Security Engineering on AWS

Course Description

Security Engineering on AWS addresses the critical need for robust cloud defense in an era of increasing cyberattacks and data leaks. This course provides a comprehensive roadmap for building securely on the AWS platform. You will gain deep insights into managing identities and roles, provisioning accounts with governance, and monitoring API activity for anomalies. The curriculum also focuses heavily on data protection—teaching you how to secure data at rest and in transit—while exploring advanced methods for log generation and collection to identify and investigate security incidents effectively.

Who is this course for

This course is intended for those tasked with the frontline defense of cloud environments:

• Security Engineers & Architects who need to implement fine-grained access controls and encryption.

• Cloud Architects ensuring that infrastructure designs follow the "Security by Design" principle.

• Cloud Operators who need to monitor logs and respond to security alerts in real-time across global environments.

Course Objectives

• Foundational Security: Understand AWS cloud security through the lens of the CIA triad (Confidentiality, Integrity, and Availability).

• Identity & Access: Create and analyze sophisticated authentication and authorization patterns using IAM.

• Governance & Secrets: Manage account provisioning and secure application credentials using AWS Secrets Manager.

• Data Protection: Monitor sensitive information and protect data using advanced encryption and access controls.

• Threat Mitigation: Identify and deploy AWS services designed to defend against external attacks (e.g., DDoS).

• Incident Response: Generate and collect logs to identify indicators of security incidents and utilize AWS services to investigate and mitigate threats.

Prerequisites

• Required Training: Completed AWS Security Essentials (or Fundamentals) and Architecting on AWS.

• Technical Knowledge: Working knowledge of IT security practices and general infrastructure concepts.

• Experience: Familiarity with the AWS Cloud environment.

Course outline

Section 1: Security Overview

• Explain Security in the AWS Cloud.

• Explain AWS Shared Responsibility Model.

• Summarize IAM, Data Protection, and Threat Detection and Response.

• State the different ways to interact with AWS using the console, CLI, and SDKs.

• Describe how to use MFA for extra protection.

• State how to protect the root user account and access keys.

Section 2: Access and Authorization on AWS

• Hands-On Lab: Using Identity and Resource Based Policies.

• Describe how to use multi-factor authentication (MFA) for extra protection.

• Describe how to protect the root user account and access keys.

• Describe IAM policies, roles, policy components, and permission boundaries.

• Explain how API requests can be logged and viewed using AWS CloudTrail and how to view and analyze access history.

Section 3: Account Management and Provisioning on AWS

• Hands-On Lab: Managing Domain User Access with AWS Directory Service

• Explain how to manage multiple AWS accounts using AWS Organizations and AWS Control Tower.

• Explain how to implement multi-account environments with AWS Control Tower.

• Demonstrate the ability to use identity providers and brokers to acquire access to AWS services.

• Explain the use of AWS IAM Identity Center (successor to AWS Single Sign-On) and AWS Directory Service.

• Demonstrate the ability to manage domain user access with Directory Service and IAM Identity Center.

Section 4: Managing Keys and Secrets on AWS

• Hands-on lab: Lab 3: Using AWS KMS to Encrypt Secrets in Secrets Manager

• Describe and list the features of AWS KMS, CloudHSM, AWS Certificate Manager (ACM), and AWS Secrets Manager.

• Demonstrate how to create a multi-Region AWS KMS key.

• Demonstrate how to encrypt a Secrets Manager secret with an AWS KMS key.

• Demonstrate how to use an encrypted secret to connect to an Amazon Relational Database Service (Amazon RDS) database in multiple AWS Regions

Section 5: Data Security

• Hands-on lab: Lab 4: Data Security in Amazon S3

• Monitor data for sensitive information with Amazon Macie.

• Describe how to protect data at rest through encryption and access controls.

• Identify AWS services used to replicate data for protection.

• Determine how to protect data after it has been archived.

Section 6: Infrastructure and Edge Protection

• Hands-on lab: Lab 5: Using AWS WAF to Mitigate Malicious Traffic

• Describe the AWS features used to build secure infrastructure.

• Describe the AWS services used to create resiliency during an attack.

• Identify the AWS services used to protect workloads from external threats.

• Compare the features of AWS Shield and AWS Shield Advanced.

• Explain how centralized deployment for AWS Firewall Manager can enhance security.

Section 7: Monitoring and Collecting Logs on AWS

• Hands-on lab: Lab 6: Monitoring for and Responding to Security Incidents

• Identify the value of generating and collecting logs.

• Use Amazon Virtual Private Cloud (Amazon VPC) Flow Logs to monitor for security events.

• Explain how to monitor for baseline deviations.

• Describe Amazon EventBridge events.

• Describe Amazon CloudWatch metrics and alarms.

• List log analysis options and available techniques.

• Identify use cases for using virtual private cloud (VPC) Traffic Mirroring.

Section 8: Responding to Threats

• Hands-on lab: Lab 7: Incident Response

• Classify incident types in incident response.

• Understand incident response workflows.

• Discover sources of information for incident response using AWS services.

• Understand how to prepare for incidents.

• Detect threats using AWS services.

• Analyze and respond to security findings.