AWS Security engineering

SECURITY ENGINEERING ON AWSDESCRIPTION 

This 3-day course explains how to effectively use AWS security services to work securely in AWS Cloud. This course focuses on the security practices recommended by AWS to improve the security of your data and systems in the cloud. This course highlights the security features built into core AWS services, including compute, storage, networking, and database services. You will also learn how to take advantage of AWS tools and services to automate, monitor, and log your activities on an ongoing basis, and respond to security incidents.

OBJECTIVES

In this training you will learn to:

Understand and Leverage the AWS Shared Security Model
Design and integrate AWS application infrastructures protected against the most common security threats
Protect data at rest and in transit with encryption
Apply security checks and analyses in an automated and repeatable manner
Configure AWS Cloud Resource and Application Authentication
Gather event information by capturing, monitoring, processing, and analyzing logs
Identify and mitigate inbound threats to applications and data
Perform security assessments to ensure common vulnerabilities are addressed and security best practices are applied

PREREQUISITES 

At least two years of practical experience securing AWS workloads
Security control for AWS workloads
At least five years of experience in IT security, in the design and implementation of security solutions

AUDIENCE

Security Engineer - Security Architect - Security Operations - Information Security 

TARGETED SKILLS  

Understand the specialized data classifications and data protection mechanisms of AWS

Understand the data encryption methods and mechanisms that AWS uses to implement them

Understand secure Internet protocols and the mechanisms that AWS uses to implement them implemented

Have a working knowledge of AWS security services and their functionality to create a secure production environment
Have acquired skills from at least two years of production deployment experience with AWS security features and services
Knowing how to balance the cost, security, and complexity of deployment based on the requirements of an application Understanding security operations and risks

DELIVERY METHOD

Official AWS course material delivered electronically at the start of the session
Practical and corrected exercises or sharing of real experience depending on the case
Digital marking by half-day of presence
Live assessment of participants' satisfaction at the end of the session
Attendance certificate and training certificate is given to participants at the end of the session

COURSE SCHEDULE 

Day 1 

Module 0: Introduction

Module 1: Security in AWS
AWS Cloud Security Design Principles
The Shared Responsibility model
DevOps with security engineering

Module 2: Identifying Points of Entry into AWS
Best practices for user identifiers
IAM strategy analyzes
Multi-factor authentication
AWS CloudTrail

Module 3: Security Considerations: Web Application Environments
Threats in a three-tier architecture
AWS Trusted Advisor

Module 4: Application Security
Amazon EC2 security considerations
Amazon Inspector
AWS Systems Manager

Module 5: Data security
Data protection with Amazon S3
Amazon RDS and Amazon DynamoDB security considerations
Protection of archival data Day 2:

Day 2 

Module 6: Securing Network Communications
Amazon VPC security considerations
Amazon Elastic security considerations
Load Balancing
AWS Certificate Manager

Module 7: Monitoring and Logging in AWS
AWS Config
Amazon CloudWatch
Amazon Macie
Collection of logs on AWS

Module 8: Processing Logs in AWS • Amazon Kinesis
Amazon Athena

Module 9: Security Considerations - Hybrid Environments
AWS VPN connections • AWS Direct Connect
AWS Transit Gateway

Module 10: Protection outside the region (global services)
Amazon Route 53
Amazon CloudFront
AWS WAF
AWS Shield
AWS Firewall Manager

Day 3:

Module 11: Security Considerations: Serverless Environments
Amazon Cognito
Amazon API Gateway
AWS Lambda

Module 12: Threat Detection and Investigation
Amazon GuardDuty
AWS Security Hub
Amazon Detective

Module 13: Managing Secrets in AWS
AWS KMS
AWS CloudHSM
AWS Secrets Manager

Module 14: Automation and Security by Design
AWS Security by Design approach • AWS CloudFormation
AWS Service Catalog

Module 15: Account Management and Deployment in AWS 

AWS Organizations

AWS Control Tower

Access of federated users

 RECOMMENDED CERTIFICATION 

AWS Certified Security - Speciality