Security Engineering on AWS

Security Engineering on AWSAWSSOAWAmazon Web ServicesAW-AWSSO3.0.0This course is designed to teach you how to: <ul> <li>Use the AWS shared security responsibility model</li><li>Architect and build AWS application infrastructures that are protected against the most common security threats</li><li>Use encryption to protect data at rest and in transit</li><li>Apply security checks and analyses in an automated and reproducible way</li><li>Configure authentication for resources and applications in the AWS Cloud</li><li>Gain insight into events by capturing, monitoring, processing, and analyzing logs</li><li>Identify and mitigate incoming threats against applications and data</li><li>Perform security assessments to ensure that common vulnerabilities are patched and security best practices are applied</li></ul>We recommend that attendees of this course have: <ul><li>Working knowledge of IT security practices and infrastructure concepts</li><li>Familiarity with cloud computing concepts</li><li>Completed <a class="fl-href-prod" href="/uu-its-smycl/en/course/amazon-cp-ess"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>AWS Cloud Practitioner Essentials (CP-ESS)</a>, AWS Security Fundamentals digital training, and <a class="fl-href-prod" href="/uu-its-smycl/en/course/amazon-awsa"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Architecting on AWS (AWSA)</a></li></ul>This course is intended for: <ul> <li>Security Engineers</li><li>Security Architects</li><li>Information Security professionals</li></ul>Day One Module 0: Course introduction <ul> <li>Security in the AWS Cloud</li><li>AWS Shared Responsibility Model</li><li>Incident response overview</li><li>DevOps with security engineering</li></ul>Module 1: Identifying entry points on AWS <ul> <li>Identify the different ways to access the AWS platform</li><li>Understanding IAM policies</li><li>IAM permissions boundary</li><li>Multi-factor authentication</li><li>AWS CloudTrail</li><li>Hands-on lab 1: Cross-account access</li></ul>Module 2: Security considerations: web application environments <ul> <li>Threats in a three-tier architecture</li><li>Common threats: User access</li><li>Common threats: Data access</li><li>AWS Trusted Advisor</li></ul>Module 3: Application security <ul> <li>Dedicated Amazon EC2 instances and hosts</li><li>Amazon machine images (AMIs)</li><li>Amazon Inspector</li><li>AWS Systems Manager</li><li>Hands-on lab 2: Using AWS Systems Manager and Amazon Inspector</li></ul>Module 4: Securing network communications – part 1 <ul> <li>Amazon VPC security considerations</li><li>Responding to compromised instances</li><li>Elastic Load Balancing</li><li>AWS Certificate Manager (ACM)</li></ul>Day Two Module 5: Data security <ul> <li>Data protection strategies</li><li>Encryption on AWS</li><li>Protecting data at rest with Amazon S3, Amazon RDS, and Amazon DynamoDB</li><li>Protecting archived data with Amazon S3 Glacier</li></ul>Module 6: Security considerations: hybrid environments <ul> <li>AWS site-to-site and client VPN connections</li><li>AWS Direct Connect (DX)</li><li>AWS Transit Gateway</li><li>AWS Storage Gateway</li></ul>Module 7: Monitoring and collecting logs on AWS <ul> <li>Amazon CloudWatch and CloudWatch Logs</li><li>AWS Config</li><li>Amazon CloudWatch logs</li><li>Amazon VPC Flow logs</li><li>Amazon S3 server access logs</li><li>ELB access logs</li><li>Hands-on lab 3 part 1: Server log analysis – log collection</li></ul>Module 8: Processing Logs on AWS <ul> <li>Amazon Kinesis for log processing</li><li>Amazon Athena for log processing</li><li>Hands-on lab 3 part 2: Server log analysis – log analysis</li></ul>Module 9: Securing network communications – part 2 <ul> <li>Amazon VPC peering</li><li>Amazon VPC endpoints</li></ul>Module 10: Out-of-region protection <ul> <li>Denial of service threats overview</li><li>Amazon Route 53</li><li>AWS WAF</li><li>Amazon CloudFront</li><li>AWS Shield</li><li>AWS Firewall Manager</li><li>DDoS mitigation on AWS</li></ul>Day Three Module 11: Account management on AWS <ul> <li>AWS Organizations</li><li>AWS Control Tower</li><li>AWS Single Sign-On (AWS SSO)</li><li>AWS Directory Service</li><li>Hands-on lab 4: Federated access with ADFS</li></ul>Module 12: Security considerations: serverless environments <ul> <li>Amazon Cognito</li><li>Amazon API Gateway</li><li>Secure messaging with Amazon SQS and Amazon SNS</li><li>AWS Lambda</li><li>Hands-on lab 5: Monitor and respond with AWS Lambda and AWS Config</li></ul>Module 13: Secrets Management on AWS <ul> <li>AWS Key Management Service (AWS KMS)</li><li>AWS CloudHSM</li><li>AWS Secrets Manager</li><li>Hands-on lab 6: Using AWS KMS</li></ul>Module 14: Automating security on AWS <ul> <li>AWS CloudFormation</li><li>AWS Service Catalog</li><li>Hands-on lab 7: Security automation on AWS with AWS Service Catalog</li></ul>Module 15: Threat detection and sensitive data monitoring <ul> <li>Amazon GuardDuty</li><li>Amazon Macie</li></ul>This course is designed to teach you how to: - Use the AWS shared security responsibility model - Architect and build AWS application infrastructures that are protected against the most common security threats - Use encryption to protect data at rest and in transit - Apply security checks and analyses in an automated and reproducible way - Configure authentication for resources and applications in the AWS Cloud - Gain insight into events by capturing, monitoring, processing, and analyzing logs - Identify and mitigate incoming threats against applications and data - Perform security assessments to ensure that common vulnerabilities are patched and security best practices are appliedWe recommend that attendees of this course have: - Working knowledge of IT security practices and infrastructure concepts - Familiarity with cloud computing concepts - Completed AWS Cloud Practitioner Essentials (CP-ESS), AWS Security Fundamentals digital training, and Architecting on AWS (AWSA)This course is intended for: - Security Engineers - Security Architects - Information Security professionalsDay One Module 0: Course introduction - Security in the AWS Cloud - AWS Shared Responsibility Model - Incident response overview - DevOps with security engineering Module 1: Identifying entry points on AWS - Identify the different ways to access the AWS platform - Understanding IAM policies - IAM permissions boundary - Multi-factor authentication - AWS CloudTrail - Hands-on lab 1: Cross-account access Module 2: Security considerations: web application environments - Threats in a three-tier architecture - Common threats: User access - Common threats: Data access - AWS Trusted Advisor Module 3: Application security - Dedicated Amazon EC2 instances and hosts - Amazon machine images (AMIs) - Amazon Inspector - AWS Systems Manager - Hands-on lab 2: Using AWS Systems Manager and Amazon Inspector Module 4: Securing network communications – part 1 - Amazon VPC security considerations - Responding to compromised instances - Elastic Load Balancing - AWS Certificate Manager (ACM) Day Two Module 5: Data security - Data protection strategies - Encryption on AWS - Protecting data at rest with Amazon S3, Amazon RDS, and Amazon DynamoDB - Protecting archived data with Amazon S3 Glacier Module 6: Security considerations: hybrid environments - AWS site-to-site and client VPN connections - AWS Direct Connect (DX) - AWS Transit Gateway - AWS Storage Gateway Module 7: Monitoring and collecting logs on AWS - Amazon CloudWatch and CloudWatch Logs - AWS Config - Amazon CloudWatch logs - Amazon VPC Flow logs - Amazon S3 server access logs - ELB access logs - Hands-on lab 3 part 1: Server log analysis – log collection Module 8: Processing Logs on AWS - Amazon Kinesis for log processing - Amazon Athena for log processing - Hands-on lab 3 part 2: Server log analysis – log analysis Module 9: Securing network communications – part 2 - Amazon VPC peering - Amazon VPC endpoints Module 10: Out-of-region protection - Denial of service threats overview - Amazon Route 53 - AWS WAF - Amazon CloudFront - AWS Shield - AWS Firewall Manager - DDoS mitigation on AWS Day Three Module 11: Account management on AWS - AWS Organizations - AWS Control Tower - AWS Single Sign-On (AWS SSO) - AWS Directory Service - Hands-on lab 4: Federated access with ADFS Module 12: Security considerations: serverless environments - Amazon Cognito - Amazon API Gateway - Secure messaging with Amazon SQS and Amazon SNS - AWS Lambda - Hands-on lab 5: Monitor and respond with AWS Lambda and AWS Config Module 13: Secrets Management on AWS - AWS Key Management Service (AWS KMS) - AWS CloudHSM - AWS Secrets Manager - Hands-on lab 6: Using AWS KMS Module 14: Automating security on AWS - AWS CloudFormation - AWS Service Catalog - Hands-on lab 7: Security automation on AWS with AWS Service Catalog Module 15: Threat detection and sensitive data monitoring - Amazon GuardDuty - Amazon Macie3 days1995.001500.001480.001480.001480.001480.001480.001480.001480.001480.001750.001750.001750.001750.001380.001395.001395.001395.001485.001485.001485.001395.001395.001485.002685.002025.002685.002685.00127500.001895.009320.001995.001995.002195.001995.001650.002510.005200.002655.002470.002795.002395.00