O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

AWS Cloud Security

Video Description

More Than 6.5 Hours of Video Instruction

More than 6.5 hours of video instruction to help you learn the skills necessary to implement security in an Amazon Web Services (AWS) Cloud environment.

AWS Cloud Security LiveLessons explores Amazon Web Services (AWS), which offers a scalable cloud computing platform designed for high availability and reliability, providing the tools that allow you to run a wide range of applications. Helping to protect the confidentiality, integrity, and availability (CIA) of your systems and data is of the utmost importance. The AWS infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. It is designed to provide an extremely scalable, highly reliable platform that allows customers to deploy applications and data quickly and securely.

This course first covers the basics and rapid deployment capabilities of AWS to build a knowledge foundation for individuals who are brand new to cloud computing and AWS. You will explore the methods that AWS uses to secure their cloud services. You will learn how you, as an AWS customer, can have the most secure cloud solution possible for a wide variety of implementation scenarios. This course delves into the flexibility and agility needed to implement the most applicable security controls for your business functions in the AWS environment through deploying varying degrees of restrictive access to environments based on data sensitivity.

Through onscreen demos and detailed instruction, seasoned presenter Michael J. Shannon takes you through the key facets of AWS best practices and services in the areas of shared security and compliance; identity and access management; infrastructure security; data protection; and logging and monitoring to ensure that your AWS environment remains secure.

Topics include:

  • AWS Security Fundamentals
  • AWS Shared Security Responsibility Model
  • AWS Compliance Services
  • Understanding Users and Credentials
  • Identity and Access Management (IAM)
  • NACLs and Security Groups
  • AWS WAF and AWS Shield
  • Cryptographic Services
  • Key Management
  • Visibility and Reporting

About the Instructor

Michael J Shannon began his IT career when he transitioned from a recording studio engineer to network technician for a major telecommunications company in the early 90s. He soon began to focus on security and was one of the first 10 people to attain the HIPAA Certified Security Specialist. Throughout his 30 years in IT, he has worked as an employee, contractor, trainer, and consultant for a number of companies including Platinum Technologies, Fujitsu, IBM, State Farm, Pearson, MindSharp, Thomson/NetG, and Skillsoft, among others. Mr. Shannon has authored several books, training manuals, published articles, and produced dozens of CBT titles through the years as well. For security purposes, he has attained the CISSP, CCNP Security, Palo Alto Networks Certified Network Security Engineer, Security+, and ITIL Intermediate SO and RCV certifications. He resides with his wife in Abilene, Texas.

Skill Level

Intermediate systems/network/application professional

Learn How To

  • Apply security concepts, models, and services in an AWS environment
  • Manage user account credentials and deploy AWS Identity and Access Management (IAM) to manage access to AWS services and resources securely
  • Protect your network through best practices using NACLs and security groups, as well as the security offered by AWS Web Application Firewall (WAF) and AWS Shield
  • Protect your data with IPsec, AWS Certificate Manager, AWS Key Management Services (KMS), AWS CloudHSM, and other key management approaches
  • Ensure that your AWS environment is secure through logging, monitoring, auditing, and reporting services available in AWS

Who Should Take This Course

  • Existing certified cloud practitioners interested in building a strong security foundation to enhance their experience with Amazon EC2, VPC, and many other services
  • Individuals preparing for the AWS Solutions Architect, Developer, and SysOps Administrator Associate certifications
  • Anyone moving into or advancing in the IT and Information Security field

Course Requirements

Requires basic knowledge of cloud networking and network security concepts and technologies.

Lesson descriptions

Lesson 1, AWS Security Fundamentals, covers security fundamentals including understanding the CIA triad; examining types and categories of controls; reviewing core AWS Services; and surveying common threats to AWS services.

Lesson 2, AWS Shared Security Responsibility Model, covers the very important AWS shared security responsibility model. Topics include: understanding the shared security responsibility model; establishing AWS responsibilities, including security of and in the cloud. Finally, this lesson concludes with a look at strategies when planning for security.

Lesson 3, AWS Compliance Services, is all about AWS compliance services. You will learn about the AWS premium support services; understand risk and compliance; and look at a case study of HIPAA security and compliance.

Lesson 4, Understanding Users and Credentials, explores users and credentials as well as the account root user. In addition, you’ll learn to configure user accounts and credentials; learn about password policies; and review Identity and Access Management (IAM) best practices

Lesson 5, Identity and Access Management (IAM), looks deeper at the AWS IAM service. You will first learn the basics of IAM; explore IAM users and groups; IAM roles; managed and custom Policies; and examine IAM Federated Services, the AWS Security Token Service (STS); and wrap up with a look at AWS Cognito.

Lesson 6, NACLs and Security Groups, covers network access control lists (NACLs)and security groups with a focus on understanding security zoning, network segmentation, and best Practices for network security in the cloud.

Lesson 7, AWS WAF and AWS Shield, focuses on having a working knowledge of the mechanics of and working with the AWS Web Application Firewall (WAF) and AWS Shield. The lesson explores distributed denial of service (DDoS) protection and response; the AWS WAF Advanced API; deploying malware protection best practices; and surveying layered defense in the cloud.

Lesson 8, Cryptographic Services, covers the basics of cryptographic services; IPsec fundamentals, IPsec in AWS; and AWS Certificate Manager.

In Lesson 9, Key Management, explores AWS Key Management Services (KMS); how to protect EC2 key pairs; how to use encrypted EBS volumes; how to work with Server-Side Encryption (SSE) in S3; and concludes with a look at AWS CloudHSM Security.

Lesson 10, Logging and Monitoring, covers topics including visibility and reporting; security reporting and logging in AWS; activating Flow Logs and Region-based CloudTrail; AWS Auditing; Pre-Audit Tasks, and concludes with a look at additional security services offered in an AWS environment.

About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more.

Table of Contents

  1. Introduction
    1. AWS Cloud Security: Introduction 00:01:55
  2. Module 1: Amazon Web Services Foundations
    1. Module introduction 00:00:27
  3. Lesson 1: AWS Security Fundamentals
    1. Learning objectives 00:00:24
    2. 1.1 Understanding the CIA Triad 00:08:42
    3. 1.2 Examining Types and Categories of Controls 00:07:32
    4. 1.3 Reviewing Core AWS Services 00:11:56
    5. 1.4 Surveying Common Threats to AWS Services 00:10:19
  4. Lesson 2: AWS Shared Security Responsibility Model
    1. Learning objectives 00:00:32
    2. 2.1 Understanding the Shared Security Responsibility Model 00:04:41
    3. 2.2 Establishing AWS Responsibilities: Security of the Cloud 00:05:45
    4. 2.3 Establishing Customer Responsibilities: Security in the Cloud 00:04:23
    5. 2.4 Surveying Strategies When Planning for Security 00:07:39
  5. Lesson 3: AWS Compliance Services
    1. Learning objectives 00:00:24
    2. 3.1 Understanding AWS Premium Support Services 00:06:50
    3. 3.2 Understanding Risk and Compliance 00:05:00
    4. 3.3 Case Study: HIPAA Security and Compliance (and GDPR) 00:05:20
  6. Module 2: Identity and Access Management
    1. Module introduction 00:00:24
  7. Lesson 4: Understanding Users and Credentials
    1. Learning objectives 00:00:24
    2. 4.1 Examining the Account Root User 00:03:45
    3. 4.2 Exploring User Accounts and Credentials 00:05:08
    4. 4.3 Exploring Password Policies 00:03:57
    5. 4.4 Deploying Identity and Access Management Best Practices 00:05:35
  8. Lesson 5: Identity and Access Management (IAM)
    1. Learning objectives 00:00:33
    2. 5.1 Understanding IAM 00:06:47
    3. 5.2 Exploring IAM Users and Groups 00:10:06
    4. 5.3 Exploring IAM Roles 00:08:48
    5. 5.4 Exploring IAM Managed Policies 00:05:39
    6. 5.5 Exploring IAM Custom Policies 00:05:38
    7. 5.6 Exploring IAM Federated Services 00:03:33
    8. 5.7 Understanding AWS Security Token Service (STS) 00:09:25
    9. 5.8 Understanding AWS Cognito 00:05:21
  9. Module 3: Infrastructure Security
    1. Module introduction 00:00:28
  10. Lesson 6: NACLs and Security Groups
    1. Learning objectives 00:00:37
    2. 6.1 Understanding Security Zoning and Network Segmentation 00:10:49
    3. 6.2 Deploying Best Practices for Network Security in the Cloud 00:10:00
    4. 6.3 Comparing Security Groups to Network ACLs 00:05:31
    5. 6.4 Working with Network ACLs 00:10:43
    6. 6.5 Surveying Recommended NACL Scenarios 00:04:36
    7. 6.6 Understanding Security Groups 00:04:47
    8. 6.7 Working with Security Groups 00:09:19
    9. 6.8 Understanding Security Groups for Windows Instances 00:05:49
  11. Lesson 7: AWS WAF and AWS Shield
    1. Learning objectives 00:00:38
    2. 7.1 Understanding Web Application Firewall (WAF) 00:13:19
    3. 7.2 Working with WAF 00:09:38
    4. 7.3 Exploring DDoS Protection and Response 00:09:36
    5. 7.4 Exploring AWS WAF Advanced API 00:08:17
    6. 7.5 Understanding AWS Shield 00:11:16
    7. 7.6 Working with AWS Shield 00:03:44
    8. 7.7 Deploying Malware Protection Best Practices 00:04:59
    9. 7.8 Surveying Layered Defense in the Cloud 00:07:28
  12. Module 4: Data Protection
    1. Module introduction 00:00:21
  13. Lesson 8: Cryptographic Services
    1. Learning objectives 00:00:24
    2. 8.1 Understanding Cryptography Basics 00:13:21
    3. 8.2 Understanding IPsec Fundamentals 00:10:30
    4. 8.3 Examining IPsec in AWS 00:10:13
    5. 8.4 Exploring AWS Certificate Manager 00:09:14
  14. Lesson 9: Key Management
    1. Learning objectives 00:00:31
    2. 9.1 Understanding AWS Key Management Services (KMS) 00:12:14
    3. 9.2 Working with AWS KMS 00:07:40
    4. 9.3 Protecting EC2 Key Pairs 00:02:41
    5. 9.4 Using Encrypted EBS Volumes 00:06:10
    6. 9.5 Examining Server Side Encryption (SSE) in S3 00:08:28
    7. 9.6 Exploring AWS CloudHSM Security 00:05:57
  15. Module 5: Logging and Monitoring
    1. Module introduction 00:00:17
  16. Lesson 10: Visibility and Reporting
    1. Learning objectives 00:00:34
    2. 10.1 Understanding Security Reporting and Logging in AWS 00:05:38
    3. 10.2 Activating FlowLogs and Region-based CloudTrail 00:08:40
    4. 10.3 Understanding AWS Auditing 00:03:42
    5. 10.4 Exploring Pre-Audit Tasks 00:02:53
    6. 10.5 Surveying Additional Security Services 00:06:33
  17. Summary
    1. AWS Cloud Security: Summary 00:01:14