Course 772:
AWS Security

(2 days)


Course Description

This course is designed to help individuals understand how items can be secured on the Amazon Web Services (AWS) platform. The course covers concepts such as using Identity and Access Management (IAM) and how to secure data, networks, and infrastructure on AWS. Additionally, how to audit systems running in AWS with CloudTrail and CloudWatch, as well as how Guard Duty and Control Tower can help achieve security goals.

This course includes instructor lecture, demos, and labs.

Learning Objectives

  • Understand the AWS shared responsibility model
  • IAM best practices
  • How to encrypt data at rest in AWS
  • Using customer managed encryption keys and handling key rotation
  • Securing cloud networks
  • Creating your own EC2 keys
  • Mitigating infrastructure vulnerabilities such as DDOS
  • Auditing cloud usage with CloudTrail and monitoring systems with CloudWatch
  • Leveraging Guard Duty and Control Tower to achieve security goals


This workshop assumes prior knowledge of AWS and is not an introduction to AWS. Knowledge to the level of ROI Course 799: Deploying Infrastructure on AWS is assumed.

Who Should Attend

Security analysts, information security/cybersecurity specialists, system architects, developers, systems operations professionals or anyone who wants to learn more about security features of AWS.

Course Outline

Chapter 1: Foundations of AWS Security

  • Shared Responsibility Model
  • Compliance in AWS

Chapter 2: IAM

  • Managing Users with Groups
  • Password Policies
  • Multi-Factor Authentication
  • Federated Identity
  • IAM Policies and Roles
  • IAM Best Practices

Chapter 3: Data Security

  • S3 Bucket Policies
  • S3 ACLs
  • S3 Signed URLs
  • KMS Keys
  • KMS Key Rotation
  • S3 Encryption

Chapter 4: Network Security

  • Securing VPCs
  • NACLs vs. Security Groups
  • NAT Instances and NAT Gateways
  • NAT’s vs. Bastions
  • VPC Flow Logs
  • VPC Endpoints

Chapter 5: Infrastructure Security

  • EC2 Key Pairs
  • Using KMS with EBS
  • DDOS Mitigation
  • Elastic Load Balancers and TLS/SSL Termination
  • AWS WAF and AWS Shield

Chapter 6: Logging And Monitoring

  • CloudTrail
  • CloudWatch
  • AWS Config
  • Inspector and Trusted Advisor

Chapter 7: Security Automation and Guidance

  • Control Tower
  • Security Hub
  • Guard Duty

Please Contact Your ROI Representative to Discuss Course Tailoring!