Skip to content

Workshops

Identity

Title Description
Access Delegation In this workshop you will learn how to use Amazon IAM to delegate access to these services to AWS Security Administrators and AWS Security Operators. AWS Security Administrators require full access to AWS security services while AWS Security Operators only require "read only" access to the services. You will use AWS IAM roles to do this and thereby promote the Principle of Least Privilege - giving users the minimum level of privilege they need to do their tasks.
  • Level: 200
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
Infrastructure Identity in AWS This workshop is designed to help you get familiar with AWS Security services and learn how to use them to securely administer systems in your environment. You'll be working with services such as AWS Systems Manager Session Manager, Amazon EC2 Instance Connect, and AWS Identity and Access Management. You will learn how to use these services to securely connect and administer your Amazon EC2 Instances as well as systems on-premises, you will setup tagged based access, and configure logging which will enable auditing of administrative activities and improve the security posture of your environment.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Protect, Detect
  • CAF Components: Preventive, Detective
  • Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
Permissions boundaries: how to delegate permissions on AWS In this workshop, you learn how to secure access permissions for multiple teams operating in a single AWS account. We provide an example three-tier web application running in production, and you practice delegating permissions to web administrators so they can modify only their own resources without impacting the permissions needed to do their job.All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services.
  • Level: 400
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
Serverless Identity In this workshop you will be focused on improving the identity controls of the a serverless application. You will get exposed to different identity concepts through the use of a variety of services such as AWS IAM, Amazon S3, Amazon CloudFront, and Amazon Cognito. Upon completion you should have a better idea of how to use native AWS identity controls to improve the security posture of a serverless application.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Identity & Access Management Engineers, Identity & Access Management Analysts, Security analysts & Security operations engineers
Zero Trust Episode 1: The Phantom Service Perimeter Throughout this workshop we will discuss the principles of Zero Trust and how AWS enables you to implement them in the most appropriate way for your workloads. This includes how a good Zero Trust architecture is not a single product, service, or architecture, but instead the application of principles and tenets to strengthen your designs. When complete, you will have had hands on experience implementing combined network and identity controls to help eliminate lateral network mobility risk and improve the overall security posture of your workload.
  • Level: 200
  • Duration: 2 hours
  • NIST CSF Functions: Protect, Detect
  • CAF Components: Preventive, Detective

Infrastructure Security

Title Description
Finding and addressing Network Misconfigurations on AWS In this workshop you will learn how to use the Amazon Inspector Network Reachability report to validate your network configuration without needing a deep background in networking. You will use this report to find misconfigurations that may result in unintended behaviors and unexpected vulnerabilities. You will finish the workshop by remediating these vulnerabilities by integrating the findings of Amazon Inspector with other AWS services.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Detect, Respond
  • CAF Components: Detective, Responsive
  • Personas: Network administrators, Security analysts and Security operations engineers.
Protecting workloads on AWS from the instance to the edge Your mission in this workshop is to use AWS Web Application Firewall (WAF), Inspector and Amazon Systems Manager to help build an effective set of controls around your AWS workloads. You will learn to use AWS WAF to mitigate common attack vectors against web applications such as SQL injection and Cross Site Scripting. You will also learn how to use Amazon Inspector and Amazon Systems Manager to automate security assessments and operational tasks such as patching and configuration management across your EC2 fleet.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Security analysts, Security operations engineers and Network administrators

Detection and Response

Title Description
Scaling threat detection and response on AWS This hands-on workshop is where you will learn about a number of AWS services involved with threat detection and response as we walk through real-world threat scenarios. Learn about the threat detection capabilities of Amazon GuardDuty, Amazon Macie and AWS Security Hub and the available response options. For each hands-on scenario, we review methods to detect and respond to threats using the following services: AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch Events, Amazon Macie, AWS Lambda, Amazon Inspector, Amazon GuardDuty and Amazon Security Hub.
  • Level: 300
  • Duration: 2 - 3 hours
  • NIST CSF Functions: Detect and Respond
  • CAF Components: Detective, Responsive
  • Personas: Incident responders, Security analysts and Security operations engineers

DevSecOps

Title Description
DevSecOps: Integrating security into pipelines In this workshop, you practice running an environment with a test and production deployment pipeline. Along the way, we cover topics such as static code analysis, dynamic infrastructure review, and workflow types. You also learn how to update your process in response to security events. As an example, we write new AWS Lambda functions, aligned with controls, to automate security at scale.
  • Level: 300
  • Duration: 2 hours
  • NIST CSF Functions: Protect
  • CAF Components: Preventive
  • Personas: Security analysts and Security operations engineers