
Paths
AWS Cloud Security
AWS has products and services that can pretty much take care of any business computing need you might have, but with each specific project, you absolutely must consider how you... Read more
What you will learn:
- Securing networks, infrastructure, data, identities, and applications.
Pre-requisites
This path is intended for beginners and learners who are already familiar with cloud computing and the AWS cloud platform.
Beginner
In this section you will learn to identify the AWS services that are available to assist you in implementing security in your projects. You’ll also learn to manage user identities which is one of the basic building blocks of access to your projects. Finally you’ll learn about securing your data that you keep in AWS services.
Introduction to AWS Cloud Security
1h 7m
Description
Everyday more applications adopt the AWS cloud causing an exponential demand for cloud security to protect and scale enterprises. In this course, Introduction To AWS Cloud Security, you will gain the ability to create a secure cloud environment within AWS. First, you will see an overview of foundational AWS service offerings and how they relate to the security of your infrastructure. Next, you will discover how to protect your cloud data and enable secure communication between cloud services. Finally, you will explore how to maintain a secure enterprise cloud environment with cutting edge logging and monitoring solutions. When you are finished with this course, you will have the skills and knowledge of AWS needed to create a secure cloud environment.
Table of contents
- New Module
- Identifying AWS Services for Security and When to Use Them
- Define the Shared Responsibility Model
- New Module
Identity and Access Management on AWS: Users
1h 42m
Description
At the core of Identity and Access Management (IAM) usage in AWS is a thorough knowledge of users and their purpose. In this course, Identity and Access Management on AWS: Users, you’ll learn how to properly create and use IAM users and optionally federate them with external directory services. First, you’ll learn about the root user that is the only user in a new account and why this user should be used to set up the IAM user that will do the rest of the configuration. Next, you’ll explore how to create users for both Management Console and programmatic access, as well as how to secure that access. Finally, you’ll discover how to federate IAM in AWS with external authentication services, such as Active Directory and web identities (including Amazon, Google, and Facebook), as well as other frameworks like OpenID and SAML. When you’re finished with this course, you’ll have a foundational knowledge of users in IAM on AWS that will help you as you move forward with securing your AWS infrastructure.
Table of contents
- Course Overview
- Introducing IAM on AWS
- Creating and Maintaining Individual Users
- Incorporating Federation
Securing Data on AWS
1h 46m
Description
Perhaps your company is moving to the Amazon cloud and you are concerned with safely protecting your company's data. Perhaps your company needs to follow a strict level of compliance when operating in the cloud. Maybe you have a lot of data stored in the cloud, and find that you don't have time to manage it properly.
In this course, Securing Data on AWS, you will gain the ability to encrypt your data using any of the data services provided by Amazon Web Services (AWS).
First, you will learn the difference between the Key Management Service (KMS) and CloudHSM.
Next, you will discover how to create customer-managed keys and perform administration on your encryption keys for both administrators and end users.
Then, you will see how to install CloudHSM, and understand the integration between KMS and CloudHSM.
Finally, you will understand how Amazon Macie can help you manage and protect your data records stored in S3 buckets.
When you are finished with this course, you will have the skills and understanding of services that help you perform encryption and management of your stored data in the AWS cloud.
Table of contents
- Course Overview
- Encryption and Decryption at AWS
- Securing Data with KMS (Key Management Service)
- Securing Data with Cloud HSM (Hardware Security Module)
- Protecting Sensitive Data with Amazon Macie
Intermediate
In this section you’ll learn how to make sure that your infrastructure and virtual machine stay secure. The applications that you house in your infrastructure will next need to be secured and you’ll be able to do that here as well. Finally, you’ll learn how you can monitor all of this in an ongoing fashion.
Securing AWS Infrastructure
1h 41m
Description
Securing AWS infrastructure is an ongoing task, with many moving parts.
In this course, Securing AWS Infrastructure, you’ll find the best methods of securing your hosted applications at AWS.
First, you'll learn the best subnet and IP address types to host your applications, and how to plan out VPC security using route tables, security groups, and Network ACLs.
Next, you’ll discover the roles that redundancy and availability play in application security, looking at load balancing and autoscaling and how they help your applications to remain available.
Finally, you’ll explore the intrusion detection and prevention available at AWS for all customers, specifically how to create threat protection layers with Web Application Firewall, AWS Shield, Shield Advanced, and the AWS Firewall manager. You’ll also see how to protect public-facing resources using CloudFront.
You'll also go through the use of GuardDuty and Amazon Inspector. This course’s content is a mix of lecture and hands-on demos.
When you’re finished with this course, you will understand how to properly secure your infrastructure components at AWS.
Table of contents
- Course Overview
- Securing EC2 Resources
- Planning for Intrusion, Threats, and DDoS Attacks
- Maintaining EC2 Instance Security with Amazon Inspector
- Monitoring Threat Detection with Amazon GuardDuty
Securing Applications on AWS
2h 13m
Description
Many applications at AWS are over-hosted. In this course, Securing Applications on AWS, you will gain knowledge about how to protect over-hosted applications at AWS using a variety of powerful management tools provided by Amazon.
First, you will look at the Web Application Firewall (WAF) and see how to protect against unwanted access from incoming public traffic, you will explore the API Gateway and how you can create and host APIs at AWS, and you will dive into Amazon Cognito which allows you to create user and identity pools that allow internal and external authentication and single sign-on access.
Next, you will look at the operation of CloudWatch and its use of metrics which allow you to manage all of your AWS resources, as well as CloudTrail which helps to monitor all activity in your AWS account.
Finally, you will see how to use TrustedAdvisor to alert you to account issues, and AWS Config to set rules for managing your infrastructure resources.
When you are done with this course, you will know how to monitor, audit, protect, and take many other actions towards protecting your applications hosted on AWS.
Table of contents
- Course Overview
- Web Application Firewall and the API Gateway
- Authenticating Users with Amazon Cognito
- Logging with CloudWatch
- Auditing with CloudTrail
- Managing Compliance Standards with Trusted Advisor and AWS Config
Monitoring AWS Cloud Security
1h 56m
Description
Though migrating to the cloud is one of the uphill tasks that most companies go through, one of the important if not the most important tasks is to monitor the cloud resources once the migration is completed to avoid some of the unpleasant issues like increased cost due to mismanaged resources, reduced customer satisfaction because of unmonitored metrics. In this course, Monitoring AWS Cloud Security, you will learn how to address issues like these. First, you will learn about CloudWatch metrics, starting from default metrics, eventually learning how to publish your own custom metrics. Next, you will explore how to communicate system events across accounts and how to automatically respond and recover to system events of your AWS resources. Finally, you will discover how to create a graphical dashboard to monitor all these highly critical metrics from one single location. When you are finished with this course, you will have the skills and knowledge to create and monitor metrics, set up alerts, and create dashboards to monitor various AWS resources.
Table of contents
- Course Overview
- Getting Started with CloudWatch
- Logging and Metrics
- Dashboards and Automation
- AWS Microsoft Support
Advanced
In this section you’ll learn in depth how to implement and use the Virtual Private Cloud, the solution to providing an air gap for your projects. You’ll then finish up with a look at the best practices you should keep in mind throughout the whole process.
AWS Networking Deep Dive: Virtual Private Cloud (VPC)
2h 56m
Description
Is your existing VPC configuration holding you back? In this course, AWS Networking Deep Dive: Virtual Private Cloud (VPC), you'll learn the inner-workings of VPC components and how they differ from their traditional network analogs. First, you'll discover how to create multi-VPC topologies and build secure connectivity between them. Next, you'll explore how to create and use a transit VPC to enable scalable connectivity between multiple VPCs and on-premises networks. Finally, you'll learn how restrict IPv4 and IPv6 internet access. When you're finished with this course, you'll have the skills and knowledge to create secure and scalable VPC designs.
Table of contents
- Course Overview
- Creating Secure Virtual Private Clouds (VPCs)
- Creating Secure and Scalable VPCs
- VPC Peering
- Secure Internet Egress Using NAT Instances
- Using a Transit VPC to Connect On-premises and Cloud Resources
- Monitoring a VPC
- Using CloudHub to Connect Remote Sites Together
- Configuring IPv6 Connectivity
AWS Cloud Security Best Practices
42m
Description
Prevent a breach of security. Protect against data loss or misuse. Keep from ruining your company's reputation. Keep the hackers out! In this course, AWS Cloud Security Best Practices, you will gain the ability to secure your organization’s AWS cloud applications. First, you will learn the fundamentals in the AWS Security Checklist. Next, you will discover what is needed for an operating system to run securely in the cloud, and how to segment AWS infrastructure for maximum security. Finally, you will explore how the AWS Cloud Adoption Framework (CAF) can help your organization move the entire business to the cloud. When you're finished with this course, you will have the skills and knowledge of AWS Security needed to secure your organization’s applications in the cloud.
Table of contents
- Course Overview
- Examining the AWS Security Checklist
- Securing Operating Systems and Applications
- Securing Your Infrastructure
- Introducing the Cloud Adoption Framework