When implementing different AWS services and architecting them within your environments, whether it be production, test or dev, do you know your security responsibilities for these services?
It is very likely that you are using services from three different classifications, which each have very different boundaries for enforcing security between the customer and AWS.
These classifications are:
- Infrastructure services
- Container services
- Abstract services
The level of responsibility around these services are defined within three different AWS Shared Responsibility Models, and it’s essential when using AWS you understand your level of responsibility when it comes to applying security.
This course focuses on Container and Abstract services. The primary Container services we look at are: RDS, EMR and Elastic Beanstalk and the primary Abstract services include: S3, DynamoDB, SQS and Glacier.
The lectures within this course will define and guide you through the following areas to help you apply the correct level of security to your Container and Abstract services.
What are AWS Abstract & Container Services?: This lecture provides you with a clear understanding of what abstract and container services are within AWS. There is a clear divide between the two which must be understood as responsibilities around security is a key difference between them
Security Controls: Data at Rest and In Transit: Here we will take a look some of the available options and best practises to help you maintain integrity and protection around your data when at rest, in transit and held within a number of container and abstract services
Security Controls: Network Segmentation: In this lecture we look at how we can use the network infrastructure and architecture to connect and restrict access to our container and abstract services to increase security through a number of different controls
Identity & Access Management: IAM is heavily used for both container and abstract services and plays a key part in authorisation and authentication for access and management, this lecture looks at how IAM can be used to help protect access across your services
Built-in Service Security Controls: This lecture will briefly look at some of the service specific security controls that may not have been covered in the previous lectures that you can leverage to help secure you data and environment
If you have thoughts or suggestions for this course, please contact Cloud Academy at email@example.com.
Hello and welcome to this course where we shall be looking at two different classifications of AWS services, these being Abstract and container services.
This course focuses on the security best practices that surround the most common services that fall into each of these classifications. To help you adopt and implement the correct level of security within your infrastructure.
Before we start, I would like to introduce myself. My name is Stuart Scott. I'm one of the trainers here at Cloud Academy, specializing in AWS Amazon Web Services. Feel free to connect with me with any questions using the details shown on the screen. Alternatively, you can always get in touch with us here at Cloud Academy using the community forum where one of our Cloud experts will respond to your question.
This course has been designed to help those who implement or manage cloud security, such as a cloud solutions architect, cloud security specialist, or similar. This course will also be useful for anyone looking to enhance their AWS security skills across a number of different services.
This course will cover a range of topics, including:
What are AWS Abstract and container services? This lecture provides you with a clear understanding of what Abstract and container services are within AWS.There is a clear divide between the two which be understood as responsibilities around security is a key difference between them.
Security controls, data at rest and in transit. Here we will take a look at some of the available options and best practices to help you maintain integrity and protection around your data when at rest, in transit, and held within a number of container and Abstract services.
Security controls, network segmentation. In this lecture, we'll look at how we can use the network infrastructure and architecture to connect and restrict access to our container and Abstract services to increase security through a number of different controls.
Identity and access management. IAM is heavily used for both container and Abstract services and plays a key part in authorization and authentication for access and management. This lecture looks at how IAM can be used to help protect access across your services.
Built-in service security controls. This lecture will briefly look at some of the service specific security controls that may not have been covered in the previous lectures that you can leverage to help secure your data and environment.
As a student of this course, you will obtain the following:
An understanding of the difference between both container and Abstract services within AWS and how security is managed differently between the two.
An awareness of how data can be protected at rest and in transit for different services.
A comprehension of the importance of network design in increasing the security of Abstract and container based services.
The ability to apply the correct level of security to your services depending on their classification, container or Abstract using security features from other AWS services as well as the services own built-in protection.
During this course I will cover some of the common services under container and Abstract services. As it is discussed, it will help to have a basic level of understanding of these services but it's not imperative to understand the details. With container services, we'll be looking at RDS, EMR, and Elastic Beanstalk. For Abstract services, we'll be looking at S3, DynamoDB, and SQS. In addition to these services, a basic understanding of the following is also recommended, VPCs and IAM.
As this course is focused on best practices rather than a detailed instructional how to course, there may be terms and phrases that are unfamiliar to you that you may want additional information and clarity on. Therefore, I will attach a glossary to this course which you can find on the course's landing page.
Feedback on our courses here at Cloud Academy are valuable to both us as trainers and any students looking to take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you could use the comments section found on the landing page of this course.
That brings us to the end of this lecture. Coming up next, we will take a look at what container and Abstract services are and the differences between them.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.