
In this course, we’ll explore Amazon Web Services (AWS) as a platform. We will take the perspective of a new startup company spinning up infrastructure in AWS for the very first time.
Course Length: 16 Hours
Includes a Certificate of Completion
Next scheduled date:
Notify me when available
Description
In this course, we’ll explore Amazon Web Services (AWS) as a platform. We will take the perspective of a new startup company spinning up infrastructure in AWS for the very first time.
We’ll use a scenario-based approach, where you’ll don the persona of a security engineer on your first day at a new startup. This course will demonstrate ideas like secure-by-default and will examine services and patterns for locking down defaults using a combination of open source and platform-native tooling. Finally, attendees will walk away with a practical understanding of various controls, detections, and guardrails.
-
System Requirements
- Students should attend the course on a laptop using a modern web browser (Chrome or Firefox)
- An AWS Account owned by the learner (not a corporate account) to use as a lab environment
Syllabus
Module 1: Forming your world
-
Become familiar with the AWS platform
-
Bootstrapping static IAM users
-
Setting up consolidated billing and billing alarms
-
Introduction to Logging
Lab 1.1 Get Familiar with Common Issues
Lab 1.2 Setting up a user
Lab 1.3 Setting up command line AWS access
Lab 1.4 Setting up billing alarms using the CDK
Lab 1.5 Setting up CloudTrail
Lab 1.6 Adversary Emulation
Module 2: Deploying Sample Applications
-
Become familiar with infrastructure as code (IaC)
-
Learn to lint and secure IaC
-
Get familiar with serverless functions
-
Analyze log files using ANSI SQL
Lab 2.1 Deploying a simple application
Lab 2.2 Get familiar with Terraform
Lab 2.3 Deploying nested stacks
Lab 2.4 Setting up flow logging
Lab 2.5 Setting up DNS logging
Lab 2.6 Analyze Flow Logs
Module 3: Detecting and remediating common misconfigurations
-
Examining Common Misconfigurations
-
Auditing for different types of misconfigs using open source
-
Identity and Access Management mishaps and tools
Lab 3.1 Identify breach root causes
Lab 3.2 Deploying AWS Config
Lab 3.3 Auditing with Prowler
Lab 3.4 Auditing Identity with PMapper
Lab 3.5 Working with permissions boundaries
Module 4 : Maturing your security posture
-
Understand what guardrails are
-
Become familiar with AWS Organizations
-
Manage the lifecycle of SCPs
-
Building an authentication workflow using single sign on (SSO)
-
Creating security automations using frameworks
Lab 4.1 Enabling access analyzer
Lab 4.2 Exploring SCPs
Lab 4.3 Exploring the deployment of SCPs with Terraform
Lab 4.4 Setting up Identity Center
Lab 4.5 Creating security automations
FAQ
In this course, students will learn how to:
• Perform incident response in AWS
• Provide technical guidance to teams implementing security controls on AWS
• Enact user access management models
• Audit for anti-patterns in cloud security
• Prevent common types of data breaches on AWS
• Avoid common mistakes and data breaches
• Build scalable infrastructure
Students will also:
• Gain insight into how to perform architecture reviews
• Gain insight into developing runbooks and playbooks for their organization
• Gain awareness of open-source tools to force multiply the security effort
Blue teamers, sysadmins, network admins, those working in devsecops, first responders, or anyone that wants to learn AWS cloud basics.
Anyone looking to pivot their career into the cloud space or go deeper across the set of domains in Cloud Security.
This foundational course is for folks without any AWS skillset. The ideal attendee is someone looking to pivot from traditional sysadmin to CloudSec. Attendees with moderate experience will still benefit from hands-on labs with industry-standard, open-source tools and prescriptive guidance.
This course is designed for learners at any level but is best suited for intermediate practitioners.
-
Some command line knowledge working in a Linux terminal
-
Ability to edit text files
-
Familiarity with Git workflows
Students should have an AWS account that they are accountable and billable for just for this course. Please do not utilize your existing account.
• Incident response cheat sheet of Athena queries
• Downloadable VM file for the course
• CloudFormation templates to bootstrap secure environments
• Attack bot infrastructure for simulation of the course attack tactics
About the Instructor
Andrew Krug
Bio
Andrew Krug is a Security Geek specializing in Cloud and Identity and Access Management. Andrew brings 15 years experience at the intersection of security, education, and systems administration. As a fierce advocate for Open Source and founder of ThreatResponse tool suite, Andrew has helped inspire the landscape around forensics and incident response in the Cloud. Andrew has been a presenter at a variety of conferences, publishing papers with BlackHat USA, DerbyCon, and many more.
Register for Upcoming
Securing the Cloud: Foundations
On-Demand Andrew Krug
Attention: This is not a phish!
Antisyphon Training accounts have moved to learning.antisyphontraining.com. Training purchases will now be directed to that site. You can trust us.
Related products
-
Patterson CakeLive8 Hrs
Incident Response Simplified
View Course This product has multiple variants. The options may be chosen on the product page -
Alissa TorresLiveOD16 Hrs
Advanced Endpoint Investigations
View Course -
Carrie RobertsLiveOD16 Hrs
PowerShell for InfoSec: What You Need to Know
View Course -
Multiple InstructorsLiveOD16 Hrs
Enterprise Security for All
View Course

