Training AWS

Training goals

code: AWS-SGS

Security is foundational to AWS. Governance at scale is a new concept for automating cloud governance that can help companies retire manual processes in account management, budget enforcement, and security and compliance. By automating common challenges, companies can scale without inhibiting agility, speed, or innovation. In addition, they can provide decision makers with the visibility, control, and governance necessary to protect sensitive data and systems.

In this course, you will learn how to facilitate developer speed and agility, and incorporate preventive and detective controls. By the end of this course, you will be able to apply governance best practices.

Course objectives

In this course, you will learn to:

  • Establish a landing zone with AWS Control Tower
  • Configure AWS Organizations to create a multi-account environment • Implement identity management using AWS Single Sign-On users and groups
  • Federate access using AWS SSO
  • Enforce policies using prepackaged guardrails
  • Centralize logging using AWS CloudTrail and AWS Config
  • Enable cross-account security audits using AWS Identity and Access Management (IAM)
  • Define workflows for provisioning accounts using AWS Service Catalog and AWS Security Hub

Intended audience

This course is intended for:

  • Solutions architects, security DevOps, and security engineers

Conspect Show list

  • Module 1: Governance at Scale
    • Governance at scale focal points
    • Business and Technical Challenges
  • Module 2: Governance Automation
    • Multi-account strategies, guidance, and architecture
    • Environments for agility and governance at scale
    • Governance with AWS Control Tower
    • Use cases for governance at scale
  • Module 3: Preventive Controls
    • Enterprise environment challenges for developers
    • AWS Service Catalog
    • Resource creation
    • Workflows for provisioning accounts
    • Preventive cost and security governance
    • Self-service with existing IT service management (ITSM) tools
  • Lab 1: Deploy Resources for AWS Catalog
    • Create a new AWS Service Catalog portfolio and product.
    • Add an IAM role to a launch constraint to limit the actions the product can perform.
    • Grant access for an IAM role to view the catalog items.
    • Deploy an S3 bucket from an AWS Service Catalog product.
  • Module 4: Detective Controls
    • Operations aspect of governance at scale
    • Resource monitoring
    • Configuration rules for auditing
    • Operational insights
    • Remediation
    • Clean up accounts
  • Lab 2: Compliance and Security Automation with AWS Config
    • Apply Managed Rules through AWS Config to selected resources
    • Automate remediation based on AWS Config rules
    • Investigate the Amazon Config dashboard and verify resources and rule compliance
  • Lab 3: Taking Action with AWS Systems Manager
    • Setup Resource Groups for various resources based on common requirements
    • Perform automated actions against targeted Resource Groups
  • Module 5: Resources
    • Explore additional resources for security governance at scale
Download conspect training as PDF

Additional information

Prerequisites

Before attending this course, participants should have completed the following:

Required:

  • AWS Security Fundamentals course
  • AWS Security Essentials course

Optional:

  • AWS Cloud Management Assessment
  • Introduction to AWS Control Tower course
  • Automated Landing Zone course
  • Introduction to AWS Service Catalog course
Difficulty level
Duration 1 day
Certificate

The participants will obtain certificates signed by AWS (course completion).
Trainer

AWS Authorized Instructor (AAI)

Other training AWS | Security

AWS show more courses
Contact form

Please fill form below to obtain more info about this training.






* Fields marked with (*) are required !!!

Information on data processing by Compendium - Centrum Edukacyjne Spółka z o.o.

PRICE 300 EUR

FORM OF TRAINING ?

 

TRAINING MATERIALS ?

 

SELECT TRAINING DATE

    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
Book a training appointment
close

Traditional training

Sessions organised at Compendium CE are usually held in our locations in Kraków and Warsaw, but also in venues designated by the client. The group participating in training meets at a specific place and specific time with a coach and actively participates in laboratory sessions.

Dlearning training

You may participate from at any place in the world. It is sufficient to have a computer (or, actually a tablet, or smartphone) connected to the Internet. Compendium CE provides each Distance Learning training participant with adequate software enabling connection to the Data Center. For more information, please visit dlearning.eu site

close

Paper materials

Traditional materials: The price includes standard materials issued in the form of paper books, printed or other, depending on the arrangements with the manufacturer.

Electronic materials

Electronic materials: These are electronic training materials that are available to you based on your specific application: Skillpipe, eVantage, etc., or as PDF documents.

Ctab materials

Ctab materials: the price includes ctab tablet and electronic training materials or traditional training materials and supplies provided electronically according to manufacturer's specifications (in PDF or EPUB form). The materials provided are adapted for display on ctab tablets. For more information, check out the ctab website.

Upcoming AWS training

Training schedule AWS