AWS Security Essentials

Course

Intro Video

Photo of Trent Hayes

Trent Hayes

Training Architect

Length

11:08:19

Difficulty

Intermediate

Course Details

This course will prepare the prospective student to be more security minded with their architecture in AWS.  In addition, you will find that the subjects and materials covered within this course will also equip the student with the knowledge and hands-on experience with various AWS services dealing with encryption, monitoring, and auditing. 

Syllabus

1. Introduction

About the Author

00:02:09

Lesson Description:

A little bit about me and this security course.

Course Tools

00:03:42

Lesson Description:

The features of this course and of Linux Academy, in general, that will help you along the way.

AWS Free Tier: Usage Tracking and Billing Widget

00:03:56

Lesson Description:

This video gives you a walkthrough on how to use the AWS Free Tier Tracking and Billing Widget for you own AWS Account!

2. Secure Global Infrastructure and Compliance

Regions, Availability Zones, and Endpoints

00:08:45

Lesson Description:

This lesson covers three components of the AWS Secure Global Infrastructure: Regions, Availability Zones, and Endpoints.

VPC Endpoints

00:08:29

Lesson Description:

This lesson is a walkthrough of the new VPC Endpoints service and how it is better for security.

IAM and Compliance

00:02:51

Lesson Description:

This lesson covers IAM briefly, then moves on to cover how AWS handles compliance requirements.

Exercise: AWS Global Infrastructure

00:30:00

Secure Global Infrastructure and Compliance

3. Shared Responsibility and Trusted Advisor

Shared Responsibility Model

00:05:40

Lesson Description:

This lesson will cover the three versions, or tiers, of the AWS Shared Responsibility Model based on the Security Best practices whitepaper.

Trusted Advisor

00:05:00

Lesson Description:

This lesson covers the AWS Trusted Advisor tool and what it can show you about your resources and environments. Note: The Trusted Advisor now includes: Cost Optimization, Performance, Security, Fault Tolerance, and Service Limits

Shared Responsibility Model and Trusted Advisor

4. Identity and Access Management (IAM)

Root User

00:08:13

Lesson Description:

In this lesson, we will discuss the root user and walk through best practices for them.

Users and Groups

00:10:34

Lesson Description:

In this lesson, we will discuss users and groups, including best practices as they relate to security.

Roles

00:13:23

Lesson Description:

This video covers several aspects of roles, including STS, delegation, and federation.

Policies

00:10:01

Lesson Description:

In this lesson, IAM policies are covered. There is also a walkthrough for the three ways to create policies in the AWS console.

Visual Editor for Policy Creation

00:02:01

Lesson Description:

This lesson will show the new visual IAM policy creator and how to set up a custom policy using it.

Access Advisor

00:03:53

Lesson Description:

This lesson covers AWS Access Advisor and how we can use it to remove unused permissions and roles in our environment.

Exercise: Writing IAM Policies

00:30:00

Identity and Access Management (IAM)

5. Encryption Essentials

Symmetric and Asymmetric Encryption

00:08:19

Lesson Description:

A quick overview of encryption followed by discussions of symmetric and asymmetric encryption.

HSM and KMS

00:10:15

Lesson Description:

This lesson covers the two main key management services in AWS. NOTE: SSH was moved to the next section.

New Lab System Walkthrough

00:02:10

Lesson Description:

This video will allow the student to see how the new lab system works.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Encryption Essentials

6. OS-Level Access

Overview and SSH

00:09:55

Lesson Description:

This lesson covers the shared responsibility model as it relates to EC2. The components of an SSH connection are also discussed.

Bastion Host

00:02:07

Lesson Description:

A lesson describing the Bastion Host and best practices for using it.

Linux Example

00:16:04

Lesson Description:

A secure Bastion Host configuration using Linux

Windows Remote Desktop Example

00:07:16

Lesson Description:

A Bastion Host configuration using Remote Desktop in Windows.

Windows Bash Example

00:07:23

Lesson Description:

A walkthrough of installing Linux shell in Windows and how to use SSH forwarding with it.

Windows PuTTY Example

00:04:41

Lesson Description:

A walkthrough of using PuTTY for SSH forwarding through a Bastion Host.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

OS-Level Access

7. Data Security

Securing Data at Rest: S3 and Glacier

00:10:07

Lesson Description:

This lesson will demonstrate how to secure data at rest in S3 and Glacier. We will also take a quick look at how "private" files in S3 may not always be private.

Securing Data at Rest: EBS and RDS

00:05:42

Lesson Description:

This lesson will demonstrate how to secure data at rest with the EBS and RDS services.

Securing Data at Rest: DynamoDB and EMR

00:04:37

Lesson Description:

This lesson will demonstrate how to secure data at rest in the DynamoDB and EMR services. UPDATE: DynamoDB now supports KMS encryption at rest.

Decommissioning Data and Media

00:02:40

Lesson Description:

This lesson will discuss how AWS handles data decommissioning and what standards they adhere to in the process.

Securing Data in Transit

00:04:55

Lesson Description:

This lesson will demonstrate and discuss methods of securing data in transit as well as how AWS Certificate Manager helps the process.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Data Security

8. OS Security

Custom AMIs and Bootstrapping

00:12:26

Lesson Description:

This lesson will discuss the basics of hardening AMIs to protect sensitive information as well as some concerns when bootstrapping your AMIs.

AWS Systems Manager- Patching/Automation

00:14:35

Lesson Description:

This lesson will discuss the benefits of using systems manager as a central resource for patching and automation.

Mitigating Malware and Abuse

00:03:49

Lesson Description:

This lesson will discuss techniques from an OS perspective to mitigate against malware and abuse of AWS resources.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

OS Security

9. Infrastructure Security

VPC Security

00:08:40

Lesson Description:

This lesson will discuss scenarios of connecting to a VPC from outside of an AWS environment.

Network Segmentation

00:13:31

Lesson Description:

This lesson will discuss ideas for segmenting the network inside our VPC to prevent unnecessary access. 

Strengthening and Threat Protection Layer

00:07:50

Lesson Description:

This lesson will discuss ways to strengthen the VPC network and will also discuss AWS recommendation of a threat protecting layer, and it's implementation.

Testing and Measurement

00:02:38

Lesson Description:

This lesson will discuss procedures for how to test your environment and different metrics that can be used for measuring your security.

AWS Web Application Firewall and Shield

00:08:03

Lesson Description:

This lesson will discuss creating rules on an AWS WAF. As a component of WAF, AWS Sheild and Shield Advanced DDoS protection will be discussed.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:30:00

Infrastructure Security

10. Monitoring, Alerting , and Auditing

Monitoring Basics

00:03:40

Lesson Description:

This lesson will discuss strategies when implementing a monitoring solution in AWS, including different types of logs and protecting log information.

AWS Config

00:05:56

Lesson Description:

This lesson will walk through the features and benefits of the AWS Config service as it relates to monitoring and securing the AWS environment.

AWS Systems Manager- Inventory and Insights

00:04:16

Lesson Description:

This lesson will walk through the features and benefits of the AWS System Manager service as it relates to monitoring and securing the AWS environment.

AWS Inspector

00:05:52

Lesson Description:

This lesson will walk through the features and benefits of the AWS Inspector service as it relates to monitoring and securing the AWS environment.

AWS GuardDuty

00:04:04

Lesson Description:

This lesson will walk through the features and benefits of the AWS GuardDuty service as it relates to monitoring and securing the AWS environment.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Monitoring, Alerting , and Auditing

Conclusion

Thank You and Next Steps

00:00:42

Lesson Description:

Thank you to all the students and please remember to leave feedback. Good luck to you all!

Practice Exam