Security Engineering on AWS - ENGLISH

Security Engineering on AWS demonstrates how to efficiently use AWS security services to stay secure and compliant in the AWS Cloud. The course focuses on the AWS-recommended security best practices that you can implement to enhance the security of your data and systems in the cloud. The course highlights the security features of AWS key services including compute, storage, networking, and database services.
This course also refers to the common security control objectives and regulatory compliance standards and examines use cases for running regulated workloads on AWS across different verticals, globally. You will also learn how to leverage AWS services and tools for automation and continuous monitoring—taking your security operations to the next level.

.... Course Description

• Security engineers
• Security architects
• Security analysts
• Security auditors
• Individuals who are responsible for governing, auditing, and testing an organization’s IT infrastructure, and ensuring conformity of the infrastructure to security, risk, and compliance guidelines

• Attended AWS Security Fundamentals
• Attended AWS Security Essentials
• Attended Architecting on AWS
• Experience with governance, risk, and compliance regulations and control objectives
• Working knowledge of IT security practices
• Working knowledge of IT infrastructure concepts
• Familiarity with cloud computing concepts

Day 1
Module 1: Security on AWS 
Security in the AWS cloud 
AWS Shared Responsibility Model
Incident response overview 
DevOps with Security Engineering
 
Module 2: Identifying Entry Points on AWS
Identify the different ways to access the AWS platform 
Understanding IAM policies 
IAM Permissions Boundary
IAM Access Analyzer 
Multi-factor authentication 
AWS CloudTrail
Lab 01: Cross-account access
 
Module 3: Security Considerations: Web Application Environments 
Threats in a three-tier architecture
Common threats: user access
Common threats: data access 
AWS Trusted Advisor
 
Module 4: Application Security
Amazon Machine Images
Amazon Inspectors
AWS Systems Manager
Lab 02: Using AWS Systems Manager and Amazon Inspector
 
Module 5: Data Security
Data protection strategies 
Encryption on AWS 
Protecting data at rest with Amazon S3, Amazon RDS, Amazon DynamoDB 
Protecting archived data with Amazon S3 Glacier
Amazon S3 Access Analyzer
Amazon S3 Access Points
 
Day 2
Module 6: Securing Network Communications 
Amazon VPC security considerations 
Amazon VPC Traffic Mirroring 
Responding to compromised instances
Elastic Load Balancing 
AWS Certificate Manager
 
Module 7: Monitoring and Collecting Logs on AWS
Amazon CloudWatch and CloudWatch Logs
AWS Config
Amazon Macie
Amazon VPC Flow Logs 
Amazon S3 Server Access Logs
ELB Access Logs
Lab 03: Monitor and Respond with AWS Config
 
Module 8: Processing Logs on AWS 
Amazon Kinesis
Amazon Athena
Lab 04: Web Server Log Analysis
 
Module 9: Security Considerations: Hybrid Environments 
AWS Site-to-Site and Client VPN connections 
AWS Direct Connect
AWS Transit Gateway
 
Module 10: Out-Of-Region Protection 
Amazon Route 53
AWS WAF 
Amazon CloudFront 
AWS Shield
AWS Firewall Manager
DDoS mitigation on AWS
 
Day 3
Module 11: Security Considerations: Serverless Environments 
Amazon Cognito
Amazon API Gateway 
AWS Lambda
 
Module 12: Threat Detection and Investigation
Amazon GuardDuty
AWS Security Hub 
Amazon Detective
 
Module 13: Secrets Management on AWS
AWS KMS
AWS CloudHSM
AWS Secrets Manager 
Lab 05: Using AWS KMS
 
Module 14: Automation and Security by Design
AWS CloudFormation
AWS Service Catalog 
Lab 06: Security automation on AWS with AWS Service Catalog
 
Module 15: Account Management and Provisioning on AWS
AWS Organizations
AWS Control Tower
AWS SSO
AWS Directory Service
Lab 07: Federated Access with ADFS