Security Engineering on AWS
Duration : 3 Days (24 Hours)
Security Engineering on AWS Course Overview:
Security is a paramount concern for both existing customers in the cloud and those considering cloud adoption. With the rise in cyberattacks and data breaches, addressing these concerns is crucial. The Security Engineering on AWS course addresses these challenges by providing insights on interacting and building with Amazon Web Services (AWS) securely. Participants will gain knowledge in managing identities and roles, provisioning accounts, monitoring API activity for anomalies, and safeguarding data stored on AWS. The course also covers generating, collecting, and monitoring logs for identifying security incidents, as well as detecting and investigating security incidents using AWS services.
Course level: Intermediate
- Security engineers
- Security architects
- Cloud architects
- Cloud operators working across all global segments.
Module 1: Security Overview and Review
- Explain Security in the AWS Cloud.
- Explain AWS Shared Responsibility Model.
- Summarize IAM, Data Protection, and Threat Detection and Response.
- State the different ways to interact with AWS using the console, CLI, and SDKs.
- Describe how to use MFA for extra protection.
- State how to protect the root user account and access keys.
Module 2: Securing Entry Points on AWS
- Describe how to use multi-factor authentication (MFA) for extra protection.
- Describe how to protect the root user account and access keys.
- Describe IAM policies, roles, policy components, and permission boundaries.
- Explain how API requests can be logged and viewed using AWS CloudTrail and how to view and
analyze access history.
- Hands-On Lab: Using Identity and Resource Based Policies.
Module 3: Account Management and Provisioning on AWS
- Explain how to manage multiple AWS accounts using AWS Organizations and AWS Control
- Explain how to implement multi-account environments with AWS Control Tower.
- Demonstrate the ability to use identity providers and brokers to acquire access to AWS services.
- Explain the use of AWS IAM Identity Center (successor to AWS Single Sign-On) and AWS
- Demonstrate the ability to manage domain user access with Directory Service and IAM Identity
- Hands-On Lab: Managing Domain User Access with AWS Directory Service
Module 4: Secrets Management on AWS
- Describe and list the features of AWS KMS, CloudHSM, AWS Certificate Manager (ACM), and
AWS Secrets Manager.
- Demonstrate how to create a multi-Region AWS KMS key.
- Demonstrate how to encrypt a Secrets Manager secret with an AWS KMS key.
- Demonstrate how to use an encrypted secret to connect to an Amazon Relational Database
Service (Amazon RDS) database in multiple AWS Regions
- Hands-on lab: Lab 3: Using AWS KMS to Encrypt Secrets in Secrets Manager
Module 5: Data Security
- Monitor data for sensitive information with Amazon Macie.
- Describe how to protect data at rest through encryption and access controls.
- Identify AWS services used to replicate data for protection.
- Determine how to protect data after it has been archived.
- Hands-on lab: Lab 4: Data Security in Amazon S3
Module 6: Infrastructure Edge Protection
- Describe the AWS features used to build secure infrastructure.
- Describe the AWS services used to create resiliency during an attack.
- Identify the AWS services used to protect workloads from external threats.
- Compare the features of AWS Shield and AWS Shield Advanced.
- Explain how centralized deployment for AWS Firewall Manager can enhance security.
- Hands-on lab: Lab 5: Using AWS WAF to Mitigate Malicious Traffic
Module 7: Monitoring and Collecting Logs on AWS
- Identify the value of generating and collecting logs.
- Use Amazon Virtual Private Cloud (Amazon VPC) Flow Logs to monitor for security events.
- Explain how to monitor for baseline deviations.
- Describe Amazon EventBridge events.
- Describe Amazon CloudWatch metrics and alarms.
- List log analysis options and available techniques.
- Identify use cases for using virtual private cloud (VPC) Traffic Mirroring.
- Hands-on lab: Lab 6: Monitoring for and Responding to Security Incidents
Module 8: Responding to Threats
- Classify incident types in incident response.
- Understand incident response workflows.
- Discover sources of information for incident response using AWS services.
- Understand how to prepare for incidents.
- Detect threats using AWS services.
- Analyze and respond to security findings.
- Hands-on lab: Lab 7: Incident Response
Security Engineering on AWS Course Prerequisites:
We recommend that attendees of this course have:
- Completed the following courses:
o AWS Security Essentials (Classroom training) or
o AWS Security Fundamentals (Second Edition) (digital) and
o Architecting on AWS (Classroom Training)
- Working knowledge of IT security practices and infrastructure concepts.
- Familiarity with the AWS Cloud.
Q: What is “Security Engineering on AWS” training?
A: “Security Engineering on AWS” training is a comprehensive program designed to provide individuals with the knowledge and skills needed to implement and manage security controls on the Amazon Web Services (AWS) platform. It covers various security topics, including identity and access management, data protection, network security, and compliance.
Q: Who should consider taking the “Security Engineering on AWS” training?
A: This training is suitable for security engineers, IT professionals, system administrators, and individuals responsible for implementing and maintaining security controls in AWS environments. It is beneficial for those seeking to enhance their security expertise on the AWS platform.
Q: What topics are covered in the “Security Engineering on AWS” training?
A: The training covers a wide range of security topics, including AWS security best practices, identity and access management using AWS IAM, data protection using encryption and key management services, network security using AWS VPC, monitoring and logging for security analysis, incident response, and compliance.
Q: Are there any prerequisites for taking the “Security Engineering on AWS” training?
A: It is recommended to have a basic understanding of AWS services and security concepts before taking this training. Familiarity with networking and system administration will also be beneficial.
Q: How can I prepare for the “Security Engineering on AWS” training?
A: To prepare for the training, it is recommended to review AWS security documentation, familiarize yourself with AWS services related to security, and gain practical experience by exploring security controls in AWS environments. Prior knowledge of security best practices and compliance frameworks will also be helpful.
Q: Is there an exam associated with the “Security Engineering on AWS” training?
A: Yes, there is an optional certification exam called AWS Certified Security – Specialty that you can take to validate your security engineering skills on AWS. While the training helps prepare you for the exam, it is not mandatory to take the exam after completing the training.
Q: How can I register for the “Security Engineering on AWS” training?
A: To register for the training, click Enroll Now, we will provide you with information on available training schedules, formats (in-person or online), and enrollment procedures.
Q: Can I take the “Security Engineering on AWS” training online?
A: Yes, AWS offers online training options for “Security Engineering on AWS” to provide flexibility for learners. You can choose between instructor-led online training or self-paced online training, depending on your preferences and availability.
Q: How long is the “Security Engineering on AWS” training program?
A: The duration of the training program varies depending on the training format and delivery mode. Typically, it spans multiple days of instructor-led training or self-paced online learning, with a recommended time commitment of several hours per day.
Discover the perfect fit for your learning journey
Choose Learning Modality
This course comes with following benefits:
- Practice Labs.
- Get Trained by Certified Trainers.
- Access to the recordings of your class sessions for 90 days.
- Digital courseware
- Experience 24*7 learner support.
Got more questions? We’re all ears and ready to assist!