IS THIS THE RIGHT COURSE?
Before attending this course, participants should have completed the following:
AWS Security Fundamentals course
AWS Security Essentials course
AWS Cloud Management Assessment
Introduction to AWS Control Tower course
Automated Landing Zone course
Introduction to AWS Service Catalog course
WHO SHOULD ATTEND?
Solutions architects, security DevOps, and security engineers.
Course structure and objectives
Course logistics and agenda
Module 1: Governance at Scale
Governance at scale focal points
Business and Technical Challenges
Module 2: Governance Automation
Multi-account strategies, guidance, and architecture
Environments for agility and governance at scale
Governance with AWS Control Tower
Use cases for governance at scale
Module 3: Preventive Controls
Enterprise environment challenges for developers
AWS Service Catalog
Workflows for provisioning accounts
Preventive cost and security governance
Self-service with existing IT service management (ITSM) tools
Module 4: Detective Controls
Operations aspect of governance at scale
Configuration rules for auditing
Clean up accounts
Module 5: Resources
Explore additional resources for security governance at scale
Lab 1: Deploy Resources for AWS Catalog
Create a new AWS Service Catalog portfolio and product.
Add an IAM role to a launch constraint to limit the actions the product can perform.
Grant access for an IAM role to view the catalog items.
Deploy an S3 bucket from an AWS Service Catalog product.
Lab 2: Compliance and Security Automation with AWS Config
Apply Managed Rules through AWS Config to selected resources
Automate remediation based on AWS Config rules
Investigate the Amazon Config dashboard and verify resources and rule compliance
Lab 3: Taking Action with AWS Systems Manager
Setup Resource Groups for various resources based on common requirements
Perform automated actions against targeted Resource Groups