Skip to navigation (Press Enter)
Skip to search (Press Enter)
Skip to course offerings (Press Enter)
Skip to content (Press Enter)

AWSSO

Online training

Duration
3 days

Price (excl. tax)

2,195.— €

Dates and Booking

Classroom training

Duration
3 days

Price (excl. tax)

Netherlands: 2,195.— €
Belgium: 2,195.— €

Dates and Booking

Amazon Web Services

Security Engineering on AWS (AWSSO) – Outline

Detailed Course Outline

Day One

Module 0: Course introduction

Security in the AWS Cloud
AWS Shared Responsibility Model
Incident response overview
DevOps with security engineering

Module 1: Identifying entry points on AWS

Identify the different ways to access the AWS platform
Understanding IAM policies
IAM permissions boundary
Multi-factor authentication
AWS CloudTrail
Hands-on lab 1: Cross-account access

Module 2: Security considerations: web application environments

Threats in a three-tier architecture
Common threats: User access
Common threats: Data access
AWS Trusted Advisor

Module 3: Application security

Dedicated Amazon EC2 instances and hosts
Amazon machine images (AMIs)
Amazon Inspector
AWS Systems Manager
Hands-on lab 2: Using AWS Systems Manager and Amazon Inspector

Module 4: Securing network communications – part 1

Amazon VPC security considerations
Responding to compromised instances
Elastic Load Balancing
AWS Certificate Manager (ACM)

Day Two

Module 5: Data security

Data protection strategies
Encryption on AWS
Protecting data at rest with Amazon S3, Amazon RDS, and Amazon DynamoDB
Protecting archived data with Amazon S3 Glacier

Module 6: Security considerations: hybrid environments

AWS site-to-site and client VPN connections
AWS Direct Connect (DX)
AWS Transit Gateway
AWS Storage Gateway

Module 7: Monitoring and collecting logs on AWS

Amazon CloudWatch and CloudWatch Logs
AWS Config
Amazon CloudWatch logs
Amazon VPC Flow logs
Amazon S3 server access logs
ELB access logs
Hands-on lab 3 part 1: Server log analysis – log collection

Module 8: Processing Logs on AWS

Amazon Kinesis for log processing
Amazon Athena for log processing
Hands-on lab 3 part 2: Server log analysis – log analysis

Module 9: Securing network communications – part 2

Amazon VPC peering
Amazon VPC endpoints

Module 10: Out-of-region protection

Denial of service threats overview
Amazon Route 53
AWS WAF
Amazon CloudFront
AWS Shield
AWS Firewall Manager
DDoS mitigation on AWS

Day Three

Module 11: Account management on AWS

AWS Organizations
AWS Control Tower
AWS Single Sign-On (AWS SSO)
AWS Directory Service
Hands-on lab 4: Federated access with ADFS

Module 12: Security considerations: serverless environments

Amazon Cognito
Amazon API Gateway
Secure messaging with Amazon SQS and Amazon SNS
AWS Lambda
Hands-on lab 5: Monitor and respond with AWS Lambda and AWS Config

Module 13: Secrets Management on AWS

AWS Key Management Service (AWS KMS)
AWS CloudHSM
AWS Secrets Manager
Hands-on lab 6: Using AWS KMS

Module 14: Automating security on AWS

AWS CloudFormation
AWS Service Catalog
Hands-on lab 7: Security automation on AWS with AWS Service Catalog

Module 15: Threat detection and sensitive data monitoring

Amazon GuardDuty
Amazon Macie