This quest is designed to teach you how to apply AWS Identity and Access Management, in concert with several other AWS Services, to address real-world application and service security management scenarios.
Security is an uncompromising feature of Google Cloud Platform services, and GCP has developed specific tools for ensuring safety and identity across your projects. In this fundamental-level quest, you will get hands-on practice with GCP’s Identity and Access Management (IAM) service, which is the go-to for managing user and virtual machine accounts. You will get experience with network security by provisioning VPCs and VPNs, and learn what tools are available for security threat and data loss protections.
In this introductory-level quest, you will learn the fundamentals of developing and deploying applications on the Google Cloud Platform. You will get hands-on experience with the Google App Engine framework by launching applications written in languages like Python, Ruby, and Java (just to name a few). You will see first-hand how straightforward and powerful GCP application frameworks are, and how easily they integrate with GCP database, data-loss prevention, and security services.
When it comes to hosting websites and web applications, you want a framework that’s robust, fast, and secure. By choosing the Google Cloud Platform, you will have all of those needs covered. In this fundamental-level quest, you will get hands-on practice with GCPs key infrastructure and computing services for the web. From deploying your first web app, to integrating Cloud SQL with Ruby on Rails, to mapping the NYC subway system on App Engine, you will learn all the skills needed to harness GCPs web hosting power.
Enforcing the principle of least privilege in Security Groups is an important component in the overall security of an application. This task can become more complicated as an application grows in scope and complexity. In this lab we will walk through using VPC Flow Logs and the Amazon Elasticsearch Service to visualize the usage of Security Groups in order to help identify which rules might be too permissive.
The Cloud Security Scanner identifies security vulnerabilities in your Google App Engine web applications.
This is a Challenge Lab where you must complete a series of tasks within a limited time period. Instead of following step-by-step instructions, you will be presented with a general objective, and will be scored automatically based on your activity.
In this lab you will learn how to use AWS Config with a Lambda function to detect changes to the ingress permissions of an EC2 security group and automatically reverse changes that are made. In an different lab, Monitoring Security Groups with Amazon CloudWatch Events, you will do something similar but with different services. Both of these labs illustrate techniques that could be used to provide additional layers of protection to infrastructure controls. Prerequisites: To successfully complete this lab, you should be familiar with EC2 security groups. Python programming skills are helpful, although full solution code is provided. It would be helpful to have taken the Introduction to AWS Lambda lab at qwiklabs.com.
This lab demonstrates the steps to audit your AWS resources with Trusted Advisor to ensure your configuration complies with basic security best practices. The topics covered will also include working with security groups, multifactor authentication (MFA), and AWS Identity and Access Management (IAM).
Security is a top priority for Amazon Web Services (AWS). AWS provides many tools and services to meet your unique security needs. This lab will present a solution, among many, to enhance your security. This lab walks through a method to automatically update your Virtual Private Cloud (VPC) Security Groups to only allow access from Amazon CloudFront and AWS Web Application Firewall (WAF). Defining Security Groups rules this way prevents malicious requests from by-passing AWS WAF security rules and accessing your EC2 instances directly.