Access Delegation |
In this workshop you will learn how to use Amazon IAM to delegate access to these services to AWS Security Administrators and AWS Security Operators. AWS Security Administrators require full access to AWS security services while AWS Security Operators only require "read only" access to the services. You will use AWS IAM roles to do this and thereby promote the Principle of Least Privilege - giving users the minimum level of privilege they need to do their tasks.
- Level: 200
- Duration: 2 hours
- NIST CSF Functions: Protect
- CAF Components: Preventive
- Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
|
Infrastructure Identity in AWS |
This workshop is designed to help you get familiar with AWS Security services and learn how to use them to securely administer systems in your environment. You'll be working with services such as AWS Systems Manager Session Manager, Amazon EC2 Instance Connect, and AWS Identity and Access Management. You will learn how to use these services to securely connect and administer your Amazon EC2 Instances as well as systems on-premises, you will setup tagged based access, and configure logging which will enable auditing of administrative activities and improve the security posture of your environment.
- Level: 300
- Duration: 2 hours
- NIST CSF Functions: Protect, Detect
- CAF Components: Preventive, Detective
- Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
|
Permissions boundaries: how to delegate permissions on AWS |
In this workshop, you learn how to secure access permissions for multiple teams operating in a single AWS account. We provide an example three-tier web application running in production, and you practice delegating permissions to web administrators so they can modify only their own resources without impacting the permissions needed to do their job.All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services.
- Level: 400
- Duration: 2 hours
- NIST CSF Functions: Protect
- CAF Components: Preventive
- Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
|
Serverless Identity |
In this workshop you will be focused on improving the identity controls of the a serverless application. You will get exposed to different identity concepts through the use of a variety of services such as AWS IAM, Amazon S3, Amazon CloudFront, and Amazon Cognito. Upon completion you should have a better idea of how to use native AWS identity controls to improve the security posture of a serverless application.
- Level: 300
- Duration: 2 hours
- NIST CSF Functions: Protect
- CAF Components: Preventive
- Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
|
Zero Trust Episode 1: The Phantom Service Perimeter |
Throughout this workshop we will discuss the principles of Zero Trust and how AWS enables you to implement them in the most appropriate way for your workloads. This includes how a good Zero Trust architecture is not a single product, service, or architecture, but instead the application of principles and tenets to strengthen your designs. When complete, you will have had hands on experience implementing combined network and identity controls to help eliminate lateral network mobility risk and improve the overall security posture of your workload.
- Level: 200
- Duration: 2 hours
- NIST CSF Functions: Protect, Detect
- CAF Components: Preventive, Detective
|