Skip to main content

Security Engineering on AWS


  • Aws Advanced Training Partner

  • Aws Premium Consuting Partner

Security Engineering on AWS

Please find our upcoming course dates at the end of this page!

COURSE DESCRIPTION

Security is a concern for both customers in the cloud, and those considering cloud adoption. An increase in cyberattacks and data leaks remains top of mind for most industry personnel. The Security Engineering on AWS course addresses these concerns by helping you better understand how to interact and build with Amazon Web Services (AWS) in a secure way. In this course, you will learn about managing identities and roles, managing and provisioning accounts, and monitoring API activity for anomalies. You will also learn about how to protect data stored on AWS. The course explores how you can generate, collect, and monitor logs to help identify security incidents. Finally, you will review detecting and investigating security incidents with AWS services.

COURSE OBJECTIVES

In this course, you will learn to:

  • State an understanding of AWS cloud security based on the CIA triad.
  • Create and analyze authentication and authorizations with IAM.
  • Manage and provision accounts on AWS with appropriate AWS services.
  • Identify how to manage secrets using AWS services.
  • Monitor sensitive information and protect data via encryption and access controls.
  • Identify AWS services that address attacks from external sources.
  • Monitor, generate, and collect logs.
  • Identify indicators of security incidents.
  • Identify how to investigate threats and mitigate using AWS services.

INTENDED AUDIENCE

This course is intended for:

  • Security engineers
  • Security architects
  • Cloud architects
  • Cloud operators working across all global segments

PREREQUISITES

We recommend that attendees of this course have:

  • Completed the following courses:
  • Working knowledge of IT security practices and infrastructure concepts.
  • Familiarity with the AWS Cloud.

ACTIVITIES

This course includes:

  • presentations
  • demonstrations
  • group exercises
  • hands-on labs

COURSE DURATION / PRICE

  • 3 days
  • € 2,685.00 (excl. tax) per person (DE)
  • CHF 2,500.00 (excl. tax) per person (CH)

Course outline

  • Day 1

    • Module 1: Security Overview and Review
      • Explain Security in the AWS Cloud.
      • Explain AWS Shared Responsibility Model.
      • Summarize IAM, Data Protection, and Threat Detection and Response.
      • State the different ways to interact with AWS using the console, CLI, and SDKs.
      • Describe how to use MFA for extra protection.
      • State how to protect the root user account and access keys.
    • Module 2: Securing Entry Points on AWS
      • Describe how to use multi-factor authentication (MFA) for extra protection.
      • Describe how to protect the root user account and access keys.
      • Describe IAM policies, roles, policy components, and permission boundaries.
      • Explain how API requests can be logged and viewed using AWS CloudTrail and how to view and analyze access history.
      • Hands-On Lab: Using Identity and Resource Based Policies.
    • Module 3: Account Management and Provisioning on AWS
      • Explain how to manage multiple AWS accounts using AWS Organizations and AWS Control Tower.
      • Explain how to implement multi-account environments with AWS Control Tower.
      • Demonstrate the ability to use identity providers and brokers to acquire access to AWS services.
      • Explain the use of AWS IAM Identity Center (successor to AWS Single Sign-On) and AWS Directory Service.
      • Demonstrate the ability to manage domain user access with Directory Service and IAM Identity Center.
      • Hands-On Lab: Managing Domain User Access with AWS Directory Service
  • Day 2

    • Module 4: Secrets Management on AWS
      • Describe and list the features of AWS KMS, CloudHSM, AWS Certificate Manager (ACM), and AWS Secrets Manager.
      • Demonstrate how to create a multi-Region AWS KMS key.
      • Demonstrate how to encrypt a Secrets Manager secret with an AWS KMS key.
      • Demonstrate how to use an encrypted secret to connect to an Amazon Relational Database Service (Amazon RDS) database in multiple AWS Regions
      • Hands-on lab: Lab 3: Using AWS KMS to Encrypt Secrets in Secrets Manager
    • Module 5: Data Security
      • Monitor data for sensitive information with Amazon Macie.
      • Describe how to protect data at rest through encryption and access controls.
      • Identify AWS services used to replicate data for protection.
      • Determine how to protect data after it has been archived.
      • Hands-on lab: Lab 4: Data Security in Amazon S3
    • Module 6: Infrastructure Edge Protection
      • Describe the AWS features used to build secure infrastructure.
      • Describe the AWS services used to create resiliency during an attack.
      • Identify the AWS services used to protect workloads from external threats.
      • Compare the features of AWS Shield and AWS Shield Advanced.
      • Explain how centralized deployment for AWS Firewall Manager can enhance security.
      • Hands-on lab: Lab 5: Using AWS WAF to Mitigate Malicious Traffic
  • Day 3

    • Module 7: Monitoring and Collecting Logs on AWS
      • Identify the value of generating and collecting logs.
      • Use Amazon Virtual Private Cloud (Amazon VPC) Flow Logs to monitor for security events.
      • Explain how to monitor for baseline deviations.
      • Describe Amazon EventBridge events.
      • Describe Amazon CloudWatch metrics and alarms.
      • List log analysis options and available techniques.
      • Identify use cases for using virtual private cloud (VPC) Traffic Mirroring.
      • Hands-on lab: Lab 6: Monitoring for and Responding to Security Incidents
    • Module 8: Responding to Threats
      • Classify incident types in incident response.
      • Understand incident response workflows.
      • Discover sources of information for incident response using AWS services.
      • Understand how to prepare for incidents.
      • Detect threats using AWS services.
      • Analyze and respond to security findings.
      • Hands-on lab: Lab 7: Incident Response

IMPORTANT: Please bring your notebook (Windows, Linux or Mac) to our training. If this is not possible, please contact us in advance.

Course materials are in English, on request also in German (if available).
The course language is German, on request also in English.



Neue Termine in Planung!

Continue reading

AWS Technical Essentials

AWS Technical Essentials

current course dates can be found at the bottom of this page … company training available on request!

Course description

AWS Technical Essentials introduces you to essential AWS services and common solutions. The course covers the fundamental AWS concepts related to compute, database, storage, networking, monitoring, and security. You will start working in AWS through hands-on course experiences. The course covers the concepts necessary to increase your understanding of AWS services, so that you can make informed decisions about solutions that meet business requirements. Throughout the course, you will gain information on how to build, compare, and apply highly available, fault tolerant, scalable, and cost-effective cloud solutions.

Course objectives

In this course, you will learn to:

  • Describe terminology and concepts related to AWS services
  • Navigate the AWS Management Console
  • Articulate key concepts of AWS security measures and AWS Identity and Access Management (IAM)
  • Distinguish among several AWS compute services, including Amazon Elastic Compute Cloud (Amazon EC2), AWS Lambda, Amazon Elastic Container Service (Amazon ECS), and Amazon Elastic Kubernetes Service (Amazon EKS)
  • Understand AWS database and storage offerings, including Amazon Relational Database Service (Amazon RDS), Amazon DynamoDB, and Amazon Simple Storage Service (Amazon S3)
  • Explore AWS networking services
  • Access and configure Amazon CloudWatch monitoring features

Intended audience

This course is intended for:

  • Individuals responsible for articulating the technical benefits of AWS services to customers
  • Individuals interested in learning how to get started with AWS
  • SysOps administrators
  • Solutions architects
  • Developers

Activities

This course includes:

  • presentations
  • hands-on labs
  • demonstrations
  • videos
  • knowledge checks

This course provides activities that allow you to test new skills and apply knowledge through hands-on exercises.

Course duration / Price

  • 1 day / € 775.00 (excl. tax) per person (DE)

Course outline

Module 1: Introduction to Amazon Web Services

  • Introduction to AWS Cloud
  • Security in the AWS Cloud
  • Hosting the employee directory application in AWS
  • Hands-On Lab: Introduction to AWS Identity and Access Management (IAM)

Modul 2: AWS Compute

  • Compute as a service in AWS
  • Introduction to Amazon Elastic Compute Cloud
  • Amazon EC2 instance lifecycle
  • AWS container services
  • What is serverless?
  • Introduction to AWS Lambda
  • Choose the right compute service
  • Hands-On Lab: Launch the Employee Directory Application on Amazon EC2

Modul 3: AWS Networking

  • Networking in AWS
  • Introduction to Amazon Virtual Private Cloud (Amazon VPC)
  • Amazon VPC routing
  • Amazon VPC security
  • Hands-On Lab: Create a VPC and Relaunch the Corporate Directory Application in Amazon EC2

Modul 4: AWS Storage

  • AWS storage types
  • Amazon EC2 instance storage and Amazon Elastic Block Store (Amazon EBS)
  • Object storage with Amazon S3
  • Choose the right storage service
  • Hands-On Lab: Create an Amazon S3 Bucket

Modul 5: Databases

  • Explore databases in AWS
  • Amazon Relational Database Service
  • Purpose-built databases
  • Introduction to Amazon DynamoDB
  • Choose the right AWS database service
  • Hands-On Lab: Implement and manage Amazon DynamoDB

Module 6: Monitoring, Optimization, and Serverless

  • Monitoring
  • Optimization
  • Alternate serverless employee directory application architecture
  • Hands-On Lab: Configure High Availability for Your Application

Module 7: Course Summary

 

IMPORTANT: Please bring your notebook (Windows, Linux or Mac) to our trainings. If this is not possible, please contact us in advance.

Course materials are in English, on request also in German (if available).
Course language is German, on request also in English.

Cloud Operations on AWS Training

Cloud Operations on AWS

current course dates can be found at the bottom of this page … company training available on request!

Course description

This course teaches systems operators and anyone performing system operations functions how to install, configure, automate, monitor, secure, maintain and troubleshoot the services, networks, and systems on AWS necessary to support business applications. The course also covers specific AWS features, tools, and best practices related to these functions.

Course objectives

In this course, you will learn to:

  • Recognize the AWS services that support the different phases of Operational Excellence, a Well-Architected Framework pillar.
  • Manage access to AWS resources using AWS Accounts and Organizations and AWS Identity and Access Management (IAM).
  • Maintain an inventory of in-use AWS resources using AWS services such as AWS Systems Manager, AWS CloudTrail, and AWS Config.
  • Develop a resource deployment strategy utilizing metadata tags, Amazon Machine Images, and Control tower to deploy and maintain an AWS cloud environment.
  • Automate resource deployment using AWS services such as AWS CloudFormation and AWS Service Catalog.
  • Use AWS services to manage AWS resources through SysOps lifecycle processes such as deployments and patches.
  • Configure a highly available cloud environment that leverages AWS services such as Amazon Route 53 and Elastic Load Balancing to route traffic for optimal latency and performance.
  • Configure AWS Auto Scaling and Amazon Elastic Compute Cloud auto scaling to scale your cloud environment based on demand.
  • Use Amazon CloudWatch and associated features such as alarms, dashboards, and widgets to monitor your cloud environment.
  • Manage permissions and track activity in your cloud environment using AWS services such as AWS CloudTrail and AWS Config.
  • Deploy your resources to an Amazon Virtual Private Cloud (Amazon VPC), establish necessary connectivity to your Amazon VPC, and protect your resources from disruptions of service.
  • State the purpose, benefits, and appropriate use cases for mountable storage in your AWS cloud environment.
  • Explain the operational characteristics of object storage in the AWS cloud, including Amazon Simple Storage Service (Amazon S3) and Amazon S3 Glacier.
  • Build a comprehensive costing model to help gather, optimize, and predict your cloud costs using services such as AWS Cost Explorer and the AWS Cost & Usage Report.

Intended audience

This course is intended for:

  • System administrators
  • Software developers, especially those with a DevOps role

Prerequisites

We recommend that attendees of this course have:

  • Successfully completed the AWS Technical Essentials course
  • Background in either software development or systems administration
  • Proficiency in maintaining operating systems at the command line, such as shell scripting in Linux environments or cmd/PowerShell in Windows
  • Basic knowledge of networking protocols (TCP/IP, HTTP)

Activities

This course includes:

  • Training with instructor
  • Practical exercises

Course duration / Price

  • 3 days / € 1,845.00 (excl. tax) per person (DE)

Course outline

Day 1

  • Cloud Operations on AWS Overview
  • Networking in the Cloud
  • Computing in the Cloud

Day 2

  • Storage and archiving in the cloud
  • Monitoring in the cloud
  • Manage resource usage in the cloud

Day 3

  • Configuration management in the cloud
  • scalable deployments in the cloud
  • automated and repeatable deployments

IMPORTANT: Please bring your notebook (Windows, Linux or Mac) to our trainings. If this is not possible, please contact us in advance.

Course materials are in English, on request also in German (if available).
Course language is German, on request also in English.

AWS DevOps Engineering on AWS

DevOps Engineering on AWS

current course dates can be found at the bottom of this page … company training available on request!

Course description

DevOps Engineering on AWS teaches you how to use the combination of DevOps cultural philosophies, practices, and tools to increase your organization’s ability to develop, deliver, and maintain applications and services at high velocity on AWS. This course covers Continuous Integration (CI), Continuous Delivery (CD), infrastructure as code, microservices, monitoring and logging, and communication and collaboration.

Course objectives

In this course, you will learn to:

  • Use DevOps best practices to develop, deliver, and maintain applications and services at high velocity on AWS
  • List the advantages, roles and responsibilities of small autonomous DevOps teams
  • Design and implement an infrastructure on AWS that supports DevOps development projects
  • Leverage AWS Cloud9 to write, run and debug your code
  • Deploy various environments with AWS CloudFormation
  • Host secure, highly scalable, and private Git repositories with AWS CodeCommit
  • Integrate Git repositories into CI/CD pipelines
  • Automate build, test, and packaging code with AWS CodeBuild
  • Securely store and leverage Docker images and integrate them into your CI/CD pipelines
  • Build CI/CD pipelines to deploy applications on Amazon EC2, serverless applications, and container-based applications
  • Implement common deployment strategies such as “all at once,” “rolling,” and “blue/green”
  • Integrate testing and security into CI/CD pipelines
  • Monitor applications and environments using AWS tools and technologies

Intended audience

This course is intended for:

  • System administrators
    Software developers

Prerequisites

We recommend that attendees of this course have:

  • Previous attendance at the System Operations on AWS or Developing on AWS courses
  • Working knowledge of one or more high-level programing languages, such as C#, Java, PHP, Ruby, Python
  • Intermediate knowledge of administering Linux or Windows systems at the command-line level
  • Two or more years of experience provisioning, operating, and managing AWS environments

Activities

This course includes:

  • Training with instructor
  • Practical exercises

Course duration / Price

  • 3 days – € 2,095.00 (excl. tax) per person (DE)

Course outline

Note: Course content may vary slightly depending on location and/or language.

Day 1

  • Introduction to DevOps
  • AWS command line interface
  • Introduction to DevSecOps
  • Deployment strategies and developer tools

Day 2

  • Infrastructure as code
  • In-depth knowledge of AWS developer tools
  • Automated testing on AWS

Day 3

  • Configuration Management
  • Development with AMI and Amazon EC2 Systems Manager
  • Containers: Docker and Amazon ECS
  • DevOps – customer case studies
  • Course Summary

IMPORTANT: Please bring your notebook (Windows, Linux or Mac) to our trainings. If this is not possible, please contact us in advance.

Course materials are in English, on request also in German (if available).
Course language is German, on request also in English.