AWS: Security and Compliance
6h 39mIntermediate2022-05-19
Authors

Sharif Nijim
Assistant Teaching Professor at the University of Notre Dame
Course details
Understanding—and successfully implementing—security concepts is essential to using Amazon Web Services (AWS) as your enterprise solution. In this course, instructor Sharif Nijim couples pragmatic advice with practical examples that show IT pros how to create a secure infrastructure within AWS. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key Identity and Access Management (IAM) concepts, including users, groups, roles, and policies. Discover how to manage access to Simple Storage Service (S3); implement detective controls within AWS, including how to work with AWS Config and GuardDuty; use protective tools such as AWS Shield; and use AWS Key Management Service (KMS) to manage access keys. Plus, learn how to prepare for the inevitable audit of your AWS account(s).
Skills covered
Cloud SecurityAmazon Web Services (AWS)AmazonCloud ServicesCloud PlatformsCert PrepCloud Computing
Concepts
0. Introduction
- 01 - AWS security overview
- 02 - What you should know
1. AWS Security Foundations
- 03 - Understanding shared responsibility
- 04 - Understanding the AWS security landscape
- 05 - Understanding separation of duties
- 06 - Implementing separation of duties
- 07 - Understanding CloudTrail
- 08 - Enabling CloudTrail
- 09 - Understanding Organizations
- 10 - Installing the command line interface (CLI) for Mac
- 11 - The command line interface (CLI) for Windows
2. IAM Concepts in AWS
- 12 - Understanding Identity and Access Management
- 13 - Understanding IAM policies
- 14 - Configuring IAM policies
- 15 - Understanding IAM groups
- 16 - Configuring IAM groups
- 17 - Configuring a password policy
- 18 - Configuring IAM users - Web console
- 19 - Challenge - IAM
- 20 - Solution - IAM
- 21 - Understanding IAM roles
- 22 - Configuring IAM roles
- 23 - Validating an IAM role
- 24 - Understanding Security Token Service
- 25 - Creating a temporary access role
- 26 - Creating a temporary access policy
- 27 - Validating temporary access
- 28 - Challenge - Super admin
- 29 - Solution - Super admin
- 30 - Illustrating access restrictions
- 31 - Exploring IAM policy simulator
- 32 - Understanding federated access
- 33 - Enabling federated access
- 34 - Securing financial access
- 35 - Enabling financial access
- 36 - Understanding Control Tower
3. S3 Access Management
- 37 - Exploring S3 management options
- 38 - Accessing S3 privately
- 39 - Configuring private S3 access
- 40 - Managing S3 with IAM
- 41 - Restricting S3 access with IAM
- 42 - Validating custom IAM S3 policy
- 43 - Leveraging a custom IAM S3 policy
- 44 - Creating an S3 bucket policy
- 45 - Illustrating an S3 bucket policy with the CLI
- 46 - Understanding S3 access control lists
- 47 - Understanding public access in S3
- 48 - Exploring presigned URLs
- 49 - Reviewing S3 security
4. Key Management
- 50 - Understanding Key Management Service
- 51 - Creating a KMS key
- 52 - Creating a multi-Region KMS key
- 53 - Using a KMS with S3 objects
- 54 - Using KMS and an IAM role
- 55 - Automating KMS key rotation
- 56 - Deleting a KMS key
- 57 - Enabling default EBS encryption
- 58 - Understanding Secrets Manager
- 59 - Using Secrets Manager
- 60 - Enabling autorotation with Secrets Manager
- 61 - Creating a multi-Region secret
- 62 - Understanding Systems Manager
- 63 - Using Systems Manager Parameter Store
- 64 - Understanding AWS CloudHSM
5. Internal Detective Controls
- 65 - Understanding AWS Config
- 66 - Enabling AWS Config
- 67 - Exploring AWS Config results
- 68 - Using conformance packs
- 69 - Understanding AWS GuardDuty
- 70 - Exploring AWS GuardDuty
- 71 - Understanding Amazon Macie
- 72 - Configuring a Macie job
- 73 - Exploring Macie results
- 74 - Understanding IAM Access Analyzer
- 75 - Understanding Amazon Detective
- 76 - Exploring Amazon Detective
- 77 - Understanding Amazon Inspector
- 78 - Exploring Amazon Inspector
- 79 - Resolving an Inspector finding
6. Additional Protective Tools
- 80 - Understanding Web Application Firewall
- 81 - Exploring Web Application Firewall
- 82 - Configuring Web Application Firewall
- 83 - Validating Web Application Firewall
- 84 - Understanding AWS Shield
- 85 - Understanding Certificate Manager
- 86 - Configuring a private certificate authority
- 87 - Creating a private certificate
- 88 - Using a private certificate
7. Security Audits in AWS
- 89 - Understanding AWS Security Hub
- 90 - Using AWS Security Hub
- 91 - Rotating access keys
- 92 - Understanding AWS Artifact
- 93 - Understanding Trusted Advisor
- 94 - Exploring Trusted Advisor
- 95 - Preparing for a security audit
Conclusion
- 96 - Next steps
Related courses
- Complete Guide to AWS Security and Compliance Management
- AWS Certified Cloud Practitioner (CLF-C02) Cert Prep
- AWS: Monitoring, Logging, and Remediation
- AWS Advanced Security Management: Patterns and Practices
- AWS Certified Security - Specialty (SCS-C02) Cert Prep: 6 Management and Security Governance
- AWS Certified Security - Specialty (SCS-C03) Cert Prep
- Responsible AI on AWS: Bedrock Guardrails, Amazon Q Security, and SageMaker Clarify
- AWS Essential Training for Administrators
Related learn paths
- Prepare for the AWS Certified Developer Associate (DVA-C01) Certification Exam
- Infrastructure Management on AWS: Skills for Administrators
- Prepare for the AWS Certified Security - Specialty (SCS-C02) Certification
- Prepare for the AWS Certified Cloud Practitioner (CLF-C02) Certification
- Prepare for the AWS Certified Data Analytics – Specialty (DAS-C01) Certification
- Build Your Knowledge of Cloud Administration
- Foundations of Cloud Computing: Models, Platforms, Services, and Careers
- Getting Started with Cloud Development