This course is intended for:
- Solutions architects, security DevOps, and security engineers
In this course, you will learn to:
- Establish a landing zone with AWS Control Tower
- Configure AWS Organizations to create a multi-account environment
- Implement identity management using AWS Single Sign-On users and groups
- Federate access using AWS SSO
- Enforce policies using prepackaged guardrails
- Centralize logging using AWS CloudTrail and AWS Config
- Enable cross-account security audits using AWS Identity and Access Management (IAM)
- Define workflows for provisioning accounts using AWS Service Catalog and AWS Security Hub
Before attending this course, participants should have completed the following:
Required:
- AWS Security Fundamentals course
- AWS Security Essentials course
Optional:
- AWS Cloud Management Assessment
- Introduction to AWS Control Tower course
- Automated Landing Zone course
- Introduction to AWS Service Catalog course
- Szkolenie: polski
- Materiały: angielski
Course Introduction
- Instructor introduction
- Learning objectives
- Course structure and objectives
- Course logistics and agenda
Module 1: Governance at Scale
- Governance at scale focal points
- Business and Technical Challenges
Module 2: Governance Automation
- Multi-account strategies, guidance, and architecture
- Environments for agility and governance at scale
- Governance with AWS Control Tower
- Use cases for governance at scale
Module 3: Preventive Controls
- Enterprise environment challenges for developers
- AWS Service Catalog
- Resource creation
- Workflows for provisioning accounts
- Preventive cost and security governance
- Self-service with existing IT service management (ITSM) tools
Module 4: Detective Controls
- Operations aspect of governance at scale
- Resource monitoring
- Configuration rules for auditing
- Operational insights
- Remediation
- Clean up accounts
Module 5: Resources
- Explore additional resources for security governance at scale