AWS Security Governance at Scale

Security is foundational to AWS. Governance at scale is a new concept for automating cloud governance that can help companies retire manual processes in account management, budget enforcement, and security and compliance. By automating common challenges, companies can scale without inhibiting agility, speed, or innovation. In addition, they can provide decision makers with the visibility, control, and governance necessary to protect sensitive data and systems. In this course, you will learn how to facilitate developer speed and agility, and incorporate preventive and detective controls. By the end of this course, you will be able to apply governance best practices.

Physisch oder virtuell?

Nehmen Sie an einem unserer Standorte Frankfurt, München und Wien oder virtuell an unseren Klassenraumtrainings teil. Unter „Termin buchen“ werden Ihnen alle Optionen angezeigt, zuerst sortiert nach Standort, dann nach Datum.

Dauer

Trainingssprache

Deutsch

Trainingsart

Nicht verfügbar

Was werden Sie in diesem Training erlernen?

In this course, you will learn to: Establish a landing zone with AWS Control Tower Configure AWS Organizations to create a multi-account environment Implement identity management using AWS Single Sign-On users and groups Federate access using AWS SSO Enforce policies using prepackaged guardrails Centralize logging using AWS CloudTrail and AWS Config Enable cross-account security audits using AWS Identity and Access Management (IAM) Define workflows for provisioning accounts using AWS Service Catalog and AWS Security Hub

Agenda

Course Introduction

Instructor introduction

Learning objectives

Course structure and objectives

Course logistics and agenda

Governance at Scale

Governance at scale focal points

Business and Technical Challenges

Governance Automation

Multi-account strategies, guidance, and architecture

Environments for agility and governance at scale

Governance with AWS Control Tower

Use cases for governance at scale

Preventive Controls

Enterprise environment challenges for developers

AWS Service Catalog

Resource creation

Workflows for provisioning accounts

Preventive cost and security governance

Self-service with existing IT service management (ITSM) tools

Deploy Resources for AWS Catalog

Create a new AWS Service Catalog portfolio and product

Add an IAM role to a launch constraint to limit the actions the product can perform

Grant access for an IAM role to view the catalog items.

Deploy an S3 bucket from an AWS Service Catalog product.

Detective Controls

Operations aspect of governance at scale

Resource monitoring

Configuration rules for auditing

Operational insights

Remediation

Clean up accounts

Compliance and Security Automation with AWS Config

Apply Managed Rules through AWS Config to selected resources

Automate remediation based on AWS Config rules

Investigate the Amazon Config dashboard and verify resources and rule compliance

Taking Action with AWS Systems Manager

Setup Resource Groups for various resources based on common requirements

Perform automated actions against targeted Resource Groups

Resources

REVIEWING ARCHITECTING CONCEPTS

SINGLE TO MULTIPLE ACCOUNTS

Group Exercise: Review Architecting on AWS core best practices
AWS Organizations for multi-account access and permissions
AWS SSO to simplify access and authentication across AWS accounts and third-party services
AWS Control Tower
Permissions, access, and authentication

HYBRID CONNECTIVITY

SPECIALIZED INFRASTRUCTURE

Zielgruppe

Solutions architects, security DevOps, and security engineers

Voraussetzung für den Kurs

Required: AWS Security Fundamentals course AWS Security Essentials course Optional: AWS Cloud Management Assessment Introduction to AWS Control Tower course Automated Landing Zone course Introduction to AWS Service Catalog course

Partner

AWS