Hands-on labs for learning AWS security essentials
These hands-on labs are designed to teach you how to apply Identity and Access Management and other AWS services to address real-world security scenarios.
Jun 08, 2023 • 6 Minute Read
This post highlights hands-on labs that will help you get real-life experience building up AWS security skills.
Put your hands together for hands. From snapping and clapping to blowing a kid’s mind by doing that thing where you pretend to slide your thumb off, hands sure do come in handy. Hands are also hands-down the best way to learn cloud skills, like AWS security.
In this blog post, we’ll share five ACG hands-on labs that are perfect for AWS apprentices and practitioners looking to level up their AWS security skills with some essentials all cloud gurus need to know.
These guided labs will let you get your hands cloudy while walking you through real-world objectives in safe cloud environments.
Clocking in at around three hours, this stack of five hands-on labs is designed to teach you how to apply AWS Identity and Access Management, in concert with several other AWS services, to address real-world application and service security management scenarios.
Ready? Let's get to learning!
Check out our other hands-on labs playlists
AWS more your jam? Check out Ryan’s cloud playlist: Hands-on labs for learning AWS essentials.
All in on Azure? Tune into Lars’ cloud playlist: Hands-on labs for Azure fundamentals.
You down with GCP? Press play on our Hands-on labs playlist for learning GCP essentials.
The AWS Security Essentials playlist
Skill Level: Practitioner
5 Labs | 3 hours
Suggested Music Pairings
Note: To get started with the hands-on labs below, you’ll need an ACG account. Don’t have an account? Don’t fret! Start a free trial. Or sign up for a free account and start learning with this month’s batch of free courses, including our AWS Security Essentials course and other AWS-some AWS content like Amazon DynamoDB Deep Dive and How to Properly Secure an S3 Bucket.
Duration: 45 minutes
- Add the Users to the Proper Groups
- Use the IAM Sign-In Link to Sign in as a User
Overview: AWS Identity and Access Management (IAM) allows AWS customers to manage user access and permissions for their accounts and available APIs/services within AWS. IAM can manage users and security credentials and allow users to access AWS resources.
In this hands-on lab, you’ll walk through the foundations of IAM. We'll focus on user and group management as well as how to assign access to specific resources using IAM-managed policies. We'll learn how to find the login URL where AWS users can log in to their account and explore this from a real-world use-case perspective.
Already an ACG member? Try this lab here.
Duration: 30 minutes
- Create a Customer-Managed Policy
- Create a Group Controlled via a Customer-Managed Policy
- Assign Users to a Group
Overview: In this hands-on lab, we do a bit of role-playing. You’re a security engineer working for a new startup launching an online bookstore for rare and antique books. The founder needs your help with setting up her development team with the proper access permissions. In order to provide access and ensure the proper security measures are in place, you’ll use AWS Identity & Access Management (IAM). You’ll group users and assign permissions for the developer group using policies.
ACG member already? Start this lab here.
Duration: 30 minutes
- Create a VPC
- Create an Internet Gateway
- Edit the Main Route Table
- Create a Network Access Control List (NACL) and associate it.
- Create two public subnets
Overview: AWS Networking consists of many different components. Understanding the relationship between these components is a huge part of understanding the overall functionality and capabilities of AWS. In this hands-on lab, you’ll create a VPC with an Internet Gateway and subnets across multiple Availability Zones.
Signed into ACG? Fire up this lab here.
Watch: What Leaders Need To Know About Cloud Security
Is your business safe in the cloud? The answer is largely up to you. Watch this free on-demand webinar with Mark Nunnikhoven as he tackles the keys to cloud security that sticks.
Duration: 90 minutes
- Configure Security Groups
- Configure Network Access Control Lists (NACLs)
Overview: In this hands-on lab, you’ll use security groups and network access control lists to segment the network so only necessary traffic is available. You’ll gain experience using security groups and network access control lists to secure the different layers of a multi-tier application.
ACG member? Lockdown this lab here.
Duration: 60 minutes
- Secure the S3 Buckets
- SSH into AppServer1
- Create a VPC Endpoint
Overview: AWS S3 and DynamoDB are fantastic managed services. (Some go so far as saying S3 is the greatest cloud service of all time.) These services allow you to focus on what’s important while AWS focuses on the backend processes. Unfortunately, because these services are managed by AWS, they require traffic to leave your protected VPC to be accessed. Enter VPC Endpoints!
VPC Endpoints allow you to create endpoints within your VPC that keep the traffic on a private link between your VPC resources and these AWS services. Accessing DynamoDB and S3 privately using your own VPC CIDR range is crucial to maintaining a secure environment that is resistant to hackers, data thieves, and other undesirable folks.
In this hands-on lab, you’ll configure a VPC Endpoint and utilize encryption to ensure your data is secure.
Signed into your ACG account? Get hands-on here.
Recommended next steps for learning AWS security
- Once you have these labs down to a science, you can crank the difficulty up a notch. Many of the above labs can be taken on using our new Challenge Mode option.
- Not sure where to go next? Check out our AWS Security learning path for guidance on what to learn to keep advancing your AWS security skills as you go from novice to guru.
Lock down your AWS security skills
Learn faster. Move faster. Get started with ACG and transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.