AWS security architects need to understand how to build security into every AWS deployment at every level. In this course, Architecting for Security on AWS, you’ll learn how to secure your data and your AWS services and resources at multiple levels using a defense-in-depth approach. First, you'll learn how to protect your AWS credentials using identity and access management. Next, you'll see how to capture and analyze logs using CloudTrail, CloudWatch, and Athena. Finally, you'll learn how to implement network and instance security, encrypt data at rest and in-transit, and set up data backup, replication, and recovery. After finishing this course, you'll be ready to granularly control access to your AWS resources.
Ben Piper is an IT consultant and the author of "Learn Cisco Network
Administration in a Month of Lunches" from Manning Publications. He holds
numerous certifications from Cisco, Citrix, and Microsoft.
Course Overview (Music playing) Hi everyone, my name Ben Piper, and welcome to my course, Architecting for Security on AWS. I'm an AWS certified Solutions Architect and author. Security is about protecting your valuable data and the systems that store and retrieve that data. As an AWS architect, you need to understand how to build security into every AWS deployment at every level. In this course, you're going to learn how to secure your data and your AWS services and resources at multiple levels using a defense in-depth approach. Some of the major topics that we will cover include identity and access management, capturing and analyzing security logs, network and instance security, data encryption, and backup, replication, and recovery. By the end of this course, you'll know how to secure your data stored in AWS, as well as your AWS services and resources. Before beginning the course, you should have six months of experience with AWS in a technical capacity. I hope you'll join me on this journey to learn AWS security with the Architecting for Security on AWS course, only on Pluralsight.
Capturing and Analyzing Logs Welcome back. In order know that you're effectively protecting your AWS environment and the data that it contains, you need some way of knowing what's happening in your environment. You need to have some way of verifying that your security controls are working correctly once you've set them up, and you also need to keep track of changes that occur to your AWS resources. In this module, you're going to learn how to configure a few different AWS services that give you a high level of visibility into the inner workings of your AWS infrastructure. We'll start by logging in detail the individual actions that take place against your AWS resources. To do this, we're going to configure CloudTrain to capture every event that occurs in our AWS environment and store a record of those events in log files. We'll then use CloudWatch Logs to browse and search those events. After that, we'll set up CloudWatch Alarms to send us a notification whenever a change takes place. We'll then look at how to use Amazon Athena to search CloudTrail Logs using SQL queries. And finally, we'll configure AWS Config, which is another service that can help us keep track of configuration changes to our AWS environment and tell us exactly what changed and when. Now, you might be thinking that there's a lot of overlap between these services. It sounds like some of them do the same things, but as you're going to see, each one is designed for a slightly different use case. As an AWS architect, understanding the difference between these services is critical to ensuring that you select the right ones for your needs.