This is the third in a series of four courses that will prepare you for the AWS Certified DevOps Engineer Certification. In this course, we'll cover the domain objectives for the security, governance, and validation portion of the exam.
Course Overview Hey this is Mike Pfeiffer, and welcome to this course on Security, Governance, and Validation on AWS. This is the third course in a series that covers all of the domain objectives for the AWS Certified DevOps Engineer professional exam. Security is one of the primary considerations for organizations adopting cloud services, and when it comes to working with the AWS cloud platform, there's a lot of patterns and best practices that you need to follow in order to make sure that your environment is configured properly. Obtaining the AWS DevOps professional certification is a great way to demonstrate your skills when it comes to implementing a secure solution that is built based on best practices. In this course we'll start off by looking at some essential AWS security best practices, we'll see how to use the identity and access management service to implement roles and policies, and we'll set up multifactor authentication, and we'll discuss other standard practices, like following the principle of least privilege and securing access to your AWS resources. Next we'll move on to implementing delegation and federation, so we'll see how to delegate access to resources in separate AWS accounts, and we'll set up identity federation, so we can allow access to AWS resources, to user accounts, and our own corporate Active Directory environments. Then we'll get into protecting data at flight and at rest, and we'll set up EBS volume encryption, server-side encryption in Amazon S3, and database encryption with Amazon RDS, the relational database service. Finally, we'll learn how to enable IT governance with AWS services. We'll take a look at common IT governance domains and how to address security requirements using the services available from AWS. Now before beginning this course, you should have familiarity with AWS operations or development, and if you're studying for the DevOps exam, you should have already watched the first two courses in this series that cover Continuous Delivery and Automation and Monitoring, Metrics, and Logging. But whether you're planning on taking the DevOps exam or not, I hope you'll join me in this course that'll give you practical skills for implementing security on AWS.
Understanding AWS Security Best Practices Hey, this is Mike Pfeiffer, and in this module we're going to take a look at Understanding AWS Security Best Practices. So we're actually going to take a look at quite a few things in this module, we're going to start off by talking about the shared responsibility model. So on top of the security stuff that AWS does for you, there're some things that you should be doing as well, and we're going to spend a lot of time working on best practices for identity and access management, or the IAM service, so we'll take a look at using users and groups in EC2 instance roles, and we'll take a look at using multifactor authentication and IAM password policies, and then we'll wrap things up at the end of the module by looking at some native tools that we can use to audit the security settings in our AWS account.
Implementing Delegation and Federation Hey this is Mike Pfeiffer, and in this module we're going to take a look at Implementing Delegation and Federation. So we'll start off by looking at IAM roles in a little bit more detail and see some things that we haven't covered previously, and then we'll get into delegating access to resources in other AWS accounts. We're also going to talk about some common federation scenarios, such as corporate identity federation, as well as web identity federation, and we'll even see an example of setting up federated console access so users can log in to the AWS console using an external account.
Protecting Data In-flight and at Rest Hey this is Mike Pfeiffer, and in this module we're going to take a look at Protecting Data In-flight and at Rest with common AWS services. So we'll start off by looking at protecting data in Amazon S3, then we'll move on and take a look at the Amazon EBS service, the Elastic Block Store, and how we can do volume encryption, we'll look at the encryption options for the Amazon Relational Database Service, or the RDS service, and then we'll wrap up by talking about some common data protection scenarios when you're working with AWS services over the public internet.
Enabling IT Governance with AWS Services Hey this is Mike Pfeiffer, and this in module we're going to take a look at Enabling IT Governance with AWS Services. So we'll start things off by defining IT governance, and then we'll get into the primary domains for IT governance, which cover IT resources, IT security, and IT performance. And then we'll look at the AWS services and features that enable governance in these domains.