Security on AWS

4 Labs · 29 Credits · 2h 45m

Use Case (Experienced) Security quest badge

In this quest, you’ll start by learning the basics of IAM and security-related features and tools such as Security Groups, VPCs, and the AWS Web Application Firewall. Then you'll tie these foundations together with AWS Lambda, CloudTrail, CloudWatch, EMR, Elasticsearch and Key Management Service to automate monitoring, alerting, and data mining the reports and logs of these tools to identify and report on security events.

Introduction to AWS Identity and Access Management (IAM)

This lab shows you how to manage access and permissions to your AWS services using AWS Identity and Access Management (IAM). Practice the steps to add users to groups, manage passwords, log in with IAM-created users, and see the effects of IAM policies on access to specific services.

Icon  intro introductory Free 25 Minutes

Performing a Basic Audit of your AWS Environment

 This lab leads you through the steps to perform basic audits of core AWS resources. You will use the AWS Management Console to understand how to audit the use of multiple AWS services, Amazon EC2, Amazon VPC, Amazon IAM, Amazon Security Groups, AWS CloudTrail and AWS CloudWatch. This lab will help you understand how you can extend your existing auditing objectives related to organizational Governance, Asset Configuration, Logical Access Controls, Operating Systems, Databases and Applications security configurations within AWS. The skills learned will help provide visibility; testability and automated audit evidence gather capabilities.

Icon  fundamental Fundamental 8 Credits 30 Minutes

Visualizing Security Groups with Amazon Elasticsearch Service

Enforcing the principle of least privilege in Security Groups is an important component in the overall security of an application. This task can become more complicated as an application grows in scope and complexity. In this lab we will walk through using VPC Flow Logs and the Amazon Elasticsearch Service to visualize the usage of Security Groups in order to help identify which rules might be too permissive.

Icon  advanced Advanced 10 Credits 50 Minutes

EMR File System Client-side Encryption Using AWS KMS-managed Keys

In this lab you will enable client-side at-rest encryption using AWS KMS-managed key for data stored in Amazon S3 with the EMR File System (EMRFS). Within Amazon EMR you will create security configuration to encrypt the object written to S3 with client-side encryption using the AWS KMS-managed key specified by you, and decrypt objects with the same key that was used to encrypt them. This will allow you to more easily leverage frameworks like Apache Spark, Apache Tez, and Apache Hadoop MapReduce on Amazon EMR to run big data analytics, stream processing, machine learning, and ETL workloads on confidential data.

Icon  advanced Advanced 10 Credits 50 Minutes