Architecting for Security on AWS

By Ben Piper
This course will help you learn to apply security at all layers of AWS, including encrypting and protecting data at-rest and in-transit, as well as how to prepare for and respond to security events.
Start FREE course
Play course overview
Course info
Rating
(90)
Level
Intermediate
Updated
Mar 9, 2020
Duration
4h 13m
Table of contents
Course Overview
Course Overview 1m
Protecting AWS Credentials
Confidentiality, Integrity, and Availability 6m Course Overview 6m Understanding AWS Credentials 2m Locking Down the Root User 7m Introduction to Principals and Policies 2m Understanding Policies 3m Creating an Administrative User 8m Using Groups 2m Denying Access with User Policies 9m Denying Access with Group Policies 3m Summary 3m
Capturing and Analyzing Logs
Introduction to Capturing and Analyzing Logs 2m Understanding CloudTrail 2m Configuring CloudTrail to Log AWS Service Operations 8m CloudTrail vs. CloudWatch Logs 3m Configuring CloudWatch Logs 8m Reading CloudTrail Logs Using CloudWatch Logs 4m Creating CloudWatch Alarms 9m Searching Logs with Athena 6m Tracking Configuration Changes in AWS Config 7m Summary 2m
Protecting Network and Host-level Boundaries
Introduction to Protecting Network and Host-level Boundaries 5m Creating a Public Subnet 6m Creating and Using an IAM Instance Profile 9m Using SSH Key Pairs 8m Using VPC Endpoints - Part 1 7m Using VPC Endpoints - Part 2 6m Network Access Control Lists 10m Summary 2m
Protecting Data at Rest
Introduction to Protecting Data at Rest 3m Creating a Customer Master Key with KMS 6m Encrypting an Unencrypted EBS Volume 6m S3 Access Permissions - Part 1 7m S3 Access Permissions - Part 2 4m CloudFront Origin Access Identity 6m Granting Anonymous Access with Object ACLs and Bucket Policies 7m Encrypting S3 Objects with KMS-managed Keys (SSE-KMS) 5m Summary 3m
Protecting Data in Transit
Introduction to Protecting Data in Transit 6m Preparing for the Load Balancer 7m Creating a Secure Application Load Balancer 8m Summary 2m
Configuring Data Backup, Replication, and Recovery
Introduction to Data Backup, Replication, and Recovery 2m Versioning 5m Lifecycle Management 8m Cross-region Replication 5m Summary 1m Course Summary 3m
Description
Course info
Rating
(90)
Level
Intermediate
Updated
Mar 9, 2020
Duration
4h 13m
Description

AWS security architects need to understand how to build security into every AWS deployment at every level. In this course, Architecting for Security on AWS, you’ll learn how to secure your data and your AWS services and resources at multiple levels using a defense-in-depth approach. First, you'll learn how to protect your AWS credentials using identity and access management. Next, you'll see how to capture and analyze logs using CloudTrail, CloudWatch, and Athena. Finally, you'll learn how to implement network and instance security, encrypt data at rest and in-transit, and set up data backup, replication, and recovery. After finishing this course, you'll be ready to granularly control access to your AWS resources.

About the author
Ben Piper
About the author

Ben Piper is the author of the "CCNP Enterprise Certification Study Guide: Implementing and Operating Cisco Enterprise Network Core Technologies" and the "AWS Certified Solutions Architect Study Guide". You can contact Ben by visiting his website, benpiper.com.

More from the author
Cisco Enterprise Networks: Troubleshooting IP Services
Intermediate
1h 56m
Jul 26, 2021
Architecting for Operational Excellence on AWS
Intermediate
3h 5m
Jun 18, 2021
AWS Networking Deep Dive: Elastic Load Balancing (ELB)
Intermediate
2h 13m
Apr 30, 2021
More courses by Ben Piper
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
(Music playing) Hi everyone, my name Ben Piper, and welcome to my course, Architecting for Security on AWS. I'm an AWS certified Solutions Architect and author. Security is about protecting your valuable data and the systems that store and retrieve that data. As an AWS architect, you need to understand how to build security into every AWS deployment at every level. In this course, you're going to learn how to secure your data and your AWS services and resources at multiple levels using a defense in-depth approach. Some of the major topics that we will cover include identity and access management, capturing and analyzing security logs, network and instance security, data encryption, and backup, replication, and recovery. By the end of this course, you'll know how to secure your data stored in AWS, as well as your AWS services and resources. Before beginning the course, you should have six months of experience with AWS in a technical capacity. I hope you'll join me on this journey to learn AWS security with the Architecting for Security on AWS course, only on Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT