Course version

This course outline applies to version 1.0 of AWS Academy Cloud Security Foundations in English.

Description

This course is designed to help students gain a foundational knowledge of cybersecurity principles and services for cloud computing through a guided hands-on approach. This course includes demonstrations, instructional guides, and real-life scenarios.

Curriculum objectives

Upon completion of this course, students will be able to do the following:

• Identify security benefits and responsibilities of using the Amazon Web Services (AWS) Cloud.
• Use the identity and access management features of AWS.
• Describe how to secure network access to AWS resources.
• Explain the available methods for encrypting data at rest and data in transit.
• Determine which AWS services can be used for monitoring and incident response.

Duration

The course duration is approximately 20 hours when delivered synchronously by an educator. This course is designed to be delivered over one semester. Actual delivery times will vary from class to class and depending on delivery format. This course must be delivered over a period of at least 4 weeks.

Intended audience

This fundamental (level 100) course is intended for students attending AWS Academy member institutions who seek a foundational understanding of cloud security concepts.

Student prerequisites

This course requires a strong foundation in IT concepts and skills. To ensure success in this course, students should have the following:

• Completed the AWS Academy Cloud Foundations course or have equivalent experience
• Worked with distributed systems
• Worked with multi-tier architectures
• Introduced to general networking concepts
• Introduced to cloud computing concepts

Delivery methods

Learning materials are provided to support synchronous or asynchronous learning. Lecture slides and an instructor guide are provided for instructor-led training. Recorded lectures and demos are provided for independent learning. The educator can determine the preferred delivery method for each module.

Educator prerequisites

This course does not have any prerequisites for educators. However, prior to facilitating this course, educators are recommended to complete this course, complete the AWS Academy Cloud Foundations course, and pass the AWS Certified Cloud Practitioner exam.

Learning resources

• Lecture slides
• Student guide
• Instructor guide
• Practical activities
• Lab exercises
• Instructor lab sandbox environment
• Recorded lectures
• Recorded demos
• Module knowledge checks
• Course assessment

Course timing

This table provides the suggested durations for all course activities. Note that the total classroom time for all the modules in this course is 1,200 minutes (20 hours). Items that are not applicable are marked NA.

Module Title	Lecture (Minutes)	Activity/Lab /Demo (Minutes)	Knowledge Check (Minutes)	Total Classroom Time (Minutes)	Recorded Lecture (Minutes)
Module 1: Welcome	40	20	NA	60	7
Module 2: Introduction to Security on AWS	60	20	20	100	25
Module 3: Securing Access to Cloud Resources	95	75	20	190	36
Module 4: Securing Your Infrastructure	95	90	20	205	30

Module Title	Lecture (Minutes)	Activity/Lab /Demo (Minutes)	Knowledge Check (Minutes)	Total Classroom Time (Minutes)	Recorded Lecture (Minutes)
Module 5: Protecting Data in Your Application	95	75	20	190	39
Module 6: Logging and Monitoring	95	110	20	225	21
Module 7: Responding to and Managing an Incident	95	75	20	190	24
Module 8: Bridging to Certification	40	NA	NA	40	8
Total Course Time	615	465	120	1,200	190

Module sections

This section lists the module sections in this course.

Module 1: Welcome

• Course prerequisites and objectives
• Course overview
• AWS Certified Security – Specialty certification
• Activity: AWS Documentation Scavenger Hunt

Module 2: Introduction to Security on AWS

• Security in the AWS Cloud
• Security design principles
• Shared responsibility model
• Activity: Shared Responsibility Model
• Knowledge check

Module 3: Securing Access to Cloud Resources

• AWS Identity and Access Management (IAM) fundamentals
• Authenticating with IAM
• Authorizing with IAM
• Examples of authorizing with IAM
• Demonstration: Amazon Simple Storage Service (Amazon S3) Cross-Account Resource-Based Policy
• Additional authentication and access management services

• Using AWS Organizations
• Lab: Using Resource-Based Policies to Secure an S3 Bucket
• Knowledge check

Module 4: Securing Your Infrastructure

• Structure of a three-tier web application
• Using a virtual private cloud (VPC)
• Setting up public and private subnets and internet protocols
• Using AWS security groups
• Using AWS network access control lists (ACLs)
• Using AWS load balancers
• Pulling it all together
• Protecting your compute resources
• Lab: Securing VPC Resources by Using Security Groups
• Knowledge check

Module 5: Protecting Data in Your Application

• Protect data at rest
• Amazon S3 protection features
• Protection through encryption
• Protect data in transit
• Best practices to protect data in Amazon S3
• Additional data protection services
• Lab: Encrypting Data at Rest by Using AWS Key Management Service (AWS KMS)
• Knowledge check

Module 6: Logging and Monitoring

• Importance of logging and monitoring
• Capture and collect
• Activity: Reading a Log File
• AWS services with built-in logs
• Monitor and report
• Best practices for logging and monitoring
• Additional AWS services for logging and monitoring
• Demonstration: AWS Security Hub
• Lab: Monitoring and Alerting with AWS CloudTrail and Amazon CloudWatch
• Knowledge check

Module 7: Responding to and Managing an Incident

• Identifying an incident
• AWS services that support the discovery and recognition phase
• AWS services that support the resolution and recovery phase
• Best practices for handling an incident
• Lab: Remediating an Incident by Using AWS Config and AWS Lambda
• Knowledge check

Module 8: Bridging to Certification

• Continuing on the AWS Academy Security learning path
• AWS documentation and frameworks