AWS Security Best Practices

This course provides you with a comprehensive overview of industry-standard techniques for using AWS security and control types. You will learn to understand your responsibilities and how to secure your AWS workloads from outside intrusion.

Learn how to secure your network infrastructure with solid design options and how to harden and securely manage your compute resources. Through in-depth knowledge of AWS monitoring and associated alerts, you will recognize suspicious events and learn strategies to adequately respond to incidents.

Module 1: Overview of AWS Security

• Shared responsibility model
• Customer challenges
• Frameworks and standards
• Establishment of best practices
• Compliance with the regulations in AWS

Module 2: Securing the network

• Flexible and secure
• Security within the Amazon Virtual Private Cloud (Amazon VPC)
• Security services
• Security solutions from third-party providers

Module 3: Control of the network (exercise)

• Creating a network infrastructure with three security zones
• Implement network segmentation using security groups, Network Access Control Lists (NACLs) and public and private subnets
• Monitor network traffic to Amazon Elastic Compute Cloud (EC2) instances with the help of VPC flow logs

Module 4: Amazon EC2 security

• Hardening of computing power
• Amazon Elastic Block Store (EBS) encryption
• Secure management and maintenance
• Recognizing weak points
• Use AWS Marketplace

Module 5: Securing the starting point with EC2 (exercise) 

• Create a custom Amazon Machine Image (AMI)
• Deploy a new EC2 instance from a custom AMI
• Patching an EC2 instance with AWS Systems Manager
• Encrypting an EBS volume
• Understand how EBS encryption works and how it affects other processes
• Use security groups to restrict traffic between EC2 instances to encrypted traffic only

Module 6: Monitoring and alerting

• Logging of network traffic
• Logging of user and API (Application Programming Interface) data traffic
• Visibility with Amazon CloudWatch
• Improve monitoring and alerting
• Check your AWS environment

Module 7: Safety monitoring (exercise)

• Configuring an Amazon Linux 2 instance to send log files to Amazon CloudWatch
• Create Amazon CloudWatch alerts and notifications to monitor failed login attempts
• Create Amazon CloudWatch alerts to monitor network traffic through a Network Address Translation (NAT) gateway

It is recommended that participants have attended the following course (or have equivalent knowledge):

• AWS Well-Architected Best Practices