1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. Certified Developer for AWS- Deployment and Security

Compliance and best practices

Start course
1h 59m

In this course we learn to

Recognize and implement secure procedures for optimum cloud deployment and maintenance.
Demonstrate ability to implement the right architecture for development, testing, and staging environments. 

Shared Security model
Compliance and best practices
Identity and Access Management (IAM)
Protecting data at Rest / In Transit
Identity Federation
Threat Mitigation
Amazon CloudFront Security

Deployment Services

Demonstrate ability to implement the right architecture for development, testing, and staging environments.
Understand the core AWS services, uses, and basic architecture best practices
Amazon CodeDeploy
Amazon CodePipeLine
Amazon CodeCommit

If you have thoughts or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.


 Security and standards in compliance are a real differentiator for how AWS and AWS customers benefit from platform compliance. So SOC 1, 2 and 3, ISO 9001, which is really important standards. All four of those are important standards for organizations with reporting and public list regulatory requirements. Anther great one is PCI DSS, which is really important for organizations with privacy requirements. E-G, if you're doing financial transactions or you're storing personal information or transactional records. H-I-P-P-A, or HIPPA is really important to healthcare organizations who need to collect or store personal patient records and data.

AWS also provides audit tools, which can be included in a security or compliance process, and you might get a question about a company, hypothetical company, who's looking to do a third party audit and they wanna bring an auditor in. What tools or process should that company go through to prove the compliance that AWS provides?

So running auditing and security processes, for example, penetration tests, require AWS approval. You can run penetration tests, but they need to be pre-approved first. You can't just run one over the network.

Security best practices. Always try to use security groups. They provide stateful virtual firewalls for your Amazon EC2 resources. You can apply multiple security groups to a single instance and to a single elastic networking interface. Augment security groups with Network Access Control Lists. While they're stateless, they do provide fast and efficient controls at the perimeter or subnet level. Network Access Control Lists, are not instant-specific, so they can provide another layer of control in addition to security groups. You can apply separation of duties to Network ACL management and security group management.

Use IPSec or AWS Direct Connect for trusted connections to other sites. Use the Virtual Gateway interface, or VGW where Amazon VPC-based resources require remote network connectivity. Try to protect data in transit to ensure the confidentiality and integrity of data, as well as the identities of the communicating parties. When you have large-scale deployments, design network security in layers. Instead of creating a single layer of network security protection, apply network security at external demilitarized zones and internal layers.

About the Author
Andrew Larkin
Head of Content
Learning Paths

Andrew is fanatical about helping business teams gain the maximum ROI possible from adopting, using, and optimizing Public Cloud Services. Having built  70+ Cloud Academy courses, Andrew has helped over 50,000 students master cloud computing by sharing the skills and experiences he gained during 20+  years leading digital teams in code and consulting. Before joining Cloud Academy, Andrew worked for AWS and for AWS technology partners Ooyala and Adobe.