Security on AWS

5 Steps 4 hours 38 积分

This quest is designed to teach you how to apply AWS Identity and Access Management, in concert with several other AWS Services, to address real-world application and service security management scenarios.


In this quest, you’ll start by learning the basics of IAM and security-related features and tools such as Security Groups, VPCs, and the AWS Web Application Firewall. Then you'll tie these foundations together with AWS Lambda, CloudTrail, CloudWatch, EMR, Elasticsearch and Key Management Service to automate monitoring, alerting, and data mining the reports and logs of these tools to identify and report on security events.

Quest Outline

Hands-On Lab

Introduction to AWS Identity and Access Management (IAM)

This lab shows you how to manage access and permissions to your AWS services using AWS Identity and Access Management (IAM). Practice the steps to add users to groups, manage passwords, log in with IAM-created users, and see the effects of IAM policies on access to specific services. For the lab to function as written, please DO NOT change the auto assigned region.

English 日本語 简体中文 繁體中文
Hands-On Lab

对 AWS 环境执行基本审核

本实验将逐步指导您对核心 AWS 资源执行基本审核。您将使用 AWS 管理控制台来了解如何对多项 AWS 服务、Amazon EC2、Amazon VPC、Amazon IAM、Amazon 安全组、AWS CloudTrail 和 Amazon CloudWatch 的使用情况进行审核。本实验将帮助您了解如何对与 AWS 中的组织监管、资产配置、逻辑访问控制、操作系统、数据库和应用程序安全配置相关的现有审核目标进行扩展。掌握本实验中的技能有助于实现可见性、可测试性和审核证据自动收集能力。

English 日本語 繁體中文
Hands-On Lab

EMR File System Client-side Encryption Using AWS KMS-managed Keys

In this lab you will enable client-side at-rest encryption using AWS KMS-managed key for data stored in Amazon S3 with the EMR File System (EMRFS). Within Amazon EMR you will create security configuration to encrypt the object written to S3 with client-side encryption using the AWS KMS-managed key specified by you, and decrypt objects with the same key that was used to encrypt them. This will allow you to more easily leverage frameworks like Apache Spark, Apache Tez, and Apache Hadoop MapReduce on Amazon EMR to run big data analytics, stream processing, machine learning, and ETL workloads on confidential data.

English 日本語
Hands-On Lab

Monitoring Security Groups with Amazon CloudWatch Events

In this lab you will learn how to use AWS CloudWatch events with a Lambda function to detect changes to the ingress permissions of an EC2 security group. In an different lab, Monitoring Security Groups with AWS Config, you will do something similar but with different services. Both of these labs illustrate techniques that could be used to provide additional layers of protection to infrastructure controls. Prerequisites: To successfully complete this lab, you should be familiar with EC2 security groups. Python programming skills are helpful, although full solution code is provided. It would be helpful to have taken the Introduction to AWS Lambda lab.

English 日本語
Hands-On Lab

Update Security Groups Automatically Using AWS Lambda

Security is a top priority for Amazon Web Services (AWS). AWS provides many tools and services to meet your unique security needs. This lab will present a solution, among many, to enhance your security. This lab walks through a method to automatically update your Virtual Private Cloud (VPC) Security Groups to only allow access from Amazon CloudFront and AWS Web Application Firewall (WAF). Defining Security Groups rules this way prevents malicious requests from by-passing AWS WAF security rules and accessing your EC2 instances directly.

English 日本語

Enroll Now

Enroll in this quest to track your progress toward earning a badge.