-
Currently, the average cost of a security breach can exceed $4 million. Best Practices for AWS Security provides an overview of some of the industry's best practices for using AWS security and control types.
This course will help you understand your responsibilities while providing valuable guidance on how to keep your workloads safe and secure. You will learn how to secure your network infrastructure with sound design options. You'll also learn how to harden and securely manage your compute resources. Finally, by understanding AWS monitoring and alerting, you will be able to detect and alert suspicious events so that you can quickly begin the response process in the event of a potential compromise.
This course includes presentations, demonstrations and practical exercises.
-
Course Contents
-
Module 1: AWS Security Overview
Module 2: Securing the Network
Module 3: Amazon EC2 Security
Module 4: Monitoring and Alerting
Lab 3: Security MonitoringYou have access to the labs for another 14 days after the course. This way you can repeat exercises or deepen them individually.
You will receive the original course documentation by Amazon Web Services in English language as an e-book.
-
Target Group
-
This course is aimed at solution architects, cloud engineers, including security engineers, deployment engineers, professional services and cloud centres of excellence (CCOE).
-
Knowledge Prerequisites
-
Before attending this course you should have completed the following courses:
• AWS Security Fundamentals
• AWS Security Essentials -
Please note our overview AWS Trainings!
Module 1: AWS Security Overview |
• Shared responsibility model |
• Customer challenges |
• Frameworks and standards |
• Establishing best practices |
• Compliance in AWS |
Module 2: Securing the Network |
• Flexible and secure |
• Security inside the Amazon Virtual Private Cloud (Amazon VPC) |
• Security services |
• Third-party security solutions |
Lab 1: Controlling the Network |
• Create a three-security zone network infrastructure. |
• Implement network segmentation using security groups, Network Access Control Lists (NACLs), and public and private subnets. |
• Monitor network traffic to Amazon Elastic Compute Cloud (EC2) instances using VPC flow logs. |
Module 3: Amazon EC2 Security |
• Compute hardening |
• Amazon Elastic Block Store (EBS) encryption |
• Secure management and maintenance |
• Detecting vulnerabilities |
• Using AWS Marketplace |
Lab 2: Securing the starting point (EC2) |
• Create a custom Amazon Machine Image (AMI). |
• Deploy a new EC2 instance from a custom AMI. |
• Patch an EC2 instance using AWS Systems Manager. |
• Encrypt an EBS volume. |
• Understand how EBS encryption works and how it impacts other operations. |
• Use security groups to limit traffic between EC2 instances to only that which is encrypted. |
Module 4: Monitoring and Alerting |
• Logging network traffic |
• Logging user and Application Programming Interface (API) traffic |
• Visibility with Amazon CloudWatch |
• Enhancing monitoring and alerting |
• Verifying your AWS environment |
Lab 3: Security Monitoring |
• Configure an Amazon Linux 2 instance to send log files to Amazon CloudWatch. |
• Create Amazon CloudWatch alarms and notifications to monitor for failed login attempts. |
• Create Amazon CloudWatch alarms to monitor network traffic through a Network Address Translation (NAT) gateway. |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
-
Currently, the average cost of a security breach can exceed $4 million. Best Practices for AWS Security provides an overview of some of the industry's best practices for using AWS security and control types.
This course will help you understand your responsibilities while providing valuable guidance on how to keep your workloads safe and secure. You will learn how to secure your network infrastructure with sound design options. You'll also learn how to harden and securely manage your compute resources. Finally, by understanding AWS monitoring and alerting, you will be able to detect and alert suspicious events so that you can quickly begin the response process in the event of a potential compromise.
This course includes presentations, demonstrations and practical exercises.
-
Course Contents
-
Module 1: AWS Security Overview
Module 2: Securing the Network
Module 3: Amazon EC2 Security
Module 4: Monitoring and Alerting
Lab 3: Security MonitoringYou have access to the labs for another 14 days after the course. This way you can repeat exercises or deepen them individually.
You will receive the original course documentation by Amazon Web Services in English language as an e-book.
-
Target Group
-
This course is aimed at solution architects, cloud engineers, including security engineers, deployment engineers, professional services and cloud centres of excellence (CCOE).
-
Knowledge Prerequisites
-
Before attending this course you should have completed the following courses:
• AWS Security Fundamentals
• AWS Security Essentials -
Please note our overview AWS Trainings!
Module 1: AWS Security Overview |
• Shared responsibility model |
• Customer challenges |
• Frameworks and standards |
• Establishing best practices |
• Compliance in AWS |
Module 2: Securing the Network |
• Flexible and secure |
• Security inside the Amazon Virtual Private Cloud (Amazon VPC) |
• Security services |
• Third-party security solutions |
Lab 1: Controlling the Network |
• Create a three-security zone network infrastructure. |
• Implement network segmentation using security groups, Network Access Control Lists (NACLs), and public and private subnets. |
• Monitor network traffic to Amazon Elastic Compute Cloud (EC2) instances using VPC flow logs. |
Module 3: Amazon EC2 Security |
• Compute hardening |
• Amazon Elastic Block Store (EBS) encryption |
• Secure management and maintenance |
• Detecting vulnerabilities |
• Using AWS Marketplace |
Lab 2: Securing the starting point (EC2) |
• Create a custom Amazon Machine Image (AMI). |
• Deploy a new EC2 instance from a custom AMI. |
• Patch an EC2 instance using AWS Systems Manager. |
• Encrypt an EBS volume. |
• Understand how EBS encryption works and how it impacts other operations. |
• Use security groups to limit traffic between EC2 instances to only that which is encrypted. |
Module 4: Monitoring and Alerting |
• Logging network traffic |
• Logging user and Application Programming Interface (API) traffic |
• Visibility with Amazon CloudWatch |
• Enhancing monitoring and alerting |
• Verifying your AWS environment |
Lab 3: Security Monitoring |
• Configure an Amazon Linux 2 instance to send log files to Amazon CloudWatch. |
• Create Amazon CloudWatch alarms and notifications to monitor for failed login attempts. |
• Create Amazon CloudWatch alarms to monitor network traffic through a Network Address Translation (NAT) gateway. |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses