Security Engineering on AWS

Day 1

Resources

The following resource links will provide more information and help reinforce topics covered during Day 1:

Module 1: Security on AWS

• Shared Responsibility Model
• AWS Managed Service Provider (MSP) Program
• AWS Cloud Adoption Framework
• Penetration Testing

Module 2: Identifying Entry Points on AWS

• AWS service endpoints
• AWS Regional Services
• Signing AWS API requests
• AWS account root user
• Managing access keys for IAM users
• Configuration and credential file settings
• AWS services that work with IAM
• Session policies
• IAM JSON policy elements reference
• Move Over JSON – Policy Summaries Make Understanding IAM Policies Easier
• How AWS uses automated reasoning to help you achieve security at scale
• Policy evaluation logic
• Multi-factor Authentication
• Configuring MFA-protected API access
• Viewing Events with CloudTrail Event History
• CloudTrail Supported Services and Integrations
• Validating CloudTrail Log File Integrity

Module 3: Security Considerations: Web Applications

• AWS Trusted Advisor
• AWS Trusted Advisor best practice checklist
• AWS service quotas
• AWS IQ

Module 4: Application Security

• Amazon EC2 key pairs and Linux instances
• Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service
• Guidelines for shared Linux AMIs
• EC2 Image Builder FAQs
• Amazon Inspector FAQs
• Amazon Inspector agents
• Amazon Inspector Adds Ability to Run Security Assessments on Amazon EC2 Instances Without Adding Tags
• CVE - Common Vulnerabilties and Exposures
• Amazon Inspector rules packages and rules
• What is AWS Systems Manager?
• AWS Systems Manager features
• Use cases and best practices
• How to Remediate Amazon Inspector Security Findings Automatically

Module 5: Data Security

• Protecting data using encryption
• What is the AWS Encryption SDK?
• Protecting data using server-side encryption
• Guidelines for using the available access policy options
• Example walkthroughs: Managing access to your Amazon S3 resources
• Using versioning
• S3 Object Lock overview
• Amazon S3 Block Public Access – Another Layer of Protection for Your Accounts and Buckets
• What does Amazon S3 replicate?
• Creating access points
• Access point compatibility with S3 operations and AWS services
• Uploading objects using presigned URLs
• Encrypting Amazon RDS resources
• Client-side and server-side encryption
• How Amazon DynamoDB uses AWS KMS
• Amazon S3 Glacier Vault Lock