Introduction

• Welcome and introductions
• Introduction to Security on AWS

Identifying entry points on AWS

• Ways to access the platform
• IAM policies
• Securing entry points
• Incident response

Lab – cross-account authentication

Security Considerations – Web Applications

• Security points in an AWS web application environment
• Analyse a three-tier application model and identify common threats
• Assess environments to improve security

Application Security

• Securing EC2 instances
• Assess vulnerabilities with Inspector
• Apply security in an automated way using Systems Manager
• Isolate a compromised instance

Lab – Assessing Security with Inspector and Systems Manager

Securing Networking Communications – Part 1

• Apply security best practices to VPC
• Implement an ELB device as a protection point
• Protect data in transit using certificates

Data Security

• Protect data at rest using encryption and access controls
• AWS services used to replicate data
• Protect archived data

Security Considerations: Hybrid Environments

• Security points outside of a VPC
• Common DoS threats

Monitoring and Collecting Logs on AWS

• Monitor events and collect logs with CloudWatch
• Use Config to monitor resources
• AWS-native services that generate and collect logs

Lab – Server Log Analysis Part 1 – collect logs

Processing Logs on AWS

• Stream and process logs for further analysis
• AWS services used to process logs from S3 buckets

Lab – Server Log Analysis Part 2 – analyse logs

Securing Networking Communications – Part 2

• Identify AWS services used to connect on-premise to AWS
• Data protection between on-premise and AWS
• Securely access VPC resources in other accounts

Out-Of-Region Protection

• Use Route 53 to isolate attacks
• Implement WAF to protect applications
• Use CloudFront to deliver content securely
• Protect applications using Shield

Account Management on AWS

• Manage multiple accounts
• Use identity providers / brokers to acquire access to AWS services

Lab – AWS Federated Authentication with ADFS

Security Considerations: Serverless Environments

• How to secure data in a serverless environment
• Use Cognito to authorize users
• Control API access with API Gateway
• Use AWS messaging services securely
• Secure Lambda functions

Lab – Monitor and Respond with Config and Lambda

Secrets Management on AWS

• Manage key and data encryption with KMS
• Describe how CloudHSM is used to generate and secure keys
• Use Secrets Manager to authenticate applications

Lab – Using KMS

Security Automation on AWS

• Deploy security-oriented AWS environments in a reproducible manner
• Provide management and control of IT services to end-users in a self-serve manner

Lab – Security Automation on AWS with Service Catalog

Threat Detection and Sensitive Data Monitoring

• Threat detection and monitoring for malicious or unauthorized behaviour
• Leverage machine learning to gain visibility into how sensitive data is being managed in the AWS Cloud