AWS Security

AWS Config you own this product

This free project is part of the liveProject series AWS Security: Compliance and Observability
prerequisites
basic CloudFormation • basic IAM • intermediate knowledge of AWS accounts/Organizations
skills learned
AWS Config and Config rules • StackSets • CloudWatchEvents
Eric Kascic
1 week · 6-8 hours per week · INTERMEDIATE
filed under

placing your order...

Don't refresh or navigate away from the page.
This free project is part of the liveProject series AWS Security: Compliance and Observability explore series
Check your email for instructions on accessing AWS Config (liveProject)
continue shopping
go to cart

Look inside

You’ve been hired to bring security controls to QryptoTremolo’s AWS accounts. The startup, which develops next-generation financial services, chose to develop and operate in AWS. QryptoTremolo’s development teams have had unfettered access to the AWS accounts, and ad hoc development has evolved organically, increasing the risk for security breaches. It’s up to you to lower this risk so that the company doesn’t end up on the front-page news…for the wrong reasons. Using CloudFormation, stack sets, and the AWS CLI, you’ll set up AWS Config with rules to preemptively discover resources that aren’t configured according to security best practices.

project author

Eric Kascic

Eric Kascic is a software developer with 25 years of professional experience. He has developed software solutions across a variety of business domains including telecommunications, medical imagery, and financial services. He has developed embedded, desktop, and server-side software, and has specialized in creating build, deployment, and test automation systems.

Since 2013, he has primarily focused on the AWS platform. At Stelligent, a boutique consulting firm that traditionally specialized in CI/CD, DevOps, and AWS automation, he developed CI/CD solutions for the AWS platforms of financial services companies. In developing infrastructure-as-code solutions, security was a primary focus. Eric invented the cfn_nag tool in 2016 to perform static analysis on CloudFormation templates to help customers prevent deploying unsecured AWS resources (such as those missing encryption or with overly permissive access).

He is currently a principal security engineer at a financial services company where he develops software to support security processes including automation of AWS IAM role creation, as well as a platform to detect and remediate insecure AWS resources across hundreds of accounts. Eric has published several articles relevant to security automation in AWS, including articles about cfn_nag, IAM, CloudFormation, and CI/CD.

prerequisites

This liveProject is for security engineers with intermediate experience in AWS and infrastructure as code. To begin these liveProjects you’ll need to be familiar with the following:

TOOLS
  • AWS CLI 1.18
  • Bash 3
  • Basic knowledge of *nix/bash command shell
  • Basic experience with CloudFormation
  • Basic experience with the AWS CLI
  • Intermediate knowledge of AWS accounts and AWS Organizations
  • Basic knowledge of IAM, Config, and assuming cross-account IAM roles
TECHNIQUES
  • Basic understanding of cloud computing and the AWS platform
  • Basic understanding of infrastructure as code
  • Basic understanding of security concepts

Note: These exercises rely upon the AWS platform, which may carry usage costs.

you will learn

In this liveProject, you’ll learn to iteratively develop the infrastructure as code in the form of CloudFormation templates and address cross-account automation issues including security.

  • Set up AWS Config with rules to preemptively discover resources that aren’t configured according to security best practices

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
RECENTLY VIEWED