CloudAcademy
  1. Home
  2. Content Library
  3. Amazon Web Services
  4. Courses
  5. AWS Security Best Practices: Abstract and Container Services

Introduction

The course is part of these learning paths

Security - Specialty Certification Preparation for AWS
course-steps 22 certification 1 lab-steps 11
AWS Access & Key Management Security
course-steps 6 certification 1 lab-steps 2 quiz-steps 3
DevOps Engineer – Professional Certification Preparation for AWS
course-steps 16 certification 1 lab-steps 10 quiz-steps 2

Contents

keyboard_tab
Introduction
Abstract & Container Services
Summary
7
Summary3m 27s
play-arrow
Start course
Overview
Transcript
DifficultyIntermediate
Duration56m
Students1243

Description

When implementing different AWS services and architecting them within your environments, whether it be production, test or dev, do you know your security responsibilities for these services?

It is very likely that you are using services from three different classifications, which each have very different boundaries for enforcing security between the customer and AWS.

These classifications are:

  1. Infrastructure services
  2. Container services
  3. Abstract services

The level of responsibility around these services are defined within three different AWS Shared Responsibility Models, and it’s essential when using AWS you understand your level of responsibility when it comes to applying security.

This course focuses on Container and Abstract services. The primary Container services we look at are: RDS, EMR and Elastic Beanstalk and the primary Abstract services include: S3, DynamoDB, SQS and Glacier.

The lectures within this course will define and guide you through the following areas to help you apply the correct level of security to your Container and Abstract services.

What are AWS Abstract & Container Services?:  This lecture provides you with a clear understanding of what abstract and container services are within AWS. There is a clear divide between the two which must be understood as responsibilities around security is a key difference between them

Security Controls: Data at Rest and In Transit:  Here we will take a look some of the available options and best practises to help you maintain integrity and protection around your data when at rest, in transit and held within a number of container and abstract services

Security Controls: Network Segmentation:  In this lecture we look at how we can use the network infrastructure and architecture to connect and restrict access to our container and abstract services to increase security through a number of different controls

Identity & Access Management:  IAM is heavily used for both container and abstract services and plays a key part in authorisation and authentication for access and management, this lecture looks at how IAM can be used to help protect access across your services

Built-in Service Security Controls:  This lecture will briefly look at some of the service specific security controls that may not have been covered in the previous lectures that you can leverage to help secure you data and environment


If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.

About the Author

Students38042
Labs1
Courses41
Learning paths17

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to more recently cloud architecture and implementation.

He is a Certified Data Centre Design Professional (CDCDP), with his latest achievements gained within the Amazon Web Services (AWS) field.

He currently holds the AWS Certified Solutions Architect - Associate certification as well as accreditations as an AWS Business and Technology Professional and in TCO and Cloud Economics.

In January 2016 Stuart was awarded 'Expert of the Year Award 2015' from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.