AWS Security Workshops
6/1/2020 - Latest workshop
In this workshop we start by guiding you through tagging your resources and maintaining an asset inventory for visibility and governance purposes with AWS Tags and Systems Manager (SSM). We then build an Amazon Machine Image (AMI) baking pipeline, harden the AMI with AWS SSM and install the Amazon Inspector agent. Within the pipeline we look for vulnerabilities and apply patches before promoting the AMI for use by an application.
Next we construct a continuous detection framework to detect change in state of security or detection of vulnerabilities using Amazon Inspector and AWS SSM’s Patch Manager.
Finally we put all these pieces together to manage your Amazon EC2 fleet at scale.
Welcome to the AWS security workshops portal! Here you will find a collection of workshops and other hands-on content aimed at helping you gain an understanding of the AWS service ecosystem and introduce you to a variety of best practices that can be applied to securing your environments and workloads running in AWS.
Security and Compliance is a shared responsibility between AWS and the customer. AWS is responsible for protecting the infrastructure which runs all of the services offered and this responsibility is known as the Security of the Cloud. AWS customers benefit from a data center and network architecture built to satisfy the requirements of the most security-sensitive organizations. Customers responsibility, known as the Security in the Cloud, is determined by which services the customer chooses to use.
The workshops and other hands-on content contained in this portal are focused on the Security in the Cloud and they will guide you through prepared scenarios that represent common use cases and operational tasks you'll face in building securely on AWS. They will also highlight the design principals from the AWS Well-Architected Framework Security Pillar, which can help you improve your security posture. Finally, in order to help you take a more holistic approach to security on AWS, we divide a lot of the content up into categories aligned to the NIST Cybersecurity Framework Core Functions to help you understand the scope of the content.
Key Cloud Security Design Principals
- Implement a strong identity foundation
- Enable traceability
- Apply security at all layers
- Automate security best practices
- Protect data in transit and at rest
- Keep people away from data
- Prepare for security events
Below are some additional resources that have some great hands-on content: