Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons

Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 5 Hours | 4.07 GB

In this course, you learn how to use AWS services that provide the capability to define encryption and compliance as code. These services include AWS Key Management Service, AWS CloudFormation, AWS CodePipeline, AWS CodeCommit, AWS CodeBuild, AWS Config and Config Rules, Amazon CloudWatch Event Rules, and AWS Lambda. You learn how to use a combination of these services and tools to encrypt, prevent, detect, and remediate noncompliant resources within your software systems. Throughout the course, you will see working examples of how to automate the encryption of these services and how they can be included as part of a deployment pipeline using AWS CloudFormation and AWS CodePipeline.

Learn How To

  • Use AWS CloudFormation to provision AWS resources as code.
  • Use AWS CodePipeline to model continuous delivery workflows.
  • Create, disable, and delete symmetric keys using the AWS Key Management Service (KMS).
  • Automate the management of KMS keys using AWS CloudFormation.
  • Perform client-side encryption using the AWS Encryption SDK.
  • Create and automatically rotate encrypted username and password secrets for Amazon RDS using the AWS Secrets Manager and AWS Lambda.
  • Automate the provisioning of a deployment pipeline that deploys SSL/TLS AWS Certificate Manager (ACM) digital certificates using AWS CloudFormation and AWS CodePipeline.
  • Automate the provisioning of encryption when creating EBS, DynamoDB, RDS, and S3 resources using AWS CloudFormation.
  • Automate the provisioning of a deployment pipeline that deploys AWS Config Rules to detect unencrypted AWS resources using AWS CloudFormation and AWS CodePipeline.
  • Automatically provision a CloudTrail trail in CloudFormation and search the JSON files generated by CloudTrail using Amazon Athena.
  • Automate the provisioning of a deployment pipeline that deploys a solution capable of preventing, detecting, and remediating unencrypted resources using AWS CloudFormation and AWS CodePipeline.

Lesson 1, “Automating AWS Resources”: This lesson teaches the core components and benefits of AWS CloudFormation. You learn how to access the CloudFormation documentation and console, to describe the core components and benefits of AWS CodePipeline, to use the CodePipeline Console, and to launch a CloudFormation stack that deploys a simple deployment pipeline.

Lesson 2, “Key Management”: This lesson teaches you how to create, disable, and delete a KMS key using the AWS Console; to automate the creation of a KMS key using AWS CloudFormation; to schedule the waiting period for KMS deletion; and to attach a KMS key to an AWS resource.

Lesson 3, “Developing with Encryption”: This lesson teaches you how to perform client-side encryption using the AWS Encryption SDK and to create encrypted username and password secrets that are automatically rotated for Amazon RDS using the AWS Secrets Manager and AWS Lambda.

Lesson 4, “Encryption in Transit”: This lesson teaches you how to create a TLS digital certificate using the AWS Certificate Manager (ACM) in the Console, and to use the AWS Console to create an Amazon CloudFront distribution and attach the ACM certificate to the distribution and ensure that all traffic is encrypted in transit. You also learn to use AWS CloudFormation to automate the provisioning of a TLS digital certificate using the AWS Certificate Manager, and to use AWS CloudFormation to create an Amazon CloudFront distribution and attach the ACM certificate to the distribution and ensure that all traffic is encrypted in transit. Finally, you learn to use AWS CloudFormation to create a deployment pipeline in AWS CodePipeline capable of deploying the ACM certificate and CloudFront distribution to AWS.

Lesson 5, “Encryption at Rest”: This lesson teaches you how to enable encryption while creating EBS, DynamoDB, RDS, and S3 resources in the Console. It also teaches you how to use AWS CloudFormation to automate the creation and encryption of EBS, DynamoDB, RDS, and S3 resources.

Lesson 6, “Detecting Encrypted Resources”: This lesson teaches you how to establish detective controls that discover changes to your AWS infrastructure and apply rules that you define to determine whether the resource is compliant or noncompliant. You will be able to describe AWS Config and Config Rules, to configure Managed Rules to run on your AWS account, and to run Managed Config rules from the console to detect encryption for specific AWS resources. Finally, you learn how to run Managed Config Rules using CloudFormation to detect encryption for specific AWS resources.

Lesson 7, “Logging and Searching KMS Keys”: This lesson teaches you how to create an AWS CloudTrail log in Console; to automatically provision a CloudTrail log in CloudFormation and view the JSON payload; and to search for uses of KMS keys within CloudTrail logs using Amazon Athena.

Lesson 8, “Continuous Encryption”: This lesson teaches you how to put together preventive, detective, and remediation controls into a complete continuous encryption solution. You will be able to describe a workflow for preventing, detecting, and remediating unencrypted resources; manually provision an automatic remediation solution using Config Rules, CloudWatch Event Rules, and Lambda; and create a continuous delivery solution for preventing, detecting, and remediating unencrypted resources using CloudFormation and CodePipeline.

Table of Contents

01 Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training) – Introduction
02 The Current State of Encryption
03 Setup Development Environment
04 Learning objectives
05 1.1 AWS CloudFormation
06 1.2 AWS CodePipeline
07 1.3 Launch a deployment pipeline stack
08 1.4 Lesson 1 Quiz
09 Learning objectives
10 2.1 Create KMS Keys in Console
11 2.2 Create a Customer-Managed CMK using AWS CloudFormation
12 2.3 Lesson 2 Quiz
13 Learning objectives
14 3.1 AWS Encryption SDK
15 3.2 AWS Secrets Manager
16 3.3 Lesson 3 Quiz
17 Learning objectives
18 4.1 AWS Certificate Manager and Amazon CloudFront in Console
19 4.2 Launch Encryption in Transit solution with AWS CloudFormation and AWS CodePipeline
20 4.3 Lesson 4 Quiz
21 Learning objectives
22 5.1 Encryption at rest for AWS EBS, Amazon RDS, Amazon DynamoDB, and Amazon S3
23 5.2 Encrypt a DynamoDB database using AWS CloudFormation
24 5.3 Lesson 5 Quiz
25 Learning objectives
26 6.1 Create AWS Config Rules in Console
27 6.2 Launch a Managed Config Rule via AWS CloudFormation
28 6.3 Lesson 6 Quiz
29 Learning objectives
30 7.1 Create an AWS CloudTrail log in Console
31 7.2 Provision a CloudTrail log and search KMS keys
32 7.3 Lesson 7 Quiz
33 Learning objectives
34 8.1 Manually create encryption prevention, detection, and remediation workflow in Console
35 8.2 Deployment pipeline for encryption prevention, detection, and remediation workflow in CloudFormation
36 8.3 Lesson 8 Quiz
37 Continuous Encryption on AWS (The DevSecOps on AWS Series) LiveLessons (Video Training) – Summary