AWS Security Best Practices

AWS Security Best PracticesSBPAWAmazon Web ServicesAW-SBP1.0.1<p>In this course, you will learn to:</p> <ul> <li>Design and implement a secure network infrastructure</li><li>Design and implement compute security</li><li>Design and implement a logging solution</li></ul><p>Before attending this course, participants should have completed the following:</p> <ul> <li>AWS Security Fundamentals</li><li><span class="cms-link-marked"><a class="fl-href-prod" href="/swisscom/en/course/amazon-sec-ess"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>AWS Security Essentials <span class="fl-prod-pcode">(SEC-ESS)</span></a></span></li></ul><p>This course is intended for: </p> <ul> <li>Solutions architects, cloud engineers, including security engineers, delivery and implementation engineers, professional services, and Cloud Center of Excellence (CCOE)</li></ul><h5>Module 1: AWS Security Overview</h5><ul> <li>Shared responsibility model</li><li>Customer challenges</li><li>Frameworks and standards</li><li>Establishing best practices</li><li>Compliance in AWS</li></ul><h5>Module 2: Securing the Network</h5><ul> <li>Flexible and secure</li><li>Security inside the Amazon Virtual Private Cloud (Amazon VPC)</li><li>Security services</li><li>Third-party security solutions</li></ul><h5>Lab 1: Controlling the Network</h5><ul> <li>Create a three-security zone network infrastructure.</li><li>Implement network segmentation using security groups, Network Access Control Lists (NACLs), and public and private subnets.</li><li>Monitor network traffic to Amazon Elastic Compute Cloud (EC2) instances using VPC flow logs.</li></ul><h5>Module 3: Amazon EC2 Security</h5><ul> <li>Compute hardening</li><li>Amazon Elastic Block Store (EBS) encryption</li><li>Secure management and maintenance</li><li>Detecting vulnerabilities</li><li>Using AWS Marketplace</li></ul><h5>Lab 2: Securing the starting point (EC2)</h5><ul> <li>Create a custom Amazon Machine Image (AMI).</li><li>Deploy a new EC2 instance from a custom AMI.</li><li>Patch an EC2 instance using AWS Systems Manager.</li><li>Encrypt an EBS volume.</li><li>Understand how EBS encryption works and how it impacts other operations.</li><li>Use security groups to limit traffic between EC2 instances to only that which is encrypted.</li></ul><h5>Module 4: Monitoring and Alerting</h5><ul> <li>Logging network traffic</li><li>Logging user and Application Programming Interface (API) traffic</li><li>Visibility with Amazon CloudWatch</li><li>Enhancing monitoring and alerting</li><li>Verifying your AWS environment</li></ul><h5>Lab 3: Security Monitoring</h5><ul> <li>Configure an Amazon Linux 2 instance to send log files to Amazon CloudWatch.</li><li>Create Amazon CloudWatch alarms and notifications to monitor for failed login attempts.</li><li>Create Amazon CloudWatch alarms to monitor network traffic through a Network Address Translation (NAT) gateway.</li></ul>In this course, you will learn to: - Design and implement a secure network infrastructure - Design and implement compute security - Design and implement a logging solutionBefore attending this course, participants should have completed the following: - AWS Security Fundamentals - AWS Security Essentials (SEC-ESS)This course is intended for: - Solutions architects, cloud engineers, including security engineers, delivery and implementation engineers, professional services, and Cloud Center of Excellence (CCOE)Module 1: AWS Security Overview - Shared responsibility model - Customer challenges - Frameworks and standards - Establishing best practices - Compliance in AWS Module 2: Securing the Network - Flexible and secure - Security inside the Amazon Virtual Private Cloud (Amazon VPC) - Security services - Third-party security solutions Lab 1: Controlling the Network - Create a three-security zone network infrastructure. - Implement network segmentation using security groups, Network Access Control Lists (NACLs), and public and private subnets. - Monitor network traffic to Amazon Elastic Compute Cloud (EC2) instances using VPC flow logs. Module 3: Amazon EC2 Security - Compute hardening - Amazon Elastic Block Store (EBS) encryption - Secure management and maintenance - Detecting vulnerabilities - Using AWS Marketplace Lab 2: Securing the starting point (EC2) - Create a custom Amazon Machine Image (AMI). - Deploy a new EC2 instance from a custom AMI. - Patch an EC2 instance using AWS Systems Manager. - Encrypt an EBS volume. - Understand how EBS encryption works and how it impacts other operations. - Use security groups to limit traffic between EC2 instances to only that which is encrypted. Module 4: Monitoring and Alerting - Logging network traffic - Logging user and Application Programming Interface (API) traffic - Visibility with Amazon CloudWatch - Enhancing monitoring and alerting - Verifying your AWS environment Lab 3: Security Monitoring - Configure an Amazon Linux 2 instance to send log files to Amazon CloudWatch. - Create Amazon CloudWatch alarms and notifications to monitor for failed login attempts. - Create Amazon CloudWatch alarms to monitor network traffic through a Network Address Translation (NAT) gateway.1 day795.00795.00795.002760.00600.00795.00795.00795.00795.00870.00850.00