Security on AWS provides a comprehensive examination of the foundational elements of the shared security responsibility model between AWS and its customers. Throughout this course, you will learn the essential techniques for enabling security, auditing, and compliance in AWS environments by using the tools, services, and features provided by the platform. You will also explore access control mechanisms in AWS for all resource types and develop proficiency in securing your network, servers, data, and applications within the AWS cloud using native AWS security services. By the end of this course, you will understand the complete AWS security landscape, encompassing all aspects of end-to-end software and hardware security, along with logging, auditing, and compliance functions for your IT environment in the AWS cloud. Finally, the course concludes with AWS best practices for implementing comprehensive security across your infrastructure and applications.
What You Will Learn:
- Learn about AWS Identity Management and Access Control mechanisms
- Gain the knowledge needed to create and secure your private network in AWS
- Understand and secure your infrastructure and compute resources in AWS
- Understand monitoring, logging, and auditing capabilities in AWS
- Ensure comprehensive data security in AWS environments
- Explore AWS security best practices for your organization
Course Outline
Overview of Security in AWS
- AWS shared security responsibility model and principles
- AWS security responsibilities and obligations
- Customer security responsibilities in AWS
- AWS account security features and controls
- AWS security services and tools
- AWS security resources and documentation
- Summary and key takeaways
AWS Identity and Access Management
- IAM features and tools overview
- IAM authentication mechanisms
- IAM authorization and policies
- Password policies and enforcement
- AWS credentials and credential management
- IAM limitations and constraints
- IAM best practices and recommendations
- Summary and key takeaways
AWS Virtual Private Cloud
- VPC components and structure
- VPC features and benefits
- VPC use cases and applications
- VPC security and network isolation
- Creating and configuring a VPC
- VPC service limits and quotas
- VPC best practices
- Summary and key takeaways
Data Security in AWS
- Encryption and decryption fundamentals
- Securing data at rest with encryption
- Securing data in transit with encryption
- AWS Key Management Service (KMS)
- AWS CloudHSM for key management
- Amazon Macie for data discovery and protection
- Summary and key takeaways
Securing Servers in AWS
- EC2 security best practices and guidelines
- EC2 security features and capabilities
- Amazon Inspector for vulnerability assessment
- AWS Shield for DDoS protection
- Summary and key takeaways
Securing Applications in AWS
- AWS Web Application Firewall (WAF) capabilities
- Signing AWS API requests for security
- Amazon Cognito for user authentication
- Amazon API Gateway for API management
- Summary and key takeaways
Monitoring in AWS
- AWS CloudWatch monitoring service
- Monitoring Amazon EC2 instances and resources
- Summary and key takeaways
Logging and Auditing in AWS
- Logging capabilities and implementation in AWS
- AWS CloudWatch Logs for centralized logging
- AWS CloudTrail for API auditing
- Auditing practices and compliance in AWS
- AWS Artifact for compliance reports
- AWS Config for configuration management
- AWS Trusted Advisor for operational recommendations
- AWS Service Catalog for resource governance
- Summary and key takeaways
AWS Security Best Practices
- Shared security responsibility model review
- IAM security best practices
- VPC security best practices
- Data security best practices
- Security of servers and infrastructure
- Application security best practices
- Monitoring, logging, and auditing best practices
- AWS Cloud Adoption Framework (CAF) security perspective
- Summary and key takeaways
