Security Engineering on AWS

Target Audience

• Security engineers
• Security architects
• Security operations
• Information security

Hands-On Activity

• AWS Cloud Practitioner Essentials
• AWS Security Fundamentals
• Architecting on AWS
• Working knowledge of IT security practices and infrastructure concepts
• Familiarity with cloud computing concepts

Learning Outcomes

• Assimilate and leverage the AWS shared security responsibility model
• Architect and build AWS application infrastructures that are protected against the most common security threats
• Protect data at rest and in transit with encryption
• Apply security checks and analyses in an automated and reproducible manner
• Configure authentication for resources and applications in the AWS Cloud
• Gain insight into events by capturing, monitoring, processing, and analyzing logs
• Identify and mitigate incoming threats against applications and data
• Perform security assessments to ensure that common vulnerabilities are patched and security best practices are applied

Course Outline

• Welcome and introductions
• Introduction to Security on AWS

• Ways to access the platform
• IAM policies
• Securing entry points
• Incident response

Lab - cross-account authentication

• Security points in an AWS web application environment
• Analyse a three-tier application model and identify common threats
• Assess environments to improve security

• Securing EC2 instances
• Assess vulnerabilities with Inspector
• Apply security in an automated way using Systems Manager
• Isolate a compromised instance

Lab - Assessing Security with Inspector and Systems Manager

• Apply security best practices to VPC
• Implement an ELB device as a protection point
• Protect data in transit using certificates

• Protect data at rest using encryption and access controls
• AWS services used to replicate data
• Protect archived data

• Security points outside of a VPC
• Common DoS threats

• Monitor events and collect logs with CloudWatch
• Use Config to monitor resources
• AWS-native services that generate and collect logs

• Stream and process logs for further analysis
• AWS services used to process logs from S3 buckets

• Identify AWS services used to connect on-premise to AWS
• Data protection between on-premise and AWS
• Securely access VPC resources in other accounts

• Use Route 53 to isolate attacks
• Implement WAF to protect applications
• Use CloudFront to deliver content securely
• Protect applications using Shield

• Manage multiple accounts
• Use identity providers / brokers to acquire access to AWS services

• How to secure data in a serverless environment
• Use Cognito to authorize users
• Control API access with API Gateway
• Use AWS messaging services securely
• Secure Lambda functions

• Manage key and data encryption with KMS
• Describe how CloudHSM is used to generate and secure keys
• Use Secrets Manager to authenticate applications

• Deploy security-oriented AWS environments in a reproducible manner
• Provide management and control of IT services to end-users in a self-serve manner

• Threat detection and monitoring for malicious or unauthorized behaviour
• Leverage machine learning to gain visibility into how sensitive data is being managed in the AWS Cloud

Special Notices