Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training)

Video description

5+ Hours of Video Instruction
 
Overview
In this course, you learn how to use AWS services that provide the capability to define encryption and compliance as code. These services include AWS Key Management Service, AWS CloudFormation, AWS CodePipeline, AWS CodeCommit, AWS CodeBuild, AWS Config and Config Rules, Amazon CloudWatch Event Rules, and AWS Lambda. You learn how to use a combination of these services and tools to encrypt, prevent, detect, and remediate noncompliant resources within your software systems. Throughout the course, you will see working examples of how to automate the encryption of these services and how they can be included as part of a deployment pipeline using AWS CloudFormation and AWS CodePipeline.


Skill Level
Intermediate to Advanced
 
Learn How To
* Use AWS CloudFormation to provision AWS resources as code.* Use AWS CodePipeline to model continuous delivery workflows.* Create, disable, and delete symmetric keys using the AWS Key Management Service (KMS).* Automate the management of KMS keys using AWS CloudFormation.* Perform client-side encryption using the AWS Encryption SDK.* Create and automatically rotate encrypted username and password secrets for Amazon RDS using the AWS Secrets Manager and AWS Lambda.* Automate the provisioning of a deployment pipeline that deploys SSL/TLS AWS Certificate Manager (ACM) digital certificates using AWS CloudFormation and AWS CodePipeline.* Automate the provisioning of encryption when creating EBS, DynamoDB, RDS, and S3 resources using AWS CloudFormation.* Automate the provisioning of a deployment pipeline that deploys AWS Config Rules to detect unencrypted AWS resources using AWS CloudFormation and AWS CodePipeline.* Automatically provision a CloudTrail trail in CloudFormation and search the JSON files generated by CloudTrail using Amazon Athena.* Automate the provisioning of a deployment pipeline that deploys a solution capable of preventing, detecting, and remediating unencrypted resources using AWS CloudFormation and AWS CodePipeline.


Who Should Take This Course
* Software developers and security and compliance professionals who want to integrate encryption into every facet of the software development and delivery process.* Professionals with a working knowledge of AWS and programming knowledge who want to make encryption ubiquitous across their systems. 
Course Requirements
* Working knowledge of AWS (that is, at least one to two years working with AWS) is required.* Practical experience with a high-level programming experience, such as Python, Java, and Node.js, is helpful but not necessary.

Lesson Descriptions  Lesson 1, “Automating AWS Resources”: This lesson teaches the core components and benefits of AWS CloudFormation. You learn how to access the CloudFormation documentation and console, to describe the core components and benefits of AWS CodePipeline, to use the CodePipeline Console, and to launch a CloudFormation stack that deploys a simple deployment pipeline. 


Lesson 2, “Key Management”: This lesson teaches you how to create, disable, and delete a KMS key using the AWS Console; to automate the creation of a KMS key using AWS CloudFormation; to schedule the waiting period for KMS deletion; and to attach a KMS key to an AWS resource.


Lesson 3, “Developing with Encryption”: This lesson teaches you how to perform client-side encryption using the AWS Encryption SDK and to create encrypted username and password secrets that are automatically rotated for Amazon RDS using the AWS Secrets Manager and AWS Lambda.


Lesson 4, “Encryption in Transit”: This lesson teaches you how to create a TLS digital certificate using the AWS Certificate Manager (ACM) in the Console, and to use the AWS Console to create an Amazon CloudFront distribution and attach the ACM certificate to the distribution and ensure that all traffic is encrypted in transit. You also learn to use AWS CloudFormation to automate the provisioning of a TLS digital certificate using the AWS Certificate Manager, and to use AWS CloudFormation to create an Amazon CloudFront distribution and attach the ACM certificate to the distribution and ensure that all traffic is encrypted in transit. Finally, you learn to use AWS CloudFormation to create a deployment pipeline in AWS CodePipeline capable of deploying the ACM certificate and CloudFront distribution to AWS.


Lesson 5, “Encryption at Rest”: This lesson teaches you how to enable encryption while creating EBS, DynamoDB, RDS, and S3 resources in the Console. It also teaches you how to use AWS CloudFormation to automate the creation and encryption of EBS, DynamoDB, RDS, and S3 resources.


Lesson 6, “Detecting Encrypted Resources”: This lesson teaches you how to establish detective controls that discover changes to your AWS infrastructure and apply rules that you define to determine whether the resource is compliant or noncompliant. You will be able to describe AWS Config and Config Rules, to configure Managed Rules to run on your AWS account, and to run Managed Config rules from the console to detect encryption for specific AWS resources. Finally, you learn how to run Managed Config Rules using CloudFormation to detect encryption for specific AWS resources.


Lesson 7, “Logging and Searching KMS Keys”: This lesson teaches you how to create an AWS CloudTrail log in Console; to automatically provision a CloudTrail log in CloudFormation and view the JSON payload; and to search for uses of KMS keys within CloudTrail logs using Amazon Athena.


Lesson 8, “Continuous Encryption”: This lesson teaches you how to put together preventive, detective, and remediation controls into a complete continuous encryption solution. You will be able to describe a workflow for preventing, detecting, and remediating unencrypted resources; manually provision an automatic remediation solution using Config Rules, CloudWatch Event Rules, and Lambda; and create a continuous delivery solution for preventing, detecting, and remediating unencrypted resources using CloudFormation and CodePipeline.


About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Video Lessons are available for download for offline viewing within the streaming format. Look for the green arrow in each lesson.

Table of contents

  1. Introduction
    1. Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training): Introduction
    2. The Current State of Encryption
    3. Setup Development Environment
  2. Lesson 1: Automating AWS Resources
    1. Learning objectives
    2. 1.1 AWS CloudFormation
    3. 1.2 AWS CodePipeline
    4. 1.3 Launch a deployment pipeline stack
    5. 1.4 Lesson 1 Quiz
  3. Lesson 2: Key Management
    1. Learning objectives
    2. 2.1 Create KMS Keys in Console
    3. 2.2 Create a Customer-Managed CMK using AWS CloudFormation
    4. 2.3 Lesson 2 Quiz
  4. Lesson 3: Developing with Encryption
    1. Learning objectives
    2. 3.1 AWS Encryption SDK
    3. 3.2 AWS Secrets Manager
    4. 3.3 Lesson 3 Quiz
  5. Lesson 4: Encryption in Transit
    1. Learning objectives
    2. 4.1 AWS Certificate Manager and Amazon CloudFront in Console
    3. 4.2 Launch Encryption in Transit solution with AWS CloudFormation and AWS CodePipeline
    4. 4.3 Lesson 4 Quiz
  6. Lesson 5: Encryption at Rest
    1. Learning objectives
    2. 5.1 Encryption at rest for AWS EBS, Amazon RDS, Amazon DynamoDB, and Amazon S3
    3. 5.2 Encrypt a DynamoDB database using AWS CloudFormation
    4. 5.3 Lesson 5 Quiz
  7. Lesson 6: Detecting Encrypted Resources
    1. Learning objectives
    2. 6.1 Create AWS Config Rules in Console
    3. 6.2 Launch a Managed Config Rule via AWS CloudFormation
    4. 6.3 Lesson 6 Quiz
  8. Lesson 7: Logging and Searching KMS Keys
    1. Learning objectives
    2. 7.1 Create an AWS CloudTrail log in Console
    3. 7.2 Provision a CloudTrail log and search KMS keys
    4. 7.3 Lesson 7 Quiz
  9. Lesson 8: Continuous Encryption
    1. Learning objectives
    2. 8.1 Manually create encryption prevention, detection, and remediation workflow in Console
    3. 8.2 Deployment pipeline for encryption prevention, detection, and remediation workflow in CloudFormation
    4. 8.3 Lesson 8 Quiz
  10. Summary
    1. Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training): Summary

Product information

  • Title: Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training)
  • Author(s): Paul M. Duvall
  • Release date: April 2020
  • Publisher(s): Pearson
  • ISBN: 0136753242