2021 AWS security-focused workshops
Year every, Amazon Web Providers (AWS) looks to greatly help our customers obtain more experience and understanding of our services through hands-on workshops. In 2021, we sadly couldn’t connect to you in person just as much as we’d have liked, therefore we wished to create and reveal new methods to learn and create on AWS. We constructed and published many security-focused workshops that assist you to learn how to make use of or configure new providers and functions securely. Workshops are usually hands-on learning modules made to educate or introduce practical abilities, techniques, or principles you can use to resolve business problems.
In this website write-up, we highlight the most recent AWS security-focused workshops below. There are many other workshops which were developed before 2021 also; they could be found by you on AWS Workshops, AWS Protection Workshops, and AWS Samples. Here’s the checklist:
Data Privacy< and Protection;/h2>
| Workshop Name | Abstract |
| Information classification and discovery with Amazon Macie | In this workshop, get acquainted with Amazon Macie and figure out how to scan and classify information in your Amazon Basic Storage Provider (Amazon S3) buckets. Use Macie (information classification) and AWS Safety Hub (centralized security look at) to observe how information in your atmosphere is stored, also to understand any noticeable adjustments in S3 bucket guidelines that could affect your security position. Learn to develop a custom data identifier also to create and scope information classification and discovery careers in Macie. Finally, make use of Macie to filtration system and investigate the full total outcomes from the scans you create. |
| Scaling your own encryption at rest abilities with AWS KMS | AWS makes it simple to protect your computer data with encryption. This hands-on workshop has an possibility to dive into encryption at rest options with AWS strong. Learn AWS server-aspect encryption with AWS Key Administration Support (AWS KMS) for solutions such as for example Amazon S3, Amazon Elastic Prevent Shop (Amazon EBS), and Amazon Relational Data source Services (Amazon RDS). Also, learn guidelines for making use of AWS KMS across several accounts and Areas and how to level while optimizing for efficiency. |
| Shop, retrieve, and manage delicate credentials within AWS Secrets Manager | In this workshop, discover ways to integrate AWS Secrets Manager in your growth system, backed by serverless apps. Work through an example application, and make use of Secrets Manager to retrieve credentials along with use attribute-based access manage using tags. Also, learn to keep track of the compliance of carry out and secrets incident reaction workflows which will rotate the secret, restore the reference plan, alert the SOC, and deny usage of the offender. |
| Developing and operating an exclusive Certificate Authority upon AWS | This workshop covers private certificate management on AWS, employing the concepts of least privilege, separation of duties, monitoring, and automation. Individuals learn operational areas of creating a complete certification authority (CA) hierarchy, creating a simple web program, and issuing personal certificates. It addresses how work functions-including CA administrators furthermore, application developers, and security administrators-can adhere to the principle of least privilege to execute various functions connected with certificate management. Finally, find out about IoT certificates, code-signing, and certificate templates make it possible for all of your use cases. |
| Amazon S3 accessibility and security configurations and controls | Amazon S3 provides many gain access to and security settings to assist you secure your data, controls that make sure that those settings stay in place, and features to assist you audit those handles and settings. This workshop walks you through these Amazon S3 scenarios and capabilities, to help they’re used by you for various security requirements. |
| Redact data like needed making use of Amazon S3 Item Lambda | Amazon S3 Object Lambda works together with your existing programs, and enables you to add your personal code making use of AWS Lambda features to automatically procedure and transform information from Amazon S3 before returning it to a credit card applicatoin. This permits different views of exactly the same object based on user identification, such as restricting usage of confidential info, or disallowing usage of personally identifiable details (PII) information. In this workshop, figure out how to make use of Amazon S3 Object Lambda to change objects during Have requests, and that means you longer have to store multiple sights of exactly the same document no. |
| Making use of AWS Nitro Enclaves in order to process sensitive information< highly;/the> | In this hands-on workshop, discover ways to use AWS Nitro Enclaves to isolate highly-sensitive information from your users, apps, and third-celebration libraries on your own Amazon Elastic Compute Cloud (Amazon EC2) situations. Explore AWS Nitro Enclaves, discuss common use situations, and build and operate your own enclave. In this workshop, find out about enclave isolation, cryptographic attestation, enclave image files, regional Vsock communication channels, typical debugging scenarios, and the enclave lifecycle. |
| Ransomware prevention methods inside Amazon S3 | Discover ways to use the safety, supervising and detective settings in AWS to safeguard your data within S3 from ransomware threats. Create Amazon GuardDuty for < and S3;a href=”http://aws.amazon.com/iam” focus on=”_blank” rel=”noopener noreferrer”>AWS Identification and Access Administration (IAM) Accessibility Analyzer, and figure out how to read and react to findings and generate IAM invariants. Develop a tiered storage method of recovery and backup, and learn to make use of Amazon S3 Item Lock, versioning, and replication to supply immutable storage and drive back malicious or accidental deletion. |
Governance, Danger, and Compliance
| Operating in the multi-account atmosphere< securely;/the> | Operating several AWS accounts under a business is just how many users eat AWS Cloud companies. In this workshop, learn to build foundational protection monitoring in multi-account conditions. Walk via an initial set up of AWS Protection Hub for centralized aggregation of findings across your AWS Companies corporation. Additionally, figure out how to centralize Amazon GuardDuty findings, Amazon Detective features, AWS Identity and Gain access to Management (IAM) Entry Analyzer findings (if offered), AWS Config principle evaluations, and AWS CloudTrail logs in to the central safety monitoring account (security equipment account). Finally, implement something control plan (SCP) that denies the opportunity to disable these security handles. |
| Creating remediation workflows in order to simplify compliance | Simplification and automation are fundamental to managing compliance from scale. Remediation is among the essential components of simplifying and handling danger. In this workshop, observe how to create a remediation workflow making use of AWS < and Config;a href=”https://aws.amazon.com/ec2/systems-manager” target=”_blank” rel=”noopener noreferrer”>AWS Techniques Manager automation. Understand how this workflow could be deployed at level and monitored with AWS Safety Hub to oversee the complete organization and how exactly to make use of AWS Audit Manager to access proof risk management easily. |
Access and identity Management
| Integrating IAM Access Analyzer right into a CI/CD pipeline | Desire to analyze Identification and Access Management (IAM) policies at scale? Desire to assist your developers write protected IAM policies? You’re supplied by this workshop the hands-on possibility to run IAM Accessibility Analyzer policy validation on your own AWS CloudFormation templates in a continuing integration/constant deployment (CI/CD) pipeline. |
| Information perimeter workshop | In this workshop, discover ways to develop a data perimeter because they build controls that allow usage of data only from anticipated network places and by trusted identities. The workshop includes five modules, each made to illustrate another Identity and Access Administration (IAM) or network handle. Find out where and how exactly to implement the correct controls predicated on different danger scenarios. Learn how to implement these settings as service control plans, identity- and resource-based guidelines, and Amazon Virtual Personal Cloud (Amazon VPC) endpoint plans. |
Infrastructure and network Security
| Create a Zero Rely on architecture for service-to-services workloads upon AWS | In this workshop, get hands-on encounter implementing a Zero Confidence architecture for service-to-services workloads on AWS. Learn to use providers such as for example Amazon API Gateway and Virtual Personal Cloud (Amazon VPC) endpoints to integrate system and identity controls when using Amazon GuardDuty, Lambda, and Amazon DynamoDB to benefit from native service controls. Understand how these services permit you to authorize particular flows between elements to lessen lateral network mobility danger and enhance the overall security position of one’s workload. |
| Securing deployment of third-get together ML models | Enterprise customers adopting machine understanding (ML) on AWS often search for prescriptive help with implementing security guidelines, establishing governance, securing their ML versions, and meeting compliance specifications. Creating a repeatable solution offers users with governance plus standardization over what will get provisioned within their AWS account. In this workshop, find out actions you can take to secure third-celebration ML design deployments. We offer cloud infrastructure-as-code templates to automate the set up of a hardened Amazon SageMaker atmosphere. These templates include personal networking, VPC endpoints, end-to-end encryption, monitoring and logging, and enhanced entry and governance handles through AWS Assistance Catalog. |
| Building Prowler right into a QuickSight-driven AWS protection dashboard | In this workshop, get hands-on encounter with Prowler, AWS Security Hub, and Amazon QuickSight because they build a custom safety dashboard for the AWS atmosphere. Using a multi-accounts deployment of Prowler built-into Security Hub, figure out how to identify plus analyze Prowler findings plus integrate to visualize the info QuickSight. Discover how to take full advantage of Prowler and QuickSight with automatically created datasets. |
Threat Detection and Incident Reaction
| Integration, prioritization, and response with AWS Protection Hub | This workshop is made to get you acquainted with AWS Security Hub, so that you can understand how to utilize it is likely to AWS environment better. This workshop provides two sections. The initial section demonstrates the functions and top features of AWS Security Hub. The second section demonstrates how to utilize AWS Safety Hub to import findings from various data resources, analyze findings so that you can prioritize reaction work, and apply responses to findings to greatly help improve your security position. |
| Building a good AWS incident response program making use of Jupyter notebooks | This workshop guides you through building an incident response arrange for your AWS environment using Jupyter notebooks. Walk via an easy-to-stick to sample incident, using blocks as a ready-to-make use of playbook in a Jupyter notebook computer. Then, follow easy steps to add extra programmatic and documented methods to your incident reaction program. |
| Scaling threat recognition and response upon AWS | In this hands-on workshop, find out about several AWS services involved with threat response and recognition as you walk via real-world threat scenarios. Find out about the threat recognition features of Amazon GuardDuty, Amazon Macie, and AWS Protection Hub and the obtainable response options. For every hands-on scenario, review solutions to detect and react to threats utilizing the following solutions: AWS CloudTrail, Virtual Personal Cloud (Amazon VPC) Movement Logs, Amazon CloudWatch Events, AWS Lambda, Amazon Inspector, Amazon GuardDuty, and AWS Safety Hub. |
| Building incident reaction playbooks for AWS | In this workshop, learn to develop incident reaction playbooks. Explore the incident reaction lifecycle, including preparation, analysis and detection, containment, recovery and eradication, and post-incident action. To find the most using this workshop, you ought to have advanced knowledge with AWS providers and responsibilities aligned with incident reaction frameworks such as for example NIST SP 800-61 R2. |
This list is representative of the security workshops created in 2021 to greatly help customers on the journey in AWS. If you’d prefer to find even more workshops, please head to AWS Workshops and choose Protection in the very best navigation bar, or you can examine out < also;a href=”https://awssecworkshops.com/” focus on=”_blank” rel=”noopener noreferrer”>AWS Safety Workshops for a subset of workshops curated by AWS Protection Specialists. Hopefully these workshops are loved by you!
For those who have feedback concerning this post, submit remarks in the Comments area below.
Want a lot more AWS Security news? Stick to us on Twitter.