Skip to main content
AWS Security

AWS Security

$449.00
Availability:
Downloadable Resources, Instant Access
Your guarantee:
30-day money-back guarantee — no questions asked
Who trusts this:
Trusted by professionals in 160+ countries
When you get access:
Course access is prepared after purchase and delivered via email
Toolkit Included:
Includes a practical, ready-to-use toolkit containing implementation templates, worksheets, checklists, and decision-support materials used to accelerate real-world application and reduce setup time.
How you learn:
Self-paced • Lifetime updates
Adding to cart… The item has been added

This curriculum reflects the scope typically addressed across a full consulting engagement or multi-phase internal transformation initiative.

Security Governance and Compliance Strategy

  • Define and enforce security policies across multi-account AWS environments using AWS Organizations and Service Control Policies.
  • Map regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS) to AWS control objectives and implement compliance automation.
  • Evaluate shared responsibility model implications for SaaS, PaaS, and IaaS workloads in hybrid deployments.
  • Establish accountability frameworks for security ownership across development, operations, and business units.
  • Implement audit trails for configuration changes using AWS Config and integrate with SIEM systems.
  • Assess compliance drift over time and design remediation workflows with automated enforcement.
  • Balance compliance overhead with operational agility in fast-moving development environments.
  • Develop evidence collection strategies for internal and external audits using AWS Artifact and third-party tools.

Identity and Access Management at Scale

  • Design least-privilege IAM roles and policies using service control, resource-level, and condition-based restrictions.
  • Implement cross-account access patterns using IAM roles and identity federation with SAML 2.0 or OpenID Connect.
  • Enforce multi-factor authentication (MFA) for privileged access and emergency break-glass accounts.
  • Integrate AWS IAM with enterprise identity providers (e.g., Azure AD, Okta) and manage user lifecycle synchronization.
  • Rotate long-term access keys and enforce credential policies across distributed teams.
  • Monitor and alert on anomalous IAM activity using AWS CloudTrail and Amazon GuardDuty.
  • Manage temporary credentials for EC2, Lambda, and containerized workloads with appropriate session durations.
  • Design permission boundaries and service-linked roles to prevent privilege escalation.

Data Protection and Encryption Architecture

  • Classify data sensitivity levels and map to AWS encryption mechanisms (at-rest, in-transit, in-use).
  • Implement AWS KMS key policies with grant management and cross-region replication for disaster recovery.
  • Enforce default encryption for S3, EBS, RDS, and other storage services using bucket policies and resource creation controls.
  • Manage customer-managed keys (CMKs) with appropriate key rotation schedules and audit key usage.
  • Design secure data sharing patterns across accounts using KMS grants and S3 bucket policies.
  • Integrate AWS CloudHSM for FIPS 140-2 Level 3 compliance and external key material.
  • Assess trade-offs between performance and security when encrypting high-throughput workloads.
  • Implement client-side encryption for sensitive data before ingestion into AWS services.

Network Security and Traffic Control

  • Design VPC architectures with public, private, and transit subnets aligned to security zones.
  • Enforce network segmentation using security groups, NACLs, and AWS Network Firewall rules.
  • Implement DNS protection using Route 53 Resolver DNS Firewall and block known malicious domains.
  • Control egress traffic using VPC endpoints, NAT gateways, and proxy architectures.
  • Monitor and analyze network flows using VPC Flow Logs integrated with Amazon Athena or Splunk.
  • Deploy AWS WAF rules to protect API Gateway, ALBs, and CloudFront distributions from OWASP Top 10 threats.
  • Design hybrid connectivity (Direct Connect, VPN) with encrypted tunnels and strict routing policies.
  • Isolate high-risk workloads using dedicated VPCs with strict peering and gateway endpoint controls.

Threat Detection and Incident Response

  • Configure Amazon GuardDuty to detect anomalous behavior and prioritize findings based on organizational context.
  • Automate response to security findings using AWS Security Hub, EventBridge, and Lambda functions.
  • Establish centralized logging with Amazon CloudWatch Logs and S3 for forensic readiness.
  • Design incident playbooks for common scenarios (e.g., crypto-mining, credential compromise, DDoS).
  • Conduct tabletop exercises to validate detection coverage and response time SLAs.
  • Integrate threat intelligence feeds into detection rules and correlate with internal telemetry.
  • Preserve evidence during incident response using automated snapshot and log isolation procedures.
  • Assess false positive rates and tune detection rules to reduce analyst fatigue.

Secure Application and Workload Design

  • Enforce infrastructure-as-code (IaC) security using AWS CloudFormation guardrails and Terraform checks.
  • Scan container images in Amazon ECR using Amazon Inspector and reject non-compliant deployments.
  • Implement secure deployment pipelines with AWS CodeBuild and CodePipeline using artifact signing and scanning.
  • Apply runtime protection to Lambda functions using AWS Lambda Runtime Security Extensions.
  • Validate API security in API Gateway with request validation, throttling, and JWT authorizers.
  • Enforce secure configuration of ECS and EKS clusters using security context and pod policies.
  • Minimize attack surface by disabling unused services and removing default security group rules.
  • Design immutable infrastructure patterns to prevent runtime configuration drift.

Security Automation and Continuous Monitoring

  • Deploy AWS Config rules to enforce compliance with organizational security baselines.
  • Automate remediation of non-compliant resources using AWS Systems Manager Automation.
  • Build custom compliance checks for non-AWS resources integrated into AWS Systems Manager.
  • Aggregate security findings across accounts into a centralized Security Hub dashboard.
  • Design metric-based alerting for security events using CloudWatch Alarms and SNS.
  • Implement drift detection for critical resources and trigger re-baselining workflows.
  • Balance automation coverage with operational risk tolerance and rollback capabilities.
  • Validate security automation in pre-production environments to prevent unintended outages.

Cloud Security Operations and Risk Management

  • Define and track key security metrics (MTTD, MTTR, patch latency, finding closure rate).
  • Conduct risk assessments for new cloud initiatives using threat modeling (e.g., STRIDE, PASTA).
  • Establish change advisory boards (CABs) for high-impact security modifications.
  • Manage third-party risk for AWS Marketplace solutions and partner integrations.
  • Perform regular penetration testing under AWS Acceptable Use Policy guidelines.
  • Evaluate security tool sprawl and consolidate overlapping capabilities across the stack.
  • Integrate cloud security posture management (CSPM) tools with existing GRC platforms.
  • Assess residual risk for accepted vulnerabilities and document executive approvals.
!