AWS Security Workshops
可以实际上手体验的模拟环境,帮助更快学习使用AWS服务。
最后更新于
可以实际上手体验的模拟环境,帮助更快学习使用AWS服务。
最后更新于
This workshop focuses on applying Zero Trust principles to the service-to-service architectures we see in many micro-architecture or distributed environments today. This is not the only type of architecture that can benefit from these principles however, as scenarios like end-user access and Industrial IoT can benefit as well. Keep an eye out for any sequels that may delve into these use cases as we continue the Zero Trust saga.
这是一个AWS security workshops的统一入口,在这里,您将找到一系列研讨会和其他实践内容,旨在帮助您了解 AWS 服务生态系统,并向您介绍可用于保护在 AWS 中运行的环境和工作负载的各种最佳实践。
适合:刚上AWS云,刚迁移到AWS的客户学习。
实验包含了文档和代码,帮助你学习和搭建使用架构最佳实践。实验按照能力做了分类,100是入门介绍,200/300是中级,400是高级。
脑图的方式看良好架构设计的各个主题以及主题下面的小节。点击后可以查看详细的信息。
In this workshop you’ll learn how to think about security for the things you are responsible for - the applications that you build. We’ll go through the common security risks and the tools & techniques that you can use to secure your applications without making major impact to your Software Delivery.
In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora.
In this workshop, we will deep dive into Amazon Verified Permissions and build out an authorization solution for a mythical Sweets Manager application.
In this workshop, you will deep dive into Cognito and build out an authentication solution for a mythical Pet Store.
Understanding how to build effective Identity and Access Management (IAM) policies is an important skill for everyone building on AWS as policies determine who can access what in your AWS account. In this workshop, you will learn how to write different types of IAM policies and implement access controls on principals and resources, using conditions to scope down access.
Learn about IAM Access Analyzer Unused Access and how to use the feature programatically.
Build automations to remediate Unused Access findings
Exempt IAM resources from Unused Access findings via a pull request (PR) and create archive rules.
Learn how GitHub Actions can automatically validate and analyze IAM policies when permitting developer policy authoring abilities without compromising security.
A data perimeter on Amazon Web Services (AWS) is a set of preventive controls you can use to help establish a boundary around your data in AWS Organizations. This boundary helps ensure that your data can be accessed only by trusted identities from within networks you expect and that the data cannot be transferred outside of your organization to untrusted resources. Understanding what data perimeter controls are and how to use them is important for every organization. In this builder session, you will learn how to use data perimeter controls to address common security concerns and improve your security strategy.
Adopting a zero-trust approach is imperative for GenAI applications in the cloud as it ensures rigorous authentication and authorization for every access request, mitigating the risk of unauthorized data access. By assuming that no entity, whether inside or outside the network, should be inherently trusted, this model reduces the attack surface and enhances data security, compliance, and adaptability to dynamic cloud environments.
This workshop is in four parts, you can do all four or just choose the ones that are relevant each part takes about 60 minutes to complete, background knowledge of AWS IAM, Security fundamentals, Identity management, Single Sign On would help.
Advanced machine-to-machine access with IAM Roles Anywhere & IAM Unused Access Analyzer