Summary

This AWS training will cover many aspects of security in AWS, mostly focused on Identity and Access Management (IAM). The first session provides a basic introduction to IAM concepts and best practices. The second session covers intermediate and advanced IAM topics. Both sessions include hands-on exercises and coverage of Cornell-specific security configurations and tools. Both sessions are jointly presented by AWS and Cornell staff. Sessions are remotely presented over about 4 hours, including breaks and hands-on exercises.

Details

Session 1

Topic: AWS Security - Introduction & Basic Topics
Date: Tuesday April 6, 2021
Time: 9am - 1pm ET
- Optional Q&A: 1pm-1:30pm
Location: Zoom. Link provided at registration.
Cost: $0
Registration via CULearn required.
- Registration form: https://cornell.sabacloud.com/Saba/Web_spf/NA1PRD0089/common/ledetail/cours000000000026500
- Registration deadline: March 30

Session 2

Topic: AWS Security - Intermediate & Advanced Topics
Date: Wednesday April 14, 2021
Time: 9am - 1pm ET
- Optional Q&A: 1pm-1:30pm
Location: Zoom. Link provided at registration.
Cost: $0
Registration via CULearn required.
- Registration form: https://cornell.sabacloud.com/Saba/Web_spf/NA1PRD0089/common/ledetail/cours000000000026501
- Registration deadline: April 7

Agendas

Session 1 – AWS Security - Introduction & Basic Topics

Time	Topic	Details
9:00-9:10	Welcome & Introduction
9:10-9:40	Shared Responsibility Model
9:40-11:00	Identity best practices on AWS	IAM concepts How to use IAM properly, best practices, and guidance Resource policies versus IAM policies Using roles
11:00-11:15	Break
11:15-11:30	Using CloudShell
11:30-1:00	Practical AWS Security Basics	Cornell-specific account access Trusted Advisor S3 public access Network security CloudCheckr Best Practices reporting
(Optional) 1:00-1:30	Optional Q&A

Session 1 Resources

Presentation: TBD
Materials
- Lab: https://bit.ly/3upu3nd (LEVEL 300: IAM TAG BASED ACCESS CONTROL FOR EC2)
- Access to Event Engine: https://dashboard.eventengine.run/login
- Cornell AWS Account Access - Hands-on Exercise
- S3 Public Access - Hands-on Exercise
- CloudCheckr CMX SSO Login
- Access to Survey: https://survey.immersionday.com/hoFPisUMg
References
- Baseline AWS Network ACL
- Access Keys for AWS CLI Using Cornell Two-Step Login (Shibboleth)

Session 2 – AWS Security - Intermediate & Advanced Topics

Time	Topic	Details
9:00-9:10	Welcome & Introduction
9:10-10:10	IAM and Identity best practices on AWS – Intermediate/Advanced Topics	Permission boundaries Policy validation
10:10-11:00	CloudTrail	Introduction to CloudTrail Cornell standard CloudTrail configuration
11:00-11:15	Break
11:15-1:00	AWS Security at Cornell	Cornell-specific account access (repeated from Session 1) AWS Config IAM Access Analyzer Exposed Access Keys
(Optional) 1:00-1:30	Optional Q&A

Session 2 Resources

Presentation: TBD
Materials
- Permissions Boundaries: https://identity-round-robin.awssecworkshops.com/permission-boundaries-advanced/build/
- CloudTrail Lab: https://workshop.aws-management.tools/cloudtrail/athena/

Space shortcuts

Page tree

Summary

Details

Session 1

Session 2

Agendas

Session 1 – AWS Security - Introduction & Basic Topics

Session 1 Resources

Session 2 – AWS Security - Intermediate & Advanced Topics

Session 2 Resources

Space shortcuts

Page tree

2021-04 AWS Security Immersion Days

Summary

Details

Session 1

Session 2

Agendas

Session 1 – AWS Security - Introduction & Basic Topics

Session 1 Resources

Session 2 – AWS Security - Intermediate & Advanced Topics

Session 2 Resources