoring Using Logs
• VPC Flow Logging
• Access Logs
• Logging API Activity with AWS CloudTrail
• Visibility and Alarms with CloudWatch Logs
• Log Analytics
• The AWS Centralized Logging Solution
• Mirroring Traffic for Fine-Grained Analysis
• Knowledge Check
• Lab 6: Monitoring for and Responding to Security Incidents

8. Module 8: Responding to Threats

• Overview
• Incident Response
• Gathering and Prioritize Information
• Demo: AWS Security Hub
• Threat Detection
• Demo: AWS GuardDuty
• Investigate Security Findings
• Respond to Security Findings
• Infrastructure Domain Incidents
• Service Domain Incidents
• Knowledge Check
• Lab 7: Incident Response