
General introduction to the course, discussion about the topics included, and how it will be laid out.
Introduction to the lectures for the course
Learn the different ways that you can easily deploy Vault on AWS
Learn about the different services you might use when deploying Vault on AWS
In this demo, we'll look at the Vault cluster I've deployed in AWS and look at some of the integrations that I'm using throughout AWS to ensure the Vault cluster is secure and integrated with other AWS services.
In this lecture, students will learn how to use IAM roles with Vault to provide Vault access to native AWS services without having to provide Vault with static credentials.
In this section, students can expect to learn about using the AWS Load Balancer service to front-end Vault and how to use health checks to ensure traffic is sent to the Active node.
This lecture will discuss using security groups to protect traffic for Vault and Consul nodes.
This lecture will walk through the AWS secrets engine and the different types of methods that can be used.
In this demo, we'll start by configuring the AWS secrets engine using the iam_method, show how to generate dynamic credentials, and finally, how to revoke dynamic credentials. We'll also walk through how to rotate credentials that Vault is using to access the AWS platform.
We'll walk through this demo by configuring the AWS secrets engine for cross-account access using the assumed_role method. We will configure AWS resources, configure the AWS secrets engine, and generate and test the dynamic credentials.
In this lecture, students will learn how to use CloudWatch Logs to monitor HashiCorp Vault and some of the rules and alarms that you might want to know about during day-to-day operations.
In this demo, students will learn how to use CloudWatch Logs along with configuring metrics and alarms to monitor HashiCorp Vault. Services used in the demo include Vault Audit devices, CloudWatch Logs Agent, CloudWatch Logs Log Group, Metrics, Alarms, and SNS for notifications.
Quick discussion on how Vault will use EC2 metadata for AWS authentication
Students will learn how to configure the AWS auth method in this demo using the IAM option to permit a Lambda function to authenticate to Vault.
In this section, students can expect to learn how a VPC endpoint can increase the security of your Vault deployment.
In this demonstration, students will learn how to configure Vault to use the KMS service to auto unseal the service using a KMS key. The demo also walks students through how to configure a KMS VPC Endpoint for Vault to use for auto unseal.
This short lecture will talk about how to use the TOTP secrets engine with AWS IAM and root accounts.
In this demonstration, students will learn how to use the Vault TOTP secrets engine to protect IAM Users or Root accounts in AWS.
In this lecture, students will understand how the Database secrets engine works, how to configure it, and best practices around generating dynamic secrets against a database.
In this demo, students will learn how to enable and configure the database secrets engine with RDS. The demo will walk students through rotating the root credentials and generating and revoking dynamic credentials against our RDS database.
In this demo, students will be shown how to configure the Integrated Storage Auto Snapshots feature and save the snapshots on Amazon S3 so snapshots are persisted to an external storage platform.
Leave a review to share how this course helped you learn new skills for your day-to-day job or certification, and update your rating to improve up-to-date content for future students.
Students will learn how to use the cloud auto-join feature of Integrated Storage (raft) to automatically create a cluster by specifying AWS tags in this demo.
This course will teach students how to adapt and integrate HashiCorp Vault with the AWS Cloud platform through lectures and lab demonstrations. Based on HashiCorp Vault, students can expect to understand how to use HashiCorp Vault for application authentication, dynamic AWS secrets, as well as using tight integrations with many AWS services to deploy and operate a secure and highly-available service for their organization.
This course includes sections on a wide variety of Vault topics, including secrets engines, auth methods, audit devices, and how to use some of the most popular AWS services to deploy Vault on the AWS cloud platform. This course expands on my other courses but focuses specifically on integrations with AWS services. If you are deploying Vault on AWS, this is the course for you where you'll learn best practices and how to better secure your Vault environment.
About the Instructor
Your instructor for this course, Bryan Krausen, is highly-regarded as a Vault expert. He has taught over 100,000 students, including training some of the largest companies in the US. He has several other courses on Vault and has co-authored the book Running HashiCorp Vault in Production. Bryan holds multiple Vault certifications, including the HashiCorp Certified: Vault Associate certification and two additional partner certs, including HashiCorp Vault Advanced and HashiCorp Vault Expert.