AWS Security Workshops
1/31/2020 - Latest workshop
In this workshop, you practice running an environment with a test and production deployment pipeline. Along the way, we cover topics such as static code analysis, dynamic infrastructure review, and workflow types. You also learn how to update your process in response to security events. As an example, we write new AWS Lambda functions, aligned with controls, to automate security at scale.
Welcome to the AWS security workshops portal! Here you will find a collection of workshops and other hands-on content aimed at helping you gain an understanding of the AWS service ecosystem and introduce you to a variety of best practices that can be applied to securing your environments and workloads running in AWS.
Security and Compliance is a shared responsibility between AWS and the customer. AWS is responsible for protecting the infrastructure which runs all of the services offered and this responsibility is known as the Security of the Cloud. AWS customers benefit from a data center and network architecture built to satisfy the requirements of the most security-sensitive organizations. Customers responsibility, known as the Security in the Cloud, is determined by which services the customer chooses to use.
The workshops and other hands-on content contained in this portal are focused on the Security in the Cloud and they will guide you through prepared scenarios that represent common use cases and operational tasks you'll face in building securely on AWS. They will also highlight the design principals from the AWS Well-Architected Framework Security Pillar, which can help you improve your security posture. Finally, in order to help you take a more holistic approach to security on AWS, we divide a lot of the content up into categories aligned to the NIST Cybersecurity Framework Core Functions to help you understand the scope of the content.
Key Cloud Security Design Principals
- Implement a strong identity foundation
- Enable traceability
- Apply security at all layers
- Automate security best practices
- Protect data in transit and at rest
- Keep people away from data
- Prepare for security events
Below are some additional resources that have some great hands-on content: