Five-Project Series

AWS Security: Compliance and Observability you own this product

intermediate Python • basic CloudFormation • basic AWS CLI • basic Bash • intermediate knowledge of AWS accounts/Organizations
skills learned
AWS Config rules • Athena • Organizations SCP • CloudWatchEvents • CodeBuild • AWS Lambda • AWS CodeCommit
Eric Kascic
5 weeks · 6-8 hours per week average · INTERMEDIATE

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • share your subscription with another person
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!


5, 10 or 20 seats+ for your team - learn more

QryptoTremolo is an up-and-coming startup that develops next-generation financial services. The company chose to develop and operate in AWS to take advantage of its pay-as-you-go model for infrastructure. QryptoTremolo’s development teams have had unrestricted access to the AWS accounts, and ad hoc development has evolved organically, increasing the risk for security breaches. You’ve been hired to lower this risk and bring security controls to these accounts so the company doesn’t end up on the front-page news… because there is such a thing as bad publicity.

In these liveProjects, you’ll learn to automate configuration of security controls for AWS accounts, focusing on compliance and forensics. You’ll set up AWS Config with rules, deploy custom Config rules, build a CI/CD CodeBuild pipeline to automate change control, create forensic SQL queries, and automate the configuration of organizational service control policies (SCP) to prevent resource tampering. When you’re done with these liveProjects, you’ll have gained important skills for bringing compliance and observability to AWS accounts, and the peace of mind that comes with knowing your AWS accounts are secure.

For more on AWS security, please see AWS Security: Audit and Intrusion Detection Automation.

These projects are designed for learning purposes and are not complete, production-ready applications or solutions.

This is one of the most thoroughly created courses on these topics that I’ve ever taken. Every topic provided a specific and important use case, ample resources, well-defined expectations for deliverables, and a complete and repeatable solution to the problem.

Chad Yantorno, Lead Systems Security Engineer, Salesforce

book resources

When you start each of the projects in this series, you'll get full access to the following book for 90 days.

choose your plan


only $41.67 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • AWS Security: Compliance and Observability project for free

project author

Eric Kascic

Eric Kascic is a software developer with 25 years of professional experience. He has developed software solutions across a variety of business domains including telecommunications, medical imagery, and financial services. He has developed embedded, desktop, and server-side software, and has specialized in creating build, deployment, and test automation systems.

Since 2013, he has primarily focused on the AWS platform. At Stelligent, a boutique consulting firm that traditionally specialized in CI/CD, DevOps, and AWS automation, he developed CI/CD solutions for the AWS platforms of financial services companies. In developing infrastructure-as-code solutions, security was a primary focus. Eric invented the cfn_nag tool in 2016 to perform static analysis on CloudFormation templates to help customers prevent deploying unsecured AWS resources (such as those missing encryption or with overly permissive access).

He is currently a principal security engineer at a financial services company where he develops software to support security processes including automation of AWS IAM role creation, as well as a platform to detect and remediate insecure AWS resources across hundreds of accounts. Eric has published several articles relevant to security automation in AWS, including articles about cfn_nag, IAM, CloudFormation, and CI/CD.


This liveProject series is for security engineers with intermediate experience in AWS and infrastructure as code. To begin these liveProjects you’ll need to be familiar with the following:

  • Basic knowledge of *nix/bash command shell
  • Basic experience with CloudFormation
  • Basic experience with the AWS CLI
  • Basic experience with Boto
  • Intermediate knowledge of Python 3 (including lists, sets, dicts, loops, comprehensions, functions, conditionals)
  • Basic understanding of infrastructure as code
  • Basic understanding of security concepts
  • Intermediate understanding of cloud computing and the AWS platform

Note: These exercises rely upon the AWS platform, which may carry usage costs.

you will learn

In these liveProjects, you’ll learn how to automate security service controls in the AWS cloud with a focus on testing and change control.

  • Set up AWS Config with rules to preemptively discover resources that aren’t configured according to security best practices
  • Develop a custom Config Rule that discovers IAM (Identity and Access Management) roles with an overly permissive trust policy via Boto
  • Deploy CloudFormation templates
  • Develop pytest tests to verify the configuration of CloudFormation templates
  • Fit deployment and test execution into CodeBuild pipelines
  • Configure AWS Athena to allow for sending advanced forensic queries to an S3 bucket filled with organizational CloudTrail events
  • Use Boto to deploy and test organizations’ service control policies


You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.