CloudAcademy
  1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. Certified Developer for AWS- Deployment and Security

Compliance and best practices

play-arrow
Start course
Overview
DifficultyIntermediate
Duration1h 59m
Students1335

Description

In this course we learn to

Recognize and implement secure procedures for optimum cloud deployment and maintenance.
Demonstrate ability to implement the right architecture for development, testing, and staging environments. 

Shared Security model
Compliance and best practices
Identity and Access Management (IAM)
Protecting data at Rest / In Transit
Identity Federation
Threat Mitigation
Amazon CloudFront Security

Deployment Services

Demonstrate ability to implement the right architecture for development, testing, and staging environments.
Understand the core AWS services, uses, and basic architecture best practices
Amazon CodeDeploy
Amazon CodePipeLine
Amazon CodeCommit

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.

Transcript

 Security and standards in compliance are a real differentiator for how AWS and AWS customers benefit from platform compliance. So SOC 1, 2 and 3, ISO 9001, which is really important standards. All four of those are important standards for organizations with reporting and public list regulatory requirements. Anther great one is PCI DSS, which is really important for organizations with privacy requirements. E-G, if you're doing financial transactions or you're storing personal information or transactional records. H-I-P-P-A, or HIPPA is really important to healthcare organizations who need to collect or store personal patient records and data.

AWS also provides audit tools, which can be included in a security or compliance process, and you might get a question about a company, hypothetical company, who's looking to do a third party audit and they wanna bring an auditor in. What tools or process should that company go through to prove the compliance that AWS provides?

So running auditing and security processes, for example, penetration tests, require AWS approval. You can run penetration tests, but they need to be pre-approved first. You can't just run one over the network.

Security best practices. Always try to use security groups. They provide stateful virtual firewalls for your Amazon EC2 resources. You can apply multiple security groups to a single instance and to a single elastic networking interface. Augment security groups with Network Access Control Lists. While they're stateless, they do provide fast and efficient controls at the perimeter or subnet level. Network Access Control Lists, are not instant-specific, so they can provide another layer of control in addition to security groups. You can apply separation of duties to Network ACL management and security group management.

Use IPSec or AWS Direct Connect for trusted connections to other sites. Use the Virtual Gateway interface, or VGW where Amazon VPC-based resources require remote network connectivity. Try to protect data in transit to ensure the confidentiality and integrity of data, as well as the identities of the communicating parties. When you have large-scale deployments, design network security in layers. Instead of creating a single layer of network security protection, apply network security at external demilitarized zones and internal layers.

About the Author

Students59004
Courses73
Learning paths23

Andrew is an AWS certified professional who is passionate about helping others learn how to use and gain benefit from AWS technologies. Andrew has worked for AWS and for AWS technology partners Ooyala and Adobe.  His favorite Amazon leadership principle is "Customer Obsession" as everything AWS starts with the customer. Passions around work are cycling and surfing, and having a laugh about the lessons learnt trying to launch two daughters and a few start ups.