Table of Contents

Info
Quick link to this page: https://bit.ly/cornell-aws-security

Info
See "Resources" sections below for links to workshop and exercise materials.

Summary

This AWS training will cover many aspects of security in AWS, mostly focused on Identity and Access Management (IAM). The first session provides a basic introduction to IAM concepts and best practices. The second session covers intermediate and advanced IAM topics. Both sessions include hands-on exercises and coverage of Cornell-specific security configurations and tools. Both sessions are jointly presented by AWS and Cornell staff. Sessions are remotely presented over about 4 hours, including breaks and hands-on exercises.

Details

Session 1 – AWS Security - Introduction & Basic Topics

Details

Topic: AWS Security - Introduction & Basic Topics
Date: Tuesday April 6, 2021
Time: 9am - 1pm ET
- Optional Q&A: 1pm-1:30pm
Location: Zoom. Link provided at registration.
Cost: $0
Registration via CULearn required.
- Registration form: https://cornell.sabacloud.com/Saba/Web_spf/NA1PRD0089/common/ledetail/cours000000000026500
- Registration deadline: March 30

Session 2

Topic: AWS Security - Intermediate & Advanced Topics
Date: Wednesday April 14, 2021
Time: 9am - 1pm ET
- Optional Q&A: 1pm-1:30pm
Location: Zoom. Link provided at registration.
Cost: $0
Registration via CULearn required.
- Registration form: https://cornell.sabacloud.com/Saba/Web_spf/NA1PRD0089/common/ledetail/cours000000000026501
- Registration deadline: April 7

Agendas

Session 1 – AWS Security - Introduction & Basic Topics

Agenda

Time	Time	Topic
9:00-9:10	Welcome & Introduction
9:10-9:40	Shared Responsibility Model
9:40-11:00	Identity best practices on AWS	IAM concepts How to use IAM properly, best practices, and guidance Resource policies versus IAM policies Using roles
11:00-11:15	Break
11:15-11:30	Using CloudShell
11:30-1:00	Practical AWS Security Basics	Cornell-specific account access Trusted Advisor S3 public accessCornell-specific account access Network security CloudCheckr Best Practices reporting
(Optional) 1:00-1:30	Optional Q&A

...

Resources

Presentation: TBD Presentations from 2021-04 AWS Security Immersion Days
Materials
- Lab: https://bit.ly/3upu3nd (LEVEL 300: IAM TAG BASED ACCESS CONTROL FOR EC2)
- Access to Event Engine: https://dashboard.eventengine.run/login
- Cornell AWS Account Access - Hands-on Exercise
- S3 Public Access - Hands-on Exercise
- CloudCheckr CMX SSO Login
- Access to Survey: https://survey.immersionday.com/hoFPisUMg
References

Session 2 – AWS Security - Intermediate & Advanced Topics

Details

Topic: AWS Security - Intermediate & Advanced Topics
Date: Wednesday April 14, 2021
Time: 9am - 1pm ET
- Optional Q&A: 1pm-1:30pm
Location: Zoom. Link provided at registration.
Cost: $0
Registration via CULearn required.
- Registration form: https://cornell.sabacloud.com/Saba/Web_spf/NA1PRD0089/common/ledetail/cours000000000026501
- Registration deadline: April 7

Agenda

Time	Topic	Details
9:00

-9:10

	Welcome & Introduction
9:

10

00-

10

9:

10

30	IAM and Identity best practices on

AWS – Intermediate/Advanced Topics

AWS
9:30-9:40	IAM permission boundary demo
9:40-10:00	IAM permissions boundary lab	https://d29727063o6tf9.cloudfront.net/permissionboundary.html
10:00-10:25	CloudTrail
10:25-10:30	CloudTrail demo
10:30-10:45	CloudTrail at Cornell
10:45

Permission boundaries
Policy validation

10:10

-11:00

CloudTrail

Introduction to CloudTrail

Cornell standard CloudTrail configuration

lab	https://workshop.aws-management.tools/cloudtrail/setup/ https://workshop.aws-management.tools/cloudtrail/athena/
11:00-11:15	Break
11:15-

1:00AWS Security at Cornell

Cornell-specific account access (repeated from Session 1)

AWS Config

IAM Access Analyzer

Exposed Access Keys

11:45	Config Service
11:45-12:05	Cornell Config Service lab	AWS Config - Hands-on Exercise
12:05-12:35	IAM Access Analyzer
12:35-1:00	Cornell Access Analyzer lab	AWS Access Analyzer - Hands-on Exercise
(Optional) 1:00-1:30	Optional Q&A

...

Resources

Presentation: TBD Presentations from 2021-04 AWS Security Immersion Days
Materials
- Permissions Boundaries: https://identity-round-robin.awssecworkshops.com/permission-boundaries-advanced/build/ d29727063o6tf9.cloudfront.net/permissionboundary.html
- CloudTrail Lab: https://workshop.aws-management.tools/cloudtrail/athena/
- Config hands-on: AWS Config - Hands-on Exercise
- Access Analyzer hands-on: AWS Access Analyzer - Hands-on Exercise
References
References from presentation chat
- https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-calledvia
- https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html#context_keys_table

Space shortcuts

Page tree

Versions Compared

Old Version 12

New Version Current

Key

Summary

Details

Session 1 – AWS Security - Introduction & Basic Topics

Details

Session 2

Agendas

Session 1 – AWS Security - Introduction & Basic Topics

Agenda

Resources

Session 2 – AWS Security - Intermediate & Advanced Topics

Details

Agenda

Resources

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 12

New Version Current

Key

Summary

Details

Session 1 – AWS Security - Introduction & Basic Topics

Details

Session 2

Agendas

Session 1 – AWS Security - Introduction & Basic Topics

Agenda

Resources

Session 2 – AWS Security - Intermediate & Advanced Topics

Details

Agenda

Resources