
Meet Narmada, a certified instructor with 12+ years in security and open source tech. She highlights AWS security specialty, Docker, Kubernetes, Python security, and global speaking engagements.
Learn AWS security services and best practices in a fast-track course for cloud practitioners, cloud security engineers, and architects, with minimal labs and no coverage of AWS or security basics.
Position yourself for growing cloud security demand by building cybersecurity expertise through a fast-track auditing course. Access lab demos and AWS materials grounded in real-world auditing experience.
Outline the course flow, from introduction to hands-on labs, covering network security with VPC, security groups, WAF, and threat management with Inspector and GuardDuty, plus logging, auditing, and IAM.
Explore free or low-cost lab practices to start learning AWS security and get hands-on experience with practical labs.
Explore the core security configuration of AWS, covering VPC security groups, Knakal, and web application firewall concepts as a fast track review of AWS security best practices.
Master VPC basics to build a virtual private cloud in a region, defining IP ranges, routing tables, gateways, subnets, and network access control lists.
Explore how aws security groups provide stateful, permissive traffic control at the ec2 level with inbound and outbound rules and default deny behavior.
Explore how aws web application firewall provides application-specific protection for web apps, with rule and signature based defense, visibility, and deployment to an application load balancer or CloudFront.
Audit and implement AWS network security by evaluating VPC, security groups, NACL, and WAF; design subnets, CIDR blocks, and ALB usage to enforce restricted, HTTPS traffic and proper isolation.
Apply network security best practices with non-default nacl, explicit allow or deny rules, separate nacls per subnet, and use an application load balancer with waf and shield for layered protection.
Discover how AWS Systems Manager centralizes operations to automate tasks, enforce configuration, and audit security and compliance, featuring Parameter Store, Run Command, Session Manager, Patch Manager, and Distributor.
Explore CloudWatch, EventBridge, and VPC flow logs to monitor security and networking, and analyze practical security use cases.
Explore AWS CloudWatch metrics and logs, including alarms and dashboards. Learn CloudWatch events are Amazon EventBridge and how log groups, log streams, retention, and the CloudWatch agent support EC2 autoscaling.
Discover AWS EventBridge, a serverless event bus that triggers Lambda, SNS, Systems Manager actions, or API Gateway from event patterns or schedules.
Define CloudWatch log retention and archive unused logs, enforce log group access, and enable the unified CloudWatch agent to centralize EC2 and on‑prem logs.
Explore AWS auditing and compliance by examining AWS Config, CloudTrail, and Security Hub as essential tools to keep your cloud environment in check.
Assess and audit AWS resource configurations with AWS Config to evaluate compliance. Define managed or custom rules, receive real-time alerts, and automate remediation for non-compliant resources.
Understand how AWS CloudTrail logs user activities, API calls, and events to support governance and audit, with 90-day default retention and long-term storage in S3 queried by Athena.
Explore AWS Security Hub, a posture management service that aggregates alerts, enables automated remediations, and uses an integrated dashboard with standards like foundational security best practices and PCI DSS.
Audit and compliance best practices for aws config and cloudtrail, enabling across all accounts and regions, and securing config history in s3.
Explore AWS EBS, a high-performance block storage for EC2, with mount and unmount capabilities across instances, and encryption via AWS Key Management Service (KMS) keys to secure data at rest.
Learn to manage EC2 instances using the AWS console, instance connect, and session manager, compare SSH and RDP access, and enable centralized auditing with IAM, CloudWatch, and S3 logging.
Explore AWS compute and storage security best practices for EC2, including strong passwords, minimal services and logins, host IDS/IPS, and EBS encryption with Systems Manager and session manager.
Dive into identity and access management (IAM) and its crucial role in AWS security services, highlighting IAM principles. Look for external video resources, blogs, and lab guides to enrich learning.
Learn the basics of AWS IAM, focusing on users and policies, how to configure passwords and access keys, enable console access, and attach identity and resource policies to prevent misconfigurations.
Explore inline versus managed IAM policies and learn how identity policies grant permissions to users, groups, and roles using JSON policy documents.
Learn to manage permissions at scale by using IAM groups to attach inline or managed policies and assign users via groups with shared permissions such as AWS WAF full access.
Explore IAM patterns to simplify resource management with AWS managed and custom managed policies, and implement advanced patterns by splitting permissions across master and manager roles to prevent self-granting.
Explore aws organizations to centrally manage multiple accounts with organization units and service control policies that deny actions across accounts, using json policy documents and service role arn.
Explore AWS auditing to document compliance and align systems with industry standards, using Cloud Control Matrix (CM), AWS Artifact, AWS Audit Manager, and open source auditing tools.
Access on-demand AWS artifact to streamline audits with comprehensive compliance and security documents, including PCI DSS, SOC, ISO 27001, HIPAA attestations, and governance for agreements.
Automate audits and strengthen compliance with AWS Audit Manager, offering predefined and customizable frameworks, centralized evidence collection, and automated reporting across standards like ISO 27001 and PCI.
Summarize the AWS security best practices wrap up, highlighting the AWS security lab, network protections (VPC, NACL, WAF) and threat management with Inspector and GuardDuty.
Advance your AWS security knowledge while preparing for the AWS certified security specialist exam, CCSP from ISC², and the certificate of cloud auditing knowledge from ISACA, with ongoing labs.
We continually update this course to reflect AWS evolution and security best practices, so stay tuned for the latest.
Course Description:
Embark on a transformative learning experience with our comprehensive course, "AWS Security Best Practices." This expertly curated program empowers participants to navigate the intricacies of safeguarding Amazon Web Services (AWS) resources, applications, and data using industry-leading security strategies. From establishing a solid network security foundation to mastering identity and access management, auditing tools, and compliance standards, this course equips you with the skills needed to excel in the dynamic world of cloud security.
Course Topics:
1. AWS Network Security: VPCs, Security Groups, NACLs, and WAF Begin your journey by demystifying the core components of AWS network security. Dive into Virtual Private Clouds (VPCs), where you'll grasp the art of architecting isolated environments. Learn to fortify your defenses with Security Groups, master the granular control provided by Network Access Control Lists (NACLs), and harness the power of Web Application Firewall (WAF) for shielding your applications against cyber threats.
2. AWS Vulnerability and Threat Management: Systems, Inspector, and GuardDuty Delve into the realm of proactive security as you explore AWS Systems Manager, Amazon Inspector, and Amazon GuardDuty. Equip yourself with the skills to identify vulnerabilities, assess risks, and deploy countermeasures effectively. Through hands-on exercises, learn to stay one step ahead of potential threats.
3. AWS Logging and Monitoring: CloudWatch, EventBridge, and VPC Flow Logs Uncover the art of vigilant monitoring and insightful logging using AWS CloudWatch. Harness the capabilities of Amazon EventBridge for orchestrating event-driven security responses. Dive into the granular details of VPC Flow Logs to gain enhanced network visibility, enabling you to track and respond to suspicious activities.
4. AWS Auditing and Compliance: Config, CloudTrail, and Security Hub Navigate the complex landscape of compliance with confidence. Leverage AWS Config to assess and maintain resource compliance, utilize AWS CloudTrail to track API activity and changes, and embrace AWS Security Hub for a unified view of security findings across your AWS environment. Elevate your security posture while adhering to industry standards.
5. AWS Compute and Storage: Securing EC2 and EBS Instances Immerse yourself in the art of safeguarding critical compute and storage assets. From implementing encryption to adopting hardening techniques, master the methodologies that secure Amazon EC2 instances and Elastic Block Store (EBS) volumes. Acquire the expertise to fortify your foundation against potential threats.
6. AWS Identity and Access Management (IAM): Users, Policies, Roles, Groups, Organizations, Patterns Unravel the complexities of AWS IAM, the cornerstone of access control. Learn to manage user identities, define fine-grained permissions through policies, and optimize role-based access control. Explore advanced IAM concepts within organizational hierarchies and patterns to ensure a robust identity management strategy.
7. AWS Auditing Tools: AWS Artifact, Audit Manager, CCM Navigate the spectrum of auditing tools vital to AWS security. Access compliance reports and artifacts using AWS Artifact, streamline audit processes with Audit Manager, and grasp the significance of the Cloud Control Matrix (CCM) as a benchmark for evaluating your cloud security practices.
8. Course Conclusion: As you conclude this enriching journey, reflect on the multifaceted knowledge gained. Review key takeaways and real-world applications, cementing your status as an AWS security practitioner. Champion cloud security within your organization and play a pivotal role in fortifying its digital assets against evolving threats.
Embark on this dynamic exploration of AWS security to emerge as a proficient and confident guardian of cloud resources. Master the art of security in AWS environments and lead the charge in securing the cloud landscape of the future.