Public Schedule

Security Engineering on AWS

  • Courses
  • Security Engineering on AWS

Information Technology

Leadership

Business Analysis

Certifications

Project Management

Public Schedule

Our Blogs

Get Course Information

Connect for information with us at info@velocityknowledge.com

How would you like to learn?*

Duration: 4 days Course

Course Description

This four-day course provides security engineers, architects, and DevOps professionals with the knowledge and practical experience to design and implement secure architectures on Amazon Web Services (AWS). The course focuses on best practices for securing AWS infrastructure, services, identities, and applications. Participants will engage in detailed labs covering IAM policies, encryption, logging, monitoring, incident response, and secure network design. By the end of the course, attendees will be equipped to identify vulnerabilities, mitigate risks, and implement scalable security controls using native AWS tools and services.

Target Audience

  • Cloud security engineers
  • DevOps and infrastructure professionals
  • Solution architects
  • IT security personnel working in AWS environments

Prerequisites

  • Fundamental understanding of AWS services (EC2, S3, IAM, VPC)
  • Basic familiarity with networking and security concepts (encryption, firewalls, identity management)
  • Completion of AWS Cloud Practitioner or AWS Solutions Architect – Associate recommended but not required
  • Comfort with the AWS Management Console and CLI

Course Objectives

By the end of this course, participants will be able to:

  • Understand and apply the AWS Shared Responsibility Model
  • Design secure access control and identity management solutions using IAM, roles, and policies
  • Protect data at rest and in transit using AWS-native encryption tools
  • Design secure VPC architectures with private subnets, NATs, gateways, and firewall controls
  • Implement logging and monitoring strategies using AWS CloudTrail, Config, GuardDuty, and Security Hub
  • Respond to security incidents in AWS environments using practical scenarios and automation

Course Takeaways

  • Hands-on experience securing real AWS workloads
  • Actionable knowledge of AWS-native security tools and services
  • Lab templates and scripts to replicate in your own environment
  • AWS security checklist and threat modeling resources

Module 1: AWS Security Foundations

Topics

  • AWS Shared Responsibility Model
  • AWS compliance and governance tools
  • Identity and Access Management (IAM) fundamentals
  • IAM users, groups, roles, policies, and least privilege
  • Credential management and access control

Hands-On Labs

  • Lab 1: IAM Policy Simulator: Build and test identity-based and resource-based policies
  • Lab 2: Create IAM roles and attach least-privilege policies for EC2, Lambda, and S3
  • Lab 3: Rotate and manage access keys using AWS Secrets Manager

Module 2: Data Protection and Encryption on AWS

Topics

  • Encryption at rest: KMS, envelope encryption, key rotation
  • Encryption in transit: TLS/SSL, ACM, ELB integration
  • Using AWS Secrets Manager and Parameter Store securely
  • Data classification and lifecycle management in S3

Hands-On Labs

  • Lab 4: Create and manage customer managed keys in AWS KMS
  • Lab 5: Encrypt and decrypt S3 data using both SSE-S3 and SSE-KMS
  • Lab 6: Enforce bucket policies that require encryption and MFA delete
  • Lab 7: Use Secrets Manager to store and rotate credentials for RDS

Module 3: Network Security and Secure Infrastructure Design

Topics

  • Secure VPC design: subnets, route tables, NAT gateways
  • Network ACLs, security groups, and VPC flow logs
  • VPC endpoints, private link, and service control policies (SCPs)
  • Bastion hosts, VPNs, and AWS Firewall Manager
  • EC2 hardening and security best practices

Hands-On Labs

  • Lab 8: Design and deploy a secure VPC with public/private subnets
  • Lab 9: Configure NACLs and security groups for granular control
  • Lab 10: Deploy a bastion host and restrict SSH access via IAM and source IP
  • Lab 11: Enable and review VPC flow logs and analyze using Athena

Module 4: Monitoring, Threat Detection, and Incident Response

Topics

  • Logging and visibility: CloudTrail, CloudWatch, Config
  • Threat detection with Amazon GuardDuty, Security Hub, and Inspector
  • Automated remediation and response using Lambda and EventBridge
  • Incident response strategies and playbooks
  • Integrating third-party tools with AWS (e.g., Splunk, CrowdStrike, etc.)

Hands-On Labs

  • Lab 12: Set up and analyze CloudTrail logs for suspicious activity
  • Lab 13: Enable GuardDuty, simulate findings, and respond with remediation scripts
  • Lab 14: Use Security Hub to consolidate findings and trigger automated alerts
  • Lab 15: Build an incident response workflow using AWS Lambda and EventBridge

Contact us to customize this course for your team and for your organization.

Contact Us?
Close

Search

Interested?
Security Engineering on AWS

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.