Security Engineering on AWS

Course code

SE-AWS

Duration

3 Days, 24 Acad. Hours

Download pdf

Course Overview

Objectives

Prerequisites

Course Outline

Course Overview

Course description

Learn how to use AWS security services to stay secure in the AWS Cloud. Enhance the security of your data and systems in the cloud with AWS-recommended security practices. In this course, you’ll explore the security features of AWS key services, including compute, storage, networking, and database services. You’ll also learn how to use AWS services and tools for automation, continuous monitoring and logging, and responding to security incidents.

Objectives

Course objectives

This course is designed to teach you how to:

Use the AWS shared security responsibility model
Architect and build AWS application infrastructures that are protected against the most common security threats
Use encryption to protect data at rest and in transit
Apply security checks and analyses in an automated and reproducible way
Configure authentication for resources and applications in the AWS Cloud
Gain insight into events by capturing, monitoring, processing, and analyzing logs
Identify and mitigate incoming threats against applications and data
Perform security assessments to ensure that common vulnerabilities are patched and security best practices are applied

Prerequisites

Intended audience

This course is intended for:

Security Engineers
Security Architects
Information Security professionals

Prerequisites

We recommend that attendees of this course have:

Working knowledge of IT security practices and infrastructure concepts
Familiarity with cloud computing concepts
Completed AWS Cloud Practitioner Essentials (Second Edition) free digital course or classroom course, AWS Security Fundamentals digital training, and Architecting on AWS classroom training

Course Outline

Day One

Module 0: Course introduction

Security in the AWS Cloud
AWS Shared Responsibility Model
Incident response overview
DevOps with security engineering

Module 1: Identifying entry points on AWS

Identify the different ways to access the AWS platform
Understanding IAM policies
IAM permissions boundary
Multi-factor authentication
AWS CloudTrail
Hands-on lab 1: Cross-account access

Module 2: Security considerations: web application environments

Threats in a three-tier architecture
Common threats: User access
Common threats: Data access
AWS Trusted Advisor

Module 3: Application security

Dedicated Amazon EC2 instances and hosts
Amazon machine images (AMIs)
Amazon Inspector
AWS Systems Manager
Hands-on lab 2: Using AWS Systems Manager and Amazon Inspector

Module 4: Securing network communications – part 1

Amazon VPC security considerations
Responding to compromised instances
Elastic Load Balancing
AWS Certificate Manager (ACM)

Day Two

Module 5: Data security

Data protection strategies
Encryption on AWS
Protecting data at rest with Amazon S3, Amazon RDS, and Amazon DynamoDB
Protecting archived data with Amazon S3 Glacier

Module 6: Security considerations: hybrid environments

AWS site-to-site and client VPN connections
AWS Direct Connect (DX)
AWS Transit Gateway
AWS Storage Gateway

Module 7: Monitoring and collecting logs on AWS

Amazon CloudWatch and CloudWatch Logs
AWS Config
Amazon CloudWatch logs
Amazon VPC Flow logs
Amazon S3 server access logs
ELB access logs
Hands-on lab 3 part 1: Server log analysis – log collection

Module 8: Processing Logs on AWS

Amazon Kinesis for log processing
Amazon Athena for log processing
Hands-on lab 3 part 2: Server log analysis – log analysis

Module 9: Securing network communications – part 2

Amazon VPC peering
Amazon VPC endpoints

Module 10: Out-of-region protection

Denial of service threats overview
Amazon Route 53
AWS WAF
Amazon CloudFront
AWS Shield
AWS Firewall Manager
DDoS mitigation on AWS Day Three

Module 11: Account management on AWS

AWS Organizations
AWS Control Tower
AWS Single Sign-On (AWS SSO)
AWS Directory Service
Hands-on lab 4: Federated access with ADFS

Module 12: Security considerations: serverless environments

Amazon Cognito
Amazon API Gateway
Secure messaging with Amazon SQS and Amazon SNS
AWS Lambda
Hands-on lab 5: Monitor and respond with AWS Lambda and AWS Config

Module 13: Secrets Management on AWS

AWS Key Management Service (AWS KMS)
AWS CloudHSM
AWS Secrets Manager
Hands-on lab 6: Using AWS KMS

Module 14: Automating security on AWS

AWS CloudFormation
AWS Service Catalog
Hands-on lab 7: Security automation on AWS with AWS Service Catalog

Module 15: Threat detection and sensitive data monitoring

Amazon GuardDuty
Amazon Macie

Back to trainings (Security)

Request the training

Security Engineering on AWS

Course code:

SE-AWS

Duration:

3 Days, 24 Acad. Hours

Apply

Download pdf