Making the front page news would be great for a company...if it’s for the right reasons. Qrypto Tremolo is an up-and-coming startup that develops next-generation financial services. As is typical with startups, its business management team has prioritized feature delivery over security. You’ve been hired by the startup to add security controls to its application developers’ accounts… and stop the company from making front page news for the wrong reasons.
Your goal is to provide security controls that improve observability of possible security events and avoid impacting the application developers. Since this task is solely your responsibility, you must maximize automation so that you can roll out changes quickly and reliably. To achieve your goals, you’ve chosen the following security services: AWS CloudTrail, Amazon GuardDuty, and the service control policy feature of AWS Organizations.
For more on AWS security, please see AWS Security: Compliance and Observability.
The topics and techniques are important and very useful. It's hard to collect all this on yourself, so packaged in a project is nice.
In this liveProject, you’ll bring visibility to customer AWS accounts using AWS CloudTrail, a vital tool that provides insight into all API actions invoked in consumer accounts. To achieve your objective, you’ll iteratively develop infrastructure as code in the form of AWS CloudFormation templates, then learn to address cross-account automation issues.
In this liveProject, you’ll ensure that Qrypto Tremolo’s security team can make incremental, verifiable changes to its AWS CloudTrail configuration. To achieve this, you’ll develop a suite of automated tests and CI/CD CodeBuild pipelines to deploy and test changes across the organization.
In this liveProject, you’ll set up the intrusion detection service Amazon GuardDuty to help catch any hackers who may be trying to break in—or who already have and are up to no good! To achieve this goal, you’ll iteratively develop infrastructure as code in the form of AWS CloudFormation templates, then learn to address cross-account automation issues.
In this liveProject, you’ll ensure that the security team can make incremental, verifiable changes to its Amazon GuardDuty intrusion detection configuration. You’ll develop a suite of automated tests and CI/CD AWS CodeBuild pipelines to deploy and test changes across the organization.
In this liveProject, you’ll leverage organizations service control policies to protect administrative and security resources in the accounts used by development teams where these teams have privileged access. Specifically, you will add automation to restrict access of local administrators (and intruders!) to any AWS CloudTrail and Amazon GuardDuty resources located in the accounts. Without these protections, the security controls we have put in place for audit, forensic analysis, and intrusion detection can be interfered with by the local administrators.
The cloud security market is booming. The content offered for the project is quite good.
This liveProject series is intended for security engineers with intermediate experience in AWS and infrastructure as code. You will need the following:TOOLS
Note: For all projects in this series beware that it costs money to deploy AWS resources and leave them running. The costs depend upon the type of resource.
This liveProject series guides learners through building the automation to configure security controls for AWS accounts. It focuses on audit and intrusion detection by automating the configuration of AWS CloudTrail, Amazon GuardDuty, and organizations service control policies. The primary objective is developing mechanisms for test automation and change control based on principles of continuous integration/continuous delivery.
geekle is based on a wordle clone.