A secure cloud environment is critical to doing business today. Prepare yourself (and your resume) to take on the security dragon with the newest Qwiklabs Quest: Security on AWS. Click here to enroll.
In this Quest, you will start by learning the basics of IAM and security-related tools like VPCs and the AWS Web Application Firewall (WAF). Then you’ll level-up to more advanced tools and use cases. This Quest is a great way to study up for the AWS Certified Security – Specialty exam (more on that tomorrow).
There are a total of six new labs in this Quest. If you’re an Advantage Subscriber, you already have unlimited access to the new labs (smart move!). If you’re not a subscriber, now might be a good time to consider signing up.
Here’s all the new stuff (the Quest costs a total of 69 credits, or save with a US $55 subscription):
- Find the Top 10 Talkers in a VPC: Learn how to identify your “top talkers” – the heaviest network users – and lock down security groups, analyze traffic patterns, and create network graphs.
- Protect Web Applications using AWS WAF: In another real-world scenario, create an Amazon S3 static hosted website delivered by Amazon Cloudfront, then learn how to use AWS WAF rules to block suspicious traffic patterns.
- Monitoring Security Groups with Amazon CloudWatch Events: Learn techniques to provide additional layers of infrastructure controls. In this lab, you’ll use CloudWatch and Lambda to detect changes to the ingress permissions of an EC2 security group.
- Visualizing Security Groups with Amazon Elasticsearch Service: Enforcing the principle of least privilege in Security Groups is an important component in the overall security of an application, but gets more difficult as your application increases in complexity. Walk through using VPC Flow Logs and the Amazon Elasticsearch Service to visualize security groups and identify which rules might be too permissive. (This one is my favorite.)
- Update Security Groups Automatically Using AWS Lambda: Learn to automate updates to your VPC security groups to only allow access from Amazon CloudFront and AWS WAF. This method prevents malicious requests from by-passing AWS WAF security rules and accessing your EC2 instances directly. Win!
- EMR File System Client-side Encryption Using AWS KMS-managed Keys: Got confidential data? Learn how to easily and securely leverage frameworks like Apache Spark, Apache Tex, and Apache Hadoop MapReduce on Amazon EMR to run big data analytics, machine learning, and ETL workloads. Within Amazon EMR, you will create a security configuration to encrypt and decrypt objects written to S3 using an AWS KMS-managed key specified by you.