AWS Security Best Practices

Currently, the average cost of a security breach can be upwards of $4 million. AWS Security Best Practices provides an overview of some of the industry best practices for using AWS security and control types. This course helps you understand your responsibilities while providing valuable guidelines for how to keep your workload safe and secure. You will learn how to secure your network infrastructure using sound design options. You will also learn how you can harden your compute resources and manage them securely. Finally, by understanding AWS monitoring and alerting, you can detect and alert on suspicious events to help you quickly begin the response process in the event of a potential compromise.

Physisch oder virtuell?

Nehmen Sie an einem unserer Standorte Frankfurt, München und Wien oder virtuell an unseren Klassenraumtrainings teil. Unter „Termin buchen“ werden Ihnen alle Optionen angezeigt, zuerst sortiert nach Standort, dann nach Datum.

Dauer

Trainingssprache

Deutsch

Trainingsart

Nicht verfügbar

Was werden Sie in diesem Training erlernen?

In this course, you will learn to: 1. Design and implement a secure network infrastructure 2. Design and implement compute security 3. Design and implement a logging solution

Agenda

AWS Security Overview

Shared responsibility model

Customer challenges

Frameworks and standards

Establishing best practices

Compliance in AWS

Securing the Network

Flexible and secure

Security inside the Amazon Virtual Private Cloud (Amazon VPC)

Security services

Third-party security solutions

Controlling the Network

Create a three-security zone network infrastructure.

Implement network segmentation using security groups, Network Access Control Lists (NACLs), and public and private subnets

Monitor network traffic to Amazon Elastic Compute Cloud (EC2) instances using VPC flow logs.

Amazon EC2 Security

Compute hardening

Amazon Elastic Block Store (EBS) encryption

Secure management and maintenance

Detecting vulnerabilities

Using AWS Marketplace

Securing the starting point (EC2)

Create a custom Amazon Machine Image (AMI).

Deploy a new EC2 instance from a custom AMI.

Patch an EC2 instance using AWS Systems Manager.

Encrypt an EBS volume.

Understand how EBS encryption works and how it impacts other operations.

Use security groups to limit traffic between EC2 instances to only that which is encrypted.

Monitoring and Alerting

Logging network traffic

Logging user and Application Programming Interface (API) traffic

Visibility with Amazon CloudWatch

Enhancing monitoring and alerting,

Verifying your AWS environment

Security Monitoring

Configure an Amazon Linux 2 instance to send log files to Amazon CloudWatch

Create Amazon CloudWatch alarms and notifications to monitor for failed login attempts.

Create Amazon CloudWatch alarms to monitor network traffic through a Network Address Translation (NAT) gateway.

REVIEWING ARCHITECTING CONCEPTS

SINGLE TO MULTIPLE ACCOUNTS

Group Exercise: Review Architecting on AWS core best practices
AWS Organizations for multi-account access and permissions
AWS SSO to simplify access and authentication across AWS accounts and third-party services
AWS Control Tower
Permissions, access, and authentication

HYBRID CONNECTIVITY

SPECIALIZED INFRASTRUCTURE

Zielgruppe

This course is intended for: 1. Solutions architects, cloud engineers, including security engineers, delivery and implementation engineers, professional services, and Cloud Center of Excellence (CCOE)

Voraussetzung für den Kurs

Before attending this course, participants should have completed the following: 1. AWS Security Fundamentals 2. AWS Security Essentials

Partner

AWS