O'Reilly logo
live online training icon Live Online training

AWS Security Fundamentals

A Hands-on course to securing AWS workloads

Topic: System Administration
Michael Wittig

AWS Security can be a confusing landscape and a high-level overview is necessary to securely navigate within this complex environment. AWS security requires an understanding of the IAM Service control’s access to the AWS API. IAM provides a wealth of features that you must manage to keep your AWS Account secure. Additionally, Network Security, Account Structure, Governance, Data Encryption, and Service Specific APIs need your attention. This course will put the security-related features of AWS into context and allows you to focus your resources on those that matter most in your setup. It will introduce you to the security concepts of the AWS API, a topic integral for everyone from personal AWS accounts to enterprise setups. You will learn where those concepts deviate from the norm, potentially creating security holes in your setup. The course will cover how the network can be protected and how data can be encrypted at-rest and in-transit. You will learn how AWS Security can be addressed in large enterprise environments. Finally, you’ll learn how Governance can be implemented and how multiple AWS Accounts can help you secure your AWS workloads.

What you'll learn-and how you can apply it

  • Responsibilities to keep AWS secure
  • Which security features are relevant in which contexts
  • Common pitfalls and how to avoid them
  • The advantages of a Multi Account Strategy

Participants will be able to:

  • Setup governance tools to ensure security of their AWS account(s)
  • Enable encryption features to encrypt data at-rest
  • Setup IAM users and with least privileges

This training course is for you because...

  • You are a Systems Administrator and want to ensure that your AWS workloads are secure
  • You are a Systems Architect and you want to leverage the power of AWS Security features
  • You are a Developer and are interested in protecting secrets and want to understand how your code can interact with AWS in a secure way


  • Have access to an AWS account with full permissions (Administrator Access or root user)
  • Or, open a free account at http://aws.amazon.com/free

Recommended Preparation:

Introduction to Amazon Web Services (AWS) - EC2 Deployment Fundamentals (video)

AWS System Administration (book)

Amazon Web Services in Action (book)

AWS Answers:

AWS Multiple Account Security Strategy (blog post)

AWS re:Invent 2016: Automated Governance of Your AWS Resources (DEV302) (video)

Technical Introduction to Amazon VPC - Virtual Private Cloud on AWS (video)

About your instructor

  • Michael Wittig is author of Amazon Web Services in Action (Manning). He is the co-founder of widdix, an independent AWS consultancy where he helps clients to gain value from Amazon Web Services. He migrated the complete IT infrastructure of the first financial institution in Germany to AWS. He has expertise in distributed system development and architecture, with experience in algorithmic trading and real-time analytics.


The timeframes are only estimates and may vary according to how the class is progressing

Introduction and Author Bio (10min)

AWS API: Authentication (30min)

  • IAM User
  • Access Key
  • Login Profile
  • MFA
  • IAM Group
  • Cognito
  • Federation
  • Role
  • Trust Policy
  • STS Assume Role
  • EC2 Instance Profile
  • IoT Thing
  • Device Certificate?
  • Exercise: Create IAM User & enable MFA

AWS API: Authorization (30min)

  • IAM Policy
  • Inline
  • Managed? Exercise: Create IAM Policy to allow S3 access to a single bucket

Break (10min)

Account Structure (10min)

  • Account
  • Root User
  • Organization

Governance (20min)

  • Exercise: Enable CloudTrail, Making some API Calls, Looking at the results

Network (10min)

Data Encryption (20min)

  • At Rest
  • In Transit
  • Exercise: Create S3 Bucket with SSE encryption turned on

Service Specifics (15min)

Summary & Questions (15min)