Live-Online: Security Engineering on AWS

Day 1
Module 1: Security on AWS

• Security in the AWS cloud
• AWS Shared Responsibility Model
• Incident response overview
• DevOps with Security Engineering

Module 2: Identifying Entry Points on AWS

• Identify the different ways to access the AWS platform
• Understanding IAM policies
• IAM Permissions Boundary
• IAM Access Analyzer
• Multi-factor authentication
• AWS CloudTrail
• Lab 01: Cross-account access

Module 3: Security Considerations: Web Application Environments

• Threats in a three-tier architecture
• Common threats: user access
• Common threats: data access
• AWS Trusted Advisor

Module 4: Application Security

• Amazon Machine Images
• Amazon Inspector
• AWS Systems Manager
• Lab 02: Using AWS Systems Manager and Amazon Inspector

Module 5: Data Security

• Data protection strategies
• Encryption on AWS
• Protecting data at rest with Amazon S3, Amazon RDS, Amazon DynamoDB
• Protecting archived data with Amazon S3 Glacier
• Amazon S3 Access Analyzer
• Amazon S3 Access Points

Day 2
Module 6: Securing Network Communications

• Amazon VPC security considerations
• Amazon VPC Traffic Mirroring
• Responding to compromised instances
• Elastic Load Balancing
• AWS Certificate Manager

Module 7: Monitoring and Collecting Logs on AWS

• Amazon CloudWatch and CloudWatch Logs
• AWS Config
• Amazon Macie
• Amazon VPC Flow Logs
• Amazon S3 Server Access Logs
• ELB Access Logs
• Lab 03: Monitor and Respond with AWS Config

Module 8: Processing Logs on AWS

• Amazon Kinesis
• Amazon Athena
• Lab 04: Web Server Log Analysis

Module 9: Security Considerations: Hybrid Environments

• AWS Site-to-Site and Client VPN connections
• AWS Direct Connect
• AWS Transit Gateway

Module 10: Out-Of-Region Protection

• Amazon Route 53
• AWS WAF
• Amazon CloudFront
• AWS Shield
• AWS Firewall Manager
• DDoS mitigation on AWS

Day 3
Module 11: Security Considerations: Serverless Environments

• Amazon Cognito
• Amazon API Gateway
• AWS Lambda

Module 12: Threat Detection and Investigation

• Amazon GuardDuty
• AWS Security Hub
• Amazon Detective

Module 13: Secrets Management on AWS

• AWS KMS
• AWS CloudHSM
• AWS Secrets Manager
• Lab 05: Using AWS KMS

Module 14: Automation and Security by Design

• AWS CloudFormation
• AWS Service Catalog
• Lab 06: Security automation on AWS with AWS Service Catalog

Module 15: Account Management and Provisioning on AWS

• AWS Organizations
• AWS Control Tower
• AWS SSO
• AWS Directory Service
• Lab 07: Federated Access with ADFS

• Identifying security benefits and responsibilities of using the AWS Cloud
• Building secure application infrastructures
• Protecting applications and data from common security threats
• Performing and automating security checks
• Configuring authentication and permissions for applications and resources
• Monitoring AWS resources and responding to incidents
• Capturing and processing logs
• Creating and configuring automated and repeatable deployments with tools such as AMIs and AWS CloudFormation

This course prepares you to achieve the following official AWS Certification: 
AWS Certified Security – Specialty.

This course is intended for the following job roles:

• Cyber Security
• Data Analytics

We recommend that attendees of this course have attended the following course (or equivalent knowlege):
Architecting on AWS.