Module 1: Security on AWS.
• Security in the AWS cloud.
• AWS Shared Responsibility Model.
• Incident response overview.
• DevOps with Security Engineering.
Module 2: Identifying Entry Points on AWS.
• Identify the different ways to access the AWS platform.
• Understanding IAM policies.
• IAM Permissions Boundary.
• IAM Access Analyzer.
• Multi-factor authentication.
• AWS CloudTrail.
• Lab: Cross-account access.
Module 3: Security Considerations: Web Application Environments.
• Threats in a three-tier architecture.
• Common threats: User access.
• Common threats: Data access.
• AWS Trusted Advisor.
Module 4: Application Security.
• Amazon Machine Images.
• Amazon Inspector.
• AWS Systems Manager.
• Lab: Using AWS Systems Manager and Amazon Inspector.
Module 5: Data Security.
• Data protection strategies.
• Encryption on AWS.
• Protecting data at rest with Amazon S3, Amazon RDS, Amazon DynamoDB.
• Protecting archived data with Amazon S3 Glacier.
• Amazon S3 Access Analyzer.
• Amazon S3 Access Points.
Module 6: Securing Network Communications.
• Amazon VPC security considerations.
• Amazon VPC Traffic Mirroring.
• Responding to compromised instances.
• Elastic Load Balancing.
• AWS Certificate Manager.
Module 7: Monitoring and Collecting Logs on AWS.
• Amazon CloudWatch and CloudWatch Logs.
• AWS Config.
• Amazon Macie.
• Amazon VPC Flow Logs.
• Amazon S3 Server Access Logs.
• ELB Access Logs.
• Lab: Monitor and Respond with AWS Config.
Module 8: Processing Logs on AWS.
• Amazon Kinesis.
• Amazon Athena.
• Lab: Web Server Log Analysis.
Module 9: Security Considerations: Hybrid Environments.
• AWS Site-to-Site and Client VPN connections.
• AWS Direct Connect.
• AWS Transit Gateway.
Module 10: Out-Of-Region Protection.
• Amazon Route 53.
• AWS WAF.
• Amazon CloudFront.
• AWS Shield.
• AWS Firewall Manager.
• DDoS mitigation on AWS.
Module 11: Security Considerations: Serverless Environments.
• Amazon Cognito.
• Amazon API Gateway.
• AWS Lambda.
Module 12: Threat Detection and Investigation.
• Amazon GuardDuty.
• AWS Security Hub.
• Amazon Detective.
Module 13: Secrets Management on AWS.
• AWS KMS.
• AWS CloudHSM.
• AWS Secrets Manager.
• Lab: Using AWS KMS.
Module 14: Automation and Security by Design.
• AWS CloudFormation.
• AWS Service Catalog.
• Lab: Security automation on AWS with AWS Service Catalog.
Module 15: Account Management and Provisioning on AWS.
• AWS Organizations.
• AWS Control Tower.
• AWS SSO.
• AWS Directory Service.
• Lab: Federated Access with ADFS.
|