AWS for Architects: Advanced Security

Learn how to use AWS advanced security services, techniques, and tools to secure cloud-based architecture.

Introduction

• Welcome
• What you should know
• About using cloud services

1. Implement Core Security Tasks

• AWS Shared Security Responsibility Model overview
• Well-architected five security principles
• Core AWS account tools
• Core AWS IAM objects
• AWS organizations and root account
• Object tagging
• Billing management
• CloudWatch logs and alerts
• CloudTrail analysis with Athena
• Trusted Advisor security alerts

2. Implement Identity and Access Management

• IAM users and groups
• IAM policies
• IAM roles
• Design user authentication
• User authentication using AWS Simple AD
• Secure authentication with Cognito
• Secure user authentication using AD Federation

3. Implement Infrastructure Protection

• Infrastructure and threat models
• VPC and security groups
• VPC Flow Logs and GuardDuty
• Certificate Manager and WAF to secure load balancers
• Inspector to monitor EC2 configurations
• Config for locking service deployment
• Service Catalog for AMI deployment
• Systems Manager for OS management

4. Implement Data Protection

• Data classification and protection
• Use Macie to locate sensitive data
• Encryption on AWS
• AWS IAM Key Management Service
• Data protection at rest in S3
• Encrypt data in transit and VPC endpoints
• Data backup, replication, and recovery

5. Implement Application Security

• Application security concerns
• Secure a serverless website
• Secure a dynamic website
• Secure an internal business application
• Secure a big data pipeline
• Secure an IoT and machine learning application
• Prepare for a security audit

Conclusion

• Next steps