Architecting for Security on AWS

This course will help you learn to apply security at all layers of AWS, including encrypting and protecting data at-rest and in-transit, as well as how to prepare for and respond to security events.
Course info
Rating
(12)
Level
Intermediate
Updated
Sep 6, 2018
Duration
4h 8m
Table of contents
Course Overview
Protecting AWS Credentials
Capturing and Analyzing Logs
Protecting Network and Host-level Boundaries
Protecting Data at Rest
Protecting Data in Transit
Configuring Data Backup, Replication, and Recovery
Description
Course info
Rating
(12)
Level
Intermediate
Updated
Sep 6, 2018
Duration
4h 8m
Description

AWS security architects need to understand how to build security into every AWS deployment at every level. In this course, Architecting for Security on AWS, you’ll learn how to secure your data and your AWS services and resources at multiple levels using a defense-in-depth approach. First, you'll learn how to protect your AWS credentials using identity and access management. Next, you'll see how to capture and analyze logs using CloudTrail, CloudWatch, and Athena. Finally, you'll learn how to implement network and instance security, encrypt data at rest and in-transit, and set up data backup, replication, and recovery. After finishing this course, you'll be ready to granularly control access to your AWS resources.

About the author
About the author

Ben Piper is an IT consultant and the author of "Learn Cisco Network Administration in a Month of Lunches" from Manning Publications. He holds numerous certifications from Cisco, Citrix, and Microsoft.

More from the author
AWS Networking Deep Dive: Route 53 DNS
Intermediate
4h 10m
18 May 2018
More courses by Ben Piper
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
(Music playing) Hi everyone, my name Ben Piper, and welcome to my course, Architecting for Security on AWS. I'm an AWS certified Solutions Architect and author. Security is about protecting your valuable data and the systems that store and retrieve that data. As an AWS architect, you need to understand how to build security into every AWS deployment at every level. In this course, you're going to learn how to secure your data and your AWS services and resources at multiple levels using a defense in-depth approach. Some of the major topics that we will cover include identity and access management, capturing and analyzing security logs, network and instance security, data encryption, and backup, replication, and recovery. By the end of this course, you'll know how to secure your data stored in AWS, as well as your AWS services and resources. Before beginning the course, you should have six months of experience with AWS in a technical capacity. I hope you'll join me on this journey to learn AWS security with the Architecting for Security on AWS course, only on Pluralsight.

Capturing and Analyzing Logs
Welcome back. In order know that you're effectively protecting your AWS environment and the data that it contains, you need some way of knowing what's happening in your environment. You need to have some way of verifying that your security controls are working correctly once you've set them up, and you also need to keep track of changes that occur to your AWS resources. In this module, you're going to learn how to configure a few different AWS services that give you a high level of visibility into the inner workings of your AWS infrastructure. We'll start by logging in detail the individual actions that take place against your AWS resources. To do this, we're going to configure CloudTrain to capture every event that occurs in our AWS environment and store a record of those events in log files. We'll then use CloudWatch Logs to browse and search those events. After that, we'll set up CloudWatch Alarms to send us a notification whenever a change takes place. We'll then look at how to use Amazon Athena to search CloudTrail Logs using SQL queries. And finally, we'll configure AWS Config, which is another service that can help us keep track of configuration changes to our AWS environment and tell us exactly what changed and when. Now, you might be thinking that there's a lot of overlap between these services. It sounds like some of them do the same things, but as you're going to see, each one is designed for a slightly different use case. As an AWS architect, understanding the difference between these services is critical to ensuring that you select the right ones for your needs.