Continuous Compliance, Encryption, and Security on AWS (The DevSecOps Series on AWS)

Continuous Compliance, Encryption, and Security on AWS (The DevSecOps Series on AWS)

by Paul M. Duvall
Released June 2021
Publisher(s): Pearson
ISBN: 0137628074

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

Overview
Continuous Compliance, Encryption, and Security on AWS is a series of video courses that will help you use AWS services to define compliance and encryption as code, and to create an end-to-end continuous security solution. These services include AWS Config Rules, Amazon EventBridge Rules, AWS CloudFormation, AWS CodePipeline, AWS Lambda, AWS Key Management Service, AWS CodeCommit, AWS CodeBuild, AWS Step Functions, AWS Organizations, AWS Security Hub, Amazon GuardDuty, Amazon Inspector, AWS Secrets Manager, Amazon VPC, Amazon Macie, AWS Audit Manager, and many others.

You will learn how to use a combination of these tools to prevent, detect, encrypt, and remediate noncompliant resources in your software systems. The videos in this series will also help you apply design principles for security and build continuous security solutions. Paul Duvall has multiple AWS certifications including AWS Certified Security - Specialty. He has architected, implemented, and managed software and systems solutions for more than 20 years. Throughout the series, you will have the opportunity to work along with Paul as he demonstrates how to automate the provisioning, encryption and security of these services, and how to include them as part of a deployment pipeline using AWS CloudFormation and AWS CodePipeline.

Courses include

  • Continuous Compliance on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training)
  • Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training)
  • Continuous Security on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training)

Skill Level
  • Intermediate to Advanced

Learn How To
  • Apply key compliance, encryption, and security concepts on AWS.
  • Use AWS services and tools to automate compliance, encryption, and security into your software delivery process.

Who Should Take This Course
  • Software developers and security and compliance professionals who want to integrate compliance, encryption, and security into every facet of the software development and delivery process.
  • Professionals with a working knowledge of AWS and programming experience who want to make compliance, encryption, and security ubiquitous across their systems.

Course Requirements
  • Working knowledge of AWS (for example, 1-2+ years working with AWS).
  • Knowledge of AWS CloudFormation.
  • Practical experience with high-level programming experience, such as Python, Java, Node.js, etc. is helpful.

About the Author
Paul Duvall was a founder and CTO of an AWS Premier Consulting Partner for over 10 years. He was an AWS Hero from 2016-2021. He has multiple AWS certifications including AWS Certified Security - Specialty. He has architected, implemented, and managed software and systems solutions for more than 20 years. He is the principal author of Continuous Integration: Improving Software Quality and Reducing Risk (Addison-Wesley, 2007), a 2008 Jolt Award Winner, and author of many other publications, including DevOps Essentials on AWS LiveLessons (Addison-Wesley, 2017). He's written for several publications including Forbes and Stelligent and hosted the "DevOps on AWS Radio" podcast.

About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Sams, and Que Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of contents

  1. Introduction
    1. Continuous Compliance on AWS LiveLessons: Introduction
    2. 0.1 The Current State of Compliance
    3. 0.2 Setup Development Environment
  2. Lesson 1: Automating AWS Resources
    1. Learning objectives
    2. 1.1 AWS CloudFormation
    3. 1.2 AWS CodePipeline
    4. 1.3 Launch a CloudFormation stack that deploys a deployment pipeline
    5. 1.4 Lesson 1 Quiz
  3. Lesson 2: Preventive Controls
    1. Learning objectives
    2. 2.1 Describe cfn_nag
    3. 2.2 Run cfn_nag from the command line
    4. 2.3 Configure cfn_nag to run from CodePipeline
    5. 2.4 Lesson 2 Quiz
  4. Lesson 3: Detective Controls
    1. Learning objectives
    2. 3.1 Describe AWS Config and Config Rules
    3. 3.2 Setup AWS Config Rules via console
    4. 3.3 Run Managed Config Rules from the console
    5. 3.4 Run Managed Config Rules using CloudFormation
    6. 3.5 Lesson 3 Quiz
  5. Lesson 4: More Detective Controls
    1. Learning objectives
    2. 4.1 Describe Custom Config Rules
    3. 4.2 Describe CloudWatch Event Rules
    4. 4.3 Setup Custom Config Rules using the Rules Development Kit (RDK)
    5. 4.4 Lesson 4 Quiz
  6. Lesson 5: Automated Remediation
    1. Learning objectives
    2. 5.1 Describe different ways to perform automatic remediations
    3. 5.2 Run an AWS Config Rule auto remediation routine from the Console
    4. 5.3 Run an AWS Config Rule auto remediation routine from CloudFormation
    5. 5.4 Lesson 5 Quiz
  7. Lesson 6: Continuous Compliance
    1. Learning objectives
    2. 6.1 Describe prevention, detection, and remediation workflow
    3. 6.2 Manually provision an automatic remediation solution using AWS Console
    4. 6.3 Create deployment pipeline for detection and remediation workflow
    5. 6.4 Lesson 6 Quiz
  8. Summary
    1. Continuous Compliance on AWS LiveLessons: Summary
  9. Introduction
    1. Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training): Introduction
    2. The Current State of Encryption
    3. Setup Development Environment
  10. Lesson 1: Automating AWS Resources
    1. Learning objectives
    2. 1.1 AWS CloudFormation
    3. 1.2 AWS CodePipeline
    4. 1.3 Launch a deployment pipeline stack
    5. 1.4 Lesson 1 Quiz
  11. Lesson 2: Key Management
    1. Learning objectives
    2. 2.1 Create KMS Keys in Console
    3. 2.2 Create a Customer-Managed CMK using AWS CloudFormation
    4. 2.3 Lesson 2 Quiz
  12. Lesson 3: Developing with Encryption
    1. Learning objectives
    2. 3.1 AWS Encryption SDK
    3. 3.2 AWS Secrets Manager
    4. 3.3 Lesson 3 Quiz
  13. Lesson 4: Encryption in Transit
    1. Learning objectives
    2. 4.1 AWS Certificate Manager and Amazon CloudFront in Console
    3. 4.2 Launch Encryption in Transit solution with AWS CloudFormation and AWS CodePipeline
    4. 4.3 Lesson 4 Quiz
  14. Lesson 5: Encryption at Rest
    1. Learning objectives
    2. 5.1 Encryption at rest for AWS EBS, Amazon RDS, Amazon DynamoDB, and Amazon S3
    3. 5.2 Encrypt a DynamoDB database using AWS CloudFormation
    4. 5.3 Lesson 5 Quiz
  15. Lesson 6: Detecting Encrypted Resources
    1. Learning objectives
    2. 6.1 Create AWS Config Rules in Console
    3. 6.2 Launch a Managed Config Rule via AWS CloudFormation
    4. 6.3 Lesson 6 Quiz
  16. Lesson 7: Logging and Searching KMS Keys
    1. Learning objectives
    2. 7.1 Create an AWS CloudTrail log in Console
    3. 7.2 Provision a CloudTrail log and search KMS keys
    4. 7.3 Lesson 7 Quiz
  17. Lesson 8: Continuous Encryption
    1. Learning objectives
    2. 8.1 Manually create encryption prevention, detection, and remediation workflow in Console
    3. 8.2 Deployment pipeline for encryption prevention, detection, and remediation workflow in CloudFormation
    4. 8.3 Lesson 8 Quiz
  18. Summary
    1. Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training): Summary
  19. Introduction
    1. Continuous Security on AWS: Introduction
    2. 0.1 AWS Security Concepts
    3. 0.2 AWS Security Practices and Resources
  20. Lesson 1: Common Tools for Continuous Security
    1. Learning objectives
    2. 1.1 Amazon CloudWatch
    3. 1.2 AWS CodePipeline
    4. 1.3 AWS Cloud9
    5. 1.4 AWS CloudFormation
    6. 1.5 Amazon EventBridge
    7. 1.6 AWS Step Functions
    8. 1.7 AWS Systems Manager
    9. 1.8 AWS Lambda
    10. 1.9 Deployment Pipeline Architectures
    11. 1.10 Demo: Setup Dev Environment and CD Pipelines
  21. Lesson 2: Identity and Access Management
    1. Learning objectives
    2. 2.1 AWS IAM
    3. 2.2 AWS Single-Sign On
    4. 2.3 Amazon Cognito
    5. 2.4 AWS Directory Service
    6. 2.5 AWS Resource Access Manager
    7. 2.6 AWS Organizations
    8. 2.7 Deployment Pipeline Architectures
    9. 2.8 Demo: AWS Organizations
  22. Lesson 3: Detection and Incident Response
    1. Learning objectives
    2. 3.1 AWS Security Hub
    3. 3.2 Amazon GuardDuty
    4. 3.3 Amazon Inspector
    5. 3.4 AWS Config
    6. 3.5 AWS CloudTrail
    7. 3.6 AWS IoT Device Defender
    8. 3.7 Amazon Detective
    9. 3.8 CloudEndure Disaster Recovery
    10. 3.9 Services Pipelines: Shift Left
    11. 3.10 Deployment Pipeline Architectures
    12. 3.11 Demo: AWS Security Hub
  23. Lesson 4: Infrastructure Protection
    1. Learning objectives
    2. 4.1 AWS Shield
    3. 4.2 AWS Web Application Firewall
    4. 4.3 AWS Firewall Manager
    5. 4.4 Amazon VPC
    6. 4.5 Deployment Pipeline Architectures
    7. 4.6 Demo: Amazon VPC
  24. Lesson 5: Data Protection
    1. Learning objectives
    2. 5.1 Amazon Macie
    3. 5.2 AWS Key Management Service (KMS)
    4. 5.3 AWS CloudHSM
    5. 5.4 AWS Certificate Manager (ACM)
    6. 5.5 AWS Secrets Manager
    7. 5.6 Deployment Pipeline Architectures
    8. 5.7 Demo: Amazon Macie
  25. Lesson 6: Compliance
    1. Learning objectives
    2. 6.1 AWS Artifact
    3. 6.2 AWS Audit Manager
    4. 6.3 Demo: AWS Audit Manager
  26. Lesson 7: Deployment Architectures
    1. Learning objectives
    2. 7.1 Deployment Architecture Consdierations for Security
    3. 7.2 Demo: Container Security
  27. Summary
    1. Continuous Security on AWS: Summary

Product information

  • Title: Continuous Compliance, Encryption, and Security on AWS (The DevSecOps Series on AWS)
  • Author(s): Paul M. Duvall
  • Release date: June 2021
  • Publisher(s): Pearson
  • ISBN: 0137628074