logo

AWS Course

course overview

download outline

Select Country and City to View dates & book now

Overview

The AWS Security Governance at Scale course will help solutions architects, DevOps engineers, and security engineers. You’ll learn how to automate your cloud governance so that you can retire manual processes through AWS security and governance services and concepts. In this 1-day, classroom training course, an expert AWS instructor will dive deep into concepts that help you provide decision makers with the visibility, control, and governance necessary to protect sensitive data and systems. You’ll apply key services, concepts, and best practices through tutorials, hands-on labs, discussions, demonstrations, presentations, and group exercises.

What you'll learn

  • Establish a landing zone with AWS Control Tower
  • Configure AWS Organizations to create a multi-account environment
  • Implement identity management using AWS Single Sign-On (SSO) users and groups
  • Federate access using AWS SSO
  • And much more

Who should take this course

  • Solutions architects
  • Security DevOps engineers
  • Security engineers

What experience you'll need

Knowledge and experience with AWS services, such as AWS Control Tower, AWS Service Catalog, AWS Config, and AWS Systems Manager

We recommend that attendees of this course have taken AWS Security Fundamentals and AWS Security Essentials

Audience

In this course, you will learn to:

  • Establish a landing zone with AWS Control Tower
  • Configure AWS Organizations to create a multi-account environment
  • Implement identity management using AWS Single Sign-On users and groups
  • Federate access using AWS SSO
  • Enforce policies using prepackaged guardrails
  • Centralize logging using AWS CloudTrail and AWS Config
  • Enable cross-account security audits using AWS Identity and Access Management (IAM)
  • Define workflows for provisioning accounts using AWS Service Catalog and AWS Security Hub

Prerequisites

Before attending this course, participants should have completed the following:

Required:

  • AWS Security Fundamentals course
  • AWS Security Essentials course

Optional:

  • AWS Cloud Management Assessment
  • Introduction to AWS Control Tower course
  • Automated Landing Zone course
  • Introduction to AWS Service Catalog course

Outline

Course Introduction

  • Instructor introduction
  • Learning objectives
  • Course structure and objectives
  • Course logistics and agenda

Module 1: Governance at Scale

  • Governance at scale focal points
  • Business and Technical Challenges

Module 2: Governance Automation

  • Multi-account strategies, guidance, and architecture
  • Environments for agility and governance at scale
  • Governance with AWS Control Tower
  • Use cases for governance at scale

Module 3: Preventive Controls

  • Enterprise environment challenges for developers
  • AWS Service Catalog
  • Resource creation
  • Workflows for provisioning accounts
  • Preventive cost and security governance
  • Self-service with existing IT service management (ITSM) tools

Lab 1: Deploy Resources for AWS Catalog

  • Create a new AWS Service Catalog portfolio and product.
  • Add an IAM role to a launch constraint to limit the actions the product can perform.
  • Grant access for an IAM role to view the catalog items.
  • Deploy an S3 bucket from an AWS Service Catalog product.

Module 4: Detective Controls

  • Operations aspect of governance at scale
  • Resource monitoring
  • Configuration rules for auditing
  • Operational insights
  • Remediation
  • Clean up accounts

Lab 2: Compliance and Security Automation with AWS Config

  • Apply Managed Rules through AWS Config to selected resources
  • Automate remediation based on AWS Config rules
  • Investigate the Amazon Config dashboard and verify resources and rule compliance

Lab 3: Taking Action with AWS Systems Manager

  • Setup Resource Groups for various resources based on common requirements
  • Perform automated actions against targeted Resource Groups

Module 5: Resources

  • Explore additional resources for security governance at scale

Certification

Labs - Please note: The labs for your AWS course will be delivered through AWS Builder labs. In order to access these labs you will need to have an Amazon BuilderID. You can set up your new Amazon account here. Please ensure that you have set up this Amazon BuilderID in advance of attending your class.

Courseware – Please note: In order to access your digital course materials you are required to set up a Gilmore account in advance of attending your course. To do this please follow this link.

Please also be aware that in order to access your materials and Labs it is important that your device and network should not restrict access to AWS or Vitalsource content. For that reason, AWS recommend NOT using a Corporate laptop with any security restrictions in place or the use of a VPN.

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.