AWS for DevOps: Security, Governance, and Validation

Learn best practices for security, governance, and validation. Explore topics in the third domain of the AWS Certified DevOps Engineer exam: Security, Governance, and Validation.

Introduction

• Welcome
• Using cloud services
• Exercise files

1. Security and Governance Approaches

• Security and governance approaches
• Outcome-based validation: SLAs
• Outcome-based security via audits
• Service cost predictability
• IT Governance requirements
• Protecting data in-flight
• Protecting data at-rest

2. Security and Governance for Services

• AWS security IAM objects
• AWS root IAM user
• MFA with privileged users
• AWS IAM policy simulator
• IAM best practices
• Security via AWS Certificate Manager
• Security via AWS KMS
• Security via AWS WAF and Shield
• Security via AWS Inspector
• Security via AWS Trusted Advisor
• AWS organizations

3. AWS Tools for Security and Governance

• Console tools for cost control
• Total service costs for AWS
• Using the AWS billing dashboard
• CloudWatch for security and cost control
• Using CloudTrail logs for security
• CloudTrail and CloudWatch events
• Set up and use the AWS CLI or aws-shell
• AWS CLI for governance
• Setting up the AWS SDK for Node.js
• AWS SDK for security

4. Advanced and Third-Party Tools

• AWS object metadata
• Third-party security tools
• Third-party governance tools
• Approaches to security
• Approaches to cost control

Conclusion

• Next steps