Architecting for Security on AWS
This course will help you learn to apply security at all layers of AWS, including encrypting and protecting data at-rest and in-transit, as well as how to prepare for and respond to security events.
What you'll learn
AWS security architects need to understand how to build security into every AWS deployment at every level. In this course, Architecting for Security on AWS, you’ll learn how to secure your data and your AWS services and resources at multiple levels using a defense-in-depth approach. First, you'll learn how to protect your AWS credentials using identity and access management. Next, you'll see how to capture and analyze logs using CloudTrail, CloudWatch, and Athena. Finally, you'll learn how to implement network and instance security, encrypt data at rest and in-transit, and set up data backup, replication, and recovery. After finishing this course, you'll be ready to granularly control access to your AWS resources.
Table of contents
- Confidentiality, Integrity, and Availability 6m
- Course Overview 6m
- Understanding AWS Credentials 2m
- Locking Down the Root User 7m
- Introduction to Principals and Policies 2m
- Understanding Policies 3m
- Creating an Administrative User 8m
- Using Groups 2m
- Denying Access with User Policies 9m
- Denying Access with Group Policies 3m
- Summary 3m
- Introduction to Capturing and Analyzing Logs 2m
- Understanding CloudTrail 2m
- Configuring CloudTrail to Log AWS Service Operations 8m
- CloudTrail vs. CloudWatch Logs 3m
- Configuring CloudWatch Logs 8m
- Reading CloudTrail Logs Using CloudWatch Logs 4m
- Creating CloudWatch Alarms 9m
- Searching Logs with Athena 6m
- Tracking Configuration Changes in AWS Config 7m
- Summary 2m
- Introduction to Protecting Data at Rest 3m
- Creating a Customer Master Key with KMS 6m
- Encrypting an Unencrypted EBS Volume 6m
- S3 Access Permissions - Part 1 7m
- S3 Access Permissions - Part 2 4m
- CloudFront Origin Access Identity 6m
- Granting Anonymous Access with Object ACLs and Bucket Policies 7m
- Encrypting S3 Objects with KMS-managed Keys (SSE-KMS) 5m
- Summary 3m
