AWS: Enterprise Security

Introduction

• AWS security overview
• What you should know

1. AWS Security Foundations

• Understanding shared responsibility
• Understanding the AWS security landscape
• Understanding separation of duties
• Implementing separation of duties
• Understanding CloudTrail
• Enabling CloudTrail
• Understanding Organizations
• Installing the command line interface (CLI) for Mac
• The command line interface (CLI) for Windows

2. IAM Concepts in AWS

• Understanding Identity and Access Management
• Understanding IAM policies
• Configuring IAM policies
• Understanding IAM groups
• Configuring IAM groups
• Configuring a password policy
• Configuring IAM users: Web console
• Challenge: IAM
• Solution: IAM
• Understanding IAM roles
• Configuring IAM roles
• Validating an IAM role
• Understanding Security Token Service
• Creating a temporary access role
• Creating a temporary access policy
• Validating temporary access
• Challenge: Super admin
• Solution: Super admin
• Illustrating access restrictions
• Exploring IAM policy simulator
• Understanding federated access
• Enabling federated access
• Securing financial access
• Enabling financial access
• Understanding Control Tower

3. S3 Access Management

• Exploring S3 management options
• Accessing S3 privately
• Configuring private S3 access
• Managing S3 with IAM
• Restricting S3 access with IAM
• Validating custom IAM S3 policy
• Leveraging a custom IAM S3 policy
• Creating an S3 bucket policy
• Illustrating an S3 bucket policy with the CLI
• Understanding S3 access control lists
• Understanding public access in S3
• Exploring presigned URLs
• Reviewing S3 security

4. Key Management

• Understanding Key Management Service
• Creating a KMS key
• Creating a multi-Region KMS key
• Using a KMS with S3 objects
• Using KMS and an IAM role
• Automating KMS key rotation
• Deleting a KMS key
• Enabling default EBS encryption
• Understanding Secrets Manager
• Using Secrets Manager
• Enabling autorotation with Secrets Manager
• Creating a multi-Region secret
• Understanding Systems Manager
• Using Systems Manager Parameter Store
• Understanding AWS CloudHSM

5. Internal Detective Controls

• Understanding AWS Config
• Enabling AWS Config
• Exploring AWS Config results
• Using conformance packs
• Understanding AWS GuardDuty
• Exploring AWS GuardDuty
• Understanding Amazon Macie
• Configuring a Macie job
• Exploring Macie results
• Understanding IAM Access Analyzer
• Understanding Amazon Detective
• Exploring Amazon Detective
• Understanding Amazon Inspector
• Exploring Amazon Inspector
• Resolving an Inspector finding

6. Additional Protective Tools

• Understanding Web Application Firewall
• Exploring Web Application Firewall
• Configuring Web Application Firewall
• Validating Web Application Firewall
• Understanding AWS Shield
• Understanding Certificate Manager
• Configuring a private certificate authority
• Creating a private certificate
• Using a private certificate

7. Security Audits in AWS

• Understanding AWS Security Hub
• Using AWS Security Hub
• Rotating access keys
• Understanding AWS Artifact
• Understanding Trusted Advisor
• Exploring Trusted Advisor
• Preparing for a security audit

Conclusion

• Next steps