Class Schedule
Security Engineering on AWS
Security Engineering Day 1
Morning
-
30 Minutes
-
The module introduces Security Engineering in the AWS Cloud and threat modeling. This module takes 30 minutes to complete.
-
10 Minutes
-
This module focuses on understanding how to use AWS Identity and Access Management (IAM) to secure your AWS environment. In this module, you will explore API access and IAM policies for purpose and effect. You will also learn how to log and view API requests using AWS CloudTrail, and how to view and analyze access history. This module takes 30 minutes to complete.
-
60 Minutes
Afternoon
-
This lab demonstrates how Identity and Access Management (IAM) evaluates permissions using identity and resource-based policies and permissions boundaries. You learn how policies can be attached to an IAM role or an AWS resource and how evaluating these policies results in effective permissions. You will then use IAM permissions boundaries to limit the permissions with an IAM role. The concepts introduced in this lab are a starting point for managing identities and resources in a single account using IAM. This lab takes 30 minutes to complete.
-
This module aims to help students learn about authentication and authorization for multi-account environments and federated users. This module takes 60 minutes to complete.
-
10 Minutes
-
n this lab, you use a Windows-based host to create two users in an AWS Directory Service Simple Active Directory (Simple AD) directory. You then assign each user to a specific Identity and Access Management (IAM) role. Next, you sign in to the AWS Management Console as each directory user you created to examine the effective permissions the IAM roles assign them. Lastly, you quarantine a directory user that has performed malicious actions to prevent them from signing in and doing more damage to company assets. This lab takes 60 minutes to complete.
Security Engineering Day 2
Morning
-
This module aims to help students identify how to protect and securely use keys and secrets. This module takes 120 minutes to complete.
-
10 Minutes
-
In this lab, you learn how to encrypt an AWS Secrets Manager secret with an AWS Key Management Service (AWS KMS) key. You then use the secret to connect to an Amazon Relational Database Service (Amazon RDS) database. This lab takes 60 minutes to complete.
-
60 Minutes
Afternoon
-
This module aims to help students understand how data is protected when using AWS storage services. This module takes 90 minutes to complete.
-
In this lab, you explore the various ways to secure data stored in Amazon Simple Storage Service (Amazon S3). First, you create an AWS Key Management Service (AWS KMS) key that you use to encrypt the contents of an S3 bucket. Then you make an S3 bucket policy to enforce encryption for any new objects uploaded. Then you create a replication rule to replicate the objects from the original bucket to a replication bucket in a different region to provide multi-region resiliency to your data. Finally, you use Amazon Macie to identify Personal Identifiable Information (PII) stored in objects in an S3 bucket.
-
This module focuses on securing your infrastructure within your VPC(s) and the edge of your environment, facing the internet.
Day 2 Resources
Security Engineering Day 3
Morning
-
This module focuses on securing your infrastructure within your VPC(s) and the edge of your environment, facing the internet. This module takes 90 minutes to complete.
-
10 Minutes
-
You install the Amazon CloudWatch Logs agent in this lab on a Linux-based Amazon Elastic Compute Cloud (Amazon EC2) instance. You then configure the agent to send system logs to CloudWatch Logs to monitor for failed authentication attempts on the instance. Finally, you configure VPC flow logs to capture network traffic, and then use CloudWatch Logs Insights to analyze the logs. This lab takes 60 minutes to complete.
-
60 Minutes
Afternoon
-
This module aims to help students become familiar with services used in threat investigation, threat detection, and incident response on AWS. This module takes 90 minutes to complete.
-
10 Minutes
-
In this lab, you act as a member of the incident response team receiving an alert on a possible EC2 instance that might be compromised by a bad actor. You need to respond to the incident using proven processes and techniques for effective investigation, analysis, and lessons learned. This lab takes 60 minutes to complete.