Overview
Course Overview
By automating common challenges, companies can scale without inhibiting agility, speed, or innovation. In addition, they can provide decision makers with the visibility, control, and governance necessary to protect sensitive data and systems. In this course, you will learn how to facilitate developer speed and agility, and incorporate preventive and detective controls. By the end of this training, you will be able to apply governance best practices.
Start your AWS Security journey by accessing Official AWS e-Learning for FREE. Learn Securing Your AWS Cloud, Introduction to Data Encryption, Understanding Amazon EBS Volume Encryption and more - GET STARTED
Level: Intermediate
Duration: 3 Days
Delivery Type: Instructor-Led Training
Course Objectives
- Establish a landing zone with AWS Control Tower
- Configure AWS Organizations to create a multi-account environment
- Implement identity management using AWS Single Sign-On users and groups
- Federate access using AWS SSO
- Enforce policies using prepackaged guardrails
- Centralize logging using AWS CloudTrail and AWS Config
- Enable cross-account security audits using AWS Identity and Access Management (IAM)
- Define workflows for provisioning accounts using AWS Service Catalog and AWS Security Hub
Prerequisites
Required
- AWS Security Fundamentals course
- AWS Security Essentials
Recommended
- AWS Cloud Management Assessment
- Introduction to AWS Control Tower course
- Automated Landing Zone course
- Introduction to AWS Service Catalog course
Who Should Go For This Training?
- Solutions Architects, Security DevOps, and Security Engineers
Course Outline
Day 1
Module 0: Course Introduction
- Instructor introduction
- Learning objectives
- Course structure and objectives
- Course logistics and agenda
Module 1: Governance at Scale
- Governance at scale focal points
- Business and Technical Challenges
Module 2: Governance Automation
- Multi-account strategies, guidance, and architecture
- Environments for agility and governance at scale
- Governance with AWS Control Tower
- Use cases for governance at scale
Module 3: Preventive Controls
- Enterprise environment challenges for developers
- AWS Service Catalog
- Resource creation
- Workflows for provisioning accounts
- Preventive cost and security governance
- Self-service with existing IT service management (ITSM) tools
- Lab 1: Deploy Resources for AWS Catalog
- Create a new AWS Service Catalog portfolio and product
- Add an IAM role to a launch constraint to limit the actions the product can perform
- Grant access for an IAM role to view the catalog items
- Deploy an S3 bucket from an AWS Service Catalog product
Module 4: Detective Controls
- Operations aspect of governance at scale
- Resource monitoring
- Configuration rules for auditing
- Operational insights
- Remediation
- Clean up accounts
- Lab 2: Compliance and Security Automation with AWS Config
- Apply Managed Rules through AWS Config to selected resources
- Automate remediation based on AWS Config rules
- Investigate the Amazon Config dashboard and verify resources and rule compliance
- Lab 3: Taking Action with AWS Systems Manager
- Setup Resource Groups for various resources based on common requirements
- Perform automated actions against targeted Resource Groups
Module 5: Resources
- Explore additional resources for security governance at scale
Highlights
- AWS Security Governance at Scale training is recommended for earning the AWS Certified Security-Specialty certification.
Details
Pricing
Custom pricing options
Legal
Content disclaimer
Resources
Support
Vendor support
To learn more about our AWS trainings please visit NetCom Learning or do not hesitate to contact our Sales Team: aws@netcomlearning.com | (888)563-8266