...

This AWS training will cover many aspects of security in AWS, mostly focused on Identity and Access Management (IAM). The first session provides a basic introduction to IAM concepts and best practices. The second session covers intermediate and advanced IAM topics. Both sessions include hands-on exercises and coverage of Cornell-specific security configurations and tools. Both sessions are jointly presented by AWS and Cornell staff. Sessions are remotely presented over about 4 hours, including breaks and hands-on exercises.

Details

Session 1 – AWS Security - Introduction & Basic Topics

Details

• Topic: AWS Security - Introduction & Basic Topics
• Date: Tuesday April 6, 2021
• Time: 9am - 1pm ET
  • Optional Q&A: 1pm-1:30pm
• Location: Zoom. Link provided at registration.
• Cost: $0
• Registration via CULearn required.
  • Registration form: https://cornell.sabacloud.com/Saba/Web_spf/NA1PRD0089/common/ledetail/cours000000000026500
  • Registration deadline: March 30

Session 2

• Topic: AWS Security - Intermediate & Advanced Topics
• Date: Wednesday April 14, 2021
• Time: 9am - 1pm ET
  • Optional Q&A: 1pm-1:30pm
• Location: Zoom. Link provided at registration.
• Cost: $0
• Registration via CULearn required.
  • Registration form: https://cornell.sabacloud.com/Saba/Web_spf/NA1PRD0089/common/ledetail/cours000000000026501
  • Registration deadline: April 7

Agendas

Session 1 – AWS Security - Introduction & Basic Topics

Agenda

...

Resources

• Presentation: TBD Presentations from 2021-04 AWS Security Immersion Days
• Materials
  • Lab: https://bit.ly/3upu3nd (LEVEL 300: IAM TAG BASED ACCESS CONTROL FOR EC2)
  • Access to Event Engine: https://dashboard.eventengine.run/login
  • Cornell AWS Account Access - Hands-on Exercise
  • S3 Public Access - Hands-on Exercise
  • CloudCheckr CMX SSO Login
  • Access to Survey: https://survey.immersionday.com/hoFPisUMg
• References
  • Annotated List of Free or Open Source Resources to Help with AWS Security
  • Baseline AWS Network ACL
  • Access Keys for AWS CLI Using Cornell Two-Step Login (- Shibboleth)
  • Interpreting CloudCheckr Best Practice Reports

Session 2 – AWS Security - Intermediate & Advanced Topics

Details

• Topic: AWS Security - Intermediate & Advanced Topics
• Date: Wednesday April 14, 2021
• Time: 9am - 1pm ET
  • Optional Q&A: 1pm-1:30pm
• Location: Zoom. Link provided at registration.
• Cost: $0
• Registration via CULearn required.
  • Registration form: https://cornell.sabacloud.com/Saba/Web_spf/NA1PRD0089/common/ledetail/cours000000000026501
  • Registration deadline: April 7

Agenda

...

Resources

• Presentation: TBD Presentations from 2021-04 AWS Security Immersion Days
• Materials

  • Permissions Boundaries: https://identity-round-robin.awssecworkshops.com/permission-boundaries-advanced/build/ d29727063o6tf9.cloudfront.net/permissionboundary.html

  • CloudTrail Lab: https://workshop.aws-management.tools/cloudtrail/athena/
  • Config hands-on: AWS Config - Hands-on Exercise
  • Access Analyzer hands-on: AWS Access Analyzer - Hands-on Exercise
• References
  • Cornell Standard AWS CloudTrail Configuration 
  • AWS Config Rules
  • Cornell Standard Configuration for AWS IAM Access Analyzer
  • Annotated List of Free or Open Source Resources to Help with AWS Security
• References from presentation chat
  • https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-calledvia
  • https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html#context_keys_table