Security Engineering on AWS
Cybersecurity threats are escalating, and organizations need professionals who can efficiently use AWS security services to stay secure in the AWS Cloud. Security Engineering on AWS focuses on the security practices that AWS recommends for enhancing the security of your data and systems in the cloud. This course highlights the security features of AWS key services including compute, storage, networking, and database services. You'll also learn how to leverage AWS services and tools for automation, continuous monitoring and logging, and responding to security incidents.
Through hands-on labs and real-world scenarios, you'll gain practical experience in implementing security solutions, understanding specialized data classifications and AWS data protection mechanisms, and applying security best practices. This training is designed to help you stay secure in the AWS Cloud and prepare for the AWS Certified Security – Specialty certification.
Security Engineering on AWS prepares you to design, implement, and manage secure infrastructure on the AWS cloud platform. You'll learn to protect applications and data from common security threats, perform and automate security checks, and configure authentication and permissions for applications and resources.
By the end of this course, you'll be able to monitor AWS resources and respond to incidents, capture and process logs, and create automated and repeatable deployments with tools such as AMIs and AWS CloudFormation. This course focuses on the security practices that AWS recommends for enhancing the security of your systems in the cloud.
This course is intended for security engineers, security architects, and information security professionals.
We recommend that attendees of this course have:
- Working knowledge of IT security practices and infrastructure concepts
- Familiarity with cloud computing concepts
- Completed AWS Security Essentials and Architecting on AWS courses
- Understand the AWS Shared Responsibility Model
- Explore core cloud security principles
- Review incident response strategies in AWS
- Align DevOps processes with security engineering
- Define and apply IAM policies, roles, and permissions boundaries
- Use IAM Access Analyzer for insight into access risks
- Implement multi-factor authentication (MFA)
- Monitor access activity with AWS CloudTrail
- Analyze threats to 3-tier application architectures
- Address common risks around user and data access
- Leverage AWS Trusted Advisor for continuous improvement
- Harden Amazon Machine Images (AMIs)
- Perform automated security assessments with Amazon Inspector
- Apply secure configuration management with AWS Systems Manager
- Encrypt data in S3, RDS, DynamoDB, and Glacier
- Apply key management strategies using AWS KMS
- Use S3 Access Analyzer and Access Points for precise control
- Implement best practices for securing Amazon VPCs
- Use VPC Traffic Mirroring for deep packet inspection
- Respond to compromised instances
- Secure endpoints with AWS Certificate Manager and ELB
- Configure CloudWatch, AWS Config, and Amazon Macie
- Enable VPC Flow Logs, ELB Logs, and S3 Server Access Logs
- Aggregate log data with Amazon Kinesis
- Analyze security events using Amazon Athena
- Connect environments with VPNs and Direct Connect
- Secure cross-region traffic with AWS Transit Gateway
- Use Route 53 and CloudFront for edge-level protection
- Defend against attacks with AWS WAF, Shield, and Firewall Manager
- Control access in serverless environments with Amazon Cognito
- Secure APIs with API Gateway
- Implement least-privilege execution in AWS Lambda
- Identify suspicious activity with Amazon GuardDuty
- Consolidate findings in AWS Security Hub
- Perform forensic analysis with Amazon Detective
- Manage encryption keys using AWS KMS and CloudHSM
- Store and rotate secrets with AWS Secrets Manager
- Create secure, repeatable deployments with AWS CloudFormation
- Standardize infrastructure with AWS Service Catalog
- Manage multi-account environments with AWS Organizations
- Enforce controls using AWS Control Tower and AWS SSO
- Integrate centralized identity with AWS Directory Services