1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. Data Security for SysOps Administrator Associate on AWS

Compliance Best Practices

Start course
Overview
DifficultyIntermediate
Duration53m
Students1620

Description

Course Description

This course is focused on the details you need to know for the 20% of the SysOps Administrator – Associate for AWS exam that covers data security. You will learn to recognize and explain platform compliance for AWS, and be able to both recognize and implement secure procedures for optimum cloud deployment and maintenance, including understanding the shared responsibility security model, and knowing what that looks like in practice.

Course Objectives

  • Recognize and explain the AWS shared security responsibility model
  • Recognise and implement IAM users, policies and roles
  • Recognize and explain how AWS enables you to protect data and rest and in transit

Intended Audience

This course is for anyone preparing for the Solutions Architect–Associate for AWS certification exam. We assume you have some existing knowledge and familiarity with AWS, and are specifically looking to get ready to take the certification exam.

Pre-Requisites

Basic knowledge of core AWS functionality. If you haven't already completed it, we recommend our Fundamentals of AWS Learning Path.

This Course Includes:

  • 7 Video Lectures
  • Everything you need to know about data security to prepare for the Solutions Architect–Associate for AWS certification exam

What You'll Learn

Lecture What you'll learn
Shared Responsibility Model What's managed by AWS vs. customers
Identity and Access Management How to use IAM to keep your data secure
Platform Compliance  Best practices for platform compliance
Data at Rest and in Transit How to secure your data at rest and in transit
Identity Federation Web identity federation
CloudFront Security How to secure Amazon CloudFront

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.

Transcript

 Security and standards in compliance are a real differentiator for how AWS and AWS customers benefit from platform compliance. So SOC 1, 2 and 3, ISO 9001, which is really important standards. All four of those are important standards for organizations with reporting and public list regulatory requirements. Anther great one is PCI DSS, which is really important for organizations with privacy requirements. E-G, if you're doing financial transactions or you're storing personal information or transactional records. H-I-P-P-A, or HIPPA is really important to healthcare organizations who need to collect or store personal patient records and data.

AWS also provides audit tools, which can be included in a security or compliance process, and you might get a question about a company, hypothetical company, who's looking to do a third party audit and they wanna bring an auditor in. What tools or process should that company go through to prove the compliance that AWS provides?

So running auditing and security processes, for example, penetration tests, require AWS approval. You can run penetration tests, but they need to be pre-approved first. You can't just run one over the network.

Security best practices. Always try to use security groups. They provide stateful virtual firewalls for your Amazon EC2 resources. You can apply multiple security groups to a single instance and to a single elastic networking interface. Augment security groups with Network Access Control Lists. While they're stateless, they do provide fast and efficient controls at the perimeter or subnet level. Network Access Control Lists, are not instant-specific, so they can provide another layer of control in addition to security groups. You can apply separation of duties to Network ACL management and security group management.

Use IPSec or AWS Direct Connect for trusted connections to other sites. Use the Virtual Gateway interface, or VGW where Amazon VPC-based resources require remote network connectivity. Try to protect data in transit to ensure the confidentiality and integrity of data, as well as the identities of the communicating parties. When you have large-scale deployments, design network security in layers. Instead of creating a single layer of network security protection, apply network security at external demilitarized zones and internal layers.

About the Author

Students59760
Courses93
Learning paths38

Andrew is an AWS certified professional who is passionate about helping others learn how to use and gain benefit from AWS technologies. Andrew has worked for AWS and for AWS technology partners Ooyala and Adobe.  His favorite Amazon leadership principle is "Customer Obsession" as everything AWS starts with the customer. Passions around work are cycling and surfing, and having a laugh about the lessons learnt trying to launch two daughters and a few start ups.