Continuous Security on AWS (The DevSecOps on AWS Series)

Video description

Almost 4 Hours of Video Instruction

Create a continuous security posture by defining all your AWS security and compliance as code, and run in a continuous delivery workflow with every change using services and tools such as AWS CloudFormation, AWS CodePipeline, and many others.


In this course, you will learn how to use AWS services, which provide the ability to create an end-to-end continuous security solution. These services include AWS CloudFormation, AWS CodePipeline, Amazon EventBridge, AWS Lambda, AWS Step Functions, AWS Organizations, AWS Security Hub, Amazon GuardDuty, AWS Config Rules, Amazon Inspector, AWS Secrets Manager, Amazon VPC, Amazon Macie, and AWS Audit Manager--among many others. You will learn how to use a combination of these services to apply key design principles for security and build continuous security solutions within your software systems. Throughout the course, you will see working examples of how to automate security using AWS services.

About the Instructor

Paul Duvall is a founder and former CTO of Stelligent--a Premier Consulting Partner with the DevOps and Security Competencies. He holds multiple AWS certifications including AWS Certified Security - Specialty. He has architected, implemented, and managed software and systems solutions for over 20 years. He is principal author of Continuous Integration: Improving Software Quality and Reducing Risk (Addison-Wesley, 2007), a 2008 Jolt Award winner.

He is also the author of many other publications, including the videos Continuous Compliance on AWS and Continuous Encryption on AWS, and Continuous Security on AWS, which are part of Addison-Wesley's DevSecOps on AWS Series. He hosted the “DevOps on AWS Radio” podcast for over three years.

He enjoys blogging and speaking on all topics related to DevSecOps, Serverless, and AWS. You can find his blog posts and other content at

Skill Level

Intermediate to Advanced

Learn How To
  • Apply key design principles for security
  • Apply event-based design patterns for security
  • Utilize AWS Developer Tools for DevSecOps
  • Use AWS CodePipeline and AWS CloudFormation to model continuous security workflows
  • Define your AWS Organizations as code using org-formation
  • Automate detective controls using AWS CloudFormation, AWS Security Hub, AWS Config Rules, and Amazon Inspector
  • Protect network and host-level boundaries with Amazon VPC
  • Perform data classification using AWS CloudFormation and Amazon Macie
  • Create an audit assessment using AWS CloudFormation and AWS Audit Manager
  • Apply security as code for container-based workloads using AWS CodePipeline, AWS CodeBuild, and open source tooling
Who Should Take This Course
  • Software developers and security and compliance professionals who want to integrate security into every facet of the software development and delivery process
  • Professionals with a working knowledge of AWS and programming knowledge who want to make security ubiquitous across their systems
Course Requirements
  • Working knowledge of AWS (e.g., 1-2+ years working with AWS)
  • Practical experience with a high-level programming experience--such as Python, Java, Node.js, etc.--is helpful but not necessary
Table of Contents

Lesson 1: Common Tools for Continuous Security
Lesson 2: Identity and Access Management
Lesson 3: Detection and Incident Response
Lesson 4: Infrastructure Protection
Lesson 5: Data Protection
Lesson 6: Compliance
Lesson 7: Deployment Architectures

Lesson Descriptions

In Lesson 1, Common Tools for Continuous Security, you will learn about cross-cutting tools that help automate security and compliance as code such as AWS CodePipeline, AWS CloudFormation, and AWS Lambda.

In Lesson 2, Identity and Access Management, you will learn about services that protect identities and access across AWS such as AWS IAM and AWS Organizations.

In Lesson 3, Detection and Incident Response, you will learn how to use security automation to detect and respond to security issues such as AWS Security Hub and AWS Config.

In Lesson 4, Infrastructure Protection, you will learn about services that protect your AWS infrastructure such as AWS WAF & Shield and Amazon VPC.

In Lesson 5, Data Protection, you will learn how to classify and protect data using services such as Amazon Macie and AWS KMS.

In Lesson 6, Compliance, you will learn about how to automate compliance using services such as AWS Audit Manager.

In Lesson 7, Deployment Architectures, you will learn about the different ways to apply Continuous Security to a container-based workload.
About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at

Table of contents

  1. Introduction
    1. Continuous Security on AWS: Introduction
    2. 0.1 AWS Security Concepts
    3. 0.2 AWS Security Practices and Resources
  2. Lesson 1: Common Tools for Continuous Security
    1. Learning objectives
    2. 1.1 Amazon CloudWatch
    3. 1.2 AWS CodePipeline
    4. 1.3 AWS Cloud9
    5. 1.4 AWS CloudFormation
    6. 1.5 Amazon EventBridge
    7. 1.6 AWS Step Functions
    8. 1.7 AWS Systems Manager
    9. 1.8 AWS Lambda
    10. 1.9 Deployment Pipeline Architectures
    11. 1.10 Demo: Setup Dev Environment and CD Pipelines
  3. Lesson 2: Identity and Access Management
    1. Learning objectives
    2. 2.1 AWS IAM
    3. 2.2 AWS Single-Sign On
    4. 2.3 Amazon Cognito
    5. 2.4 AWS Directory Service
    6. 2.5 AWS Resource Access Manager
    7. 2.6 AWS Organizations
    8. 2.7 Deployment Pipeline Architectures
    9. 2.8 Demo: AWS Organizations
  4. Lesson 3: Detection and Incident Response
    1. Learning objectives
    2. 3.1 AWS Security Hub
    3. 3.2 Amazon GuardDuty
    4. 3.3 Amazon Inspector
    5. 3.4 AWS Config
    6. 3.5 AWS CloudTrail
    7. 3.6 AWS IoT Device Defender
    8. 3.7 Amazon Detective
    9. 3.8 CloudEndure Disaster Recovery
    10. 3.9 Services Pipelines: Shift Left
    11. 3.10 Deployment Pipeline Architectures
    12. 3.11 Demo: AWS Security Hub
  5. Lesson 4: Infrastructure Protection
    1. Learning objectives
    2. 4.1 AWS Shield
    3. 4.2 AWS Web Application Firewall
    4. 4.3 AWS Firewall Manager
    5. 4.4 Amazon VPC
    6. 4.5 Deployment Pipeline Architectures
    7. 4.6 Demo: Amazon VPC
  6. Lesson 5: Data Protection
    1. Learning objectives
    2. 5.1 Amazon Macie
    3. 5.2 AWS Key Management Service (KMS)
    4. 5.3 AWS CloudHSM
    5. 5.4 AWS Certificate Manager (ACM)
    6. 5.5 AWS Secrets Manager
    7. 5.6 Deployment Pipeline Architectures
    8. 5.7 Demo: Amazon Macie
  7. Lesson 6: Compliance
    1. Learning objectives
    2. 6.1 AWS Artifact
    3. 6.2 AWS Audit Manager
    4. 6.3 Demo: AWS Audit Manager
  8. Lesson 7: Deployment Architectures
    1. Learning objectives
    2. 7.1 Deployment Architecture Consdierations for Security
    3. 7.2 Demo: Container Security
  9. Summary
    1. Continuous Security on AWS: Summary

Product information

  • Title: Continuous Security on AWS (The DevSecOps on AWS Series)
  • Author(s): Paul M. Duvall
  • Release date: March 2021
  • Publisher(s): Pearson
  • ISBN: 0136870856