AWS Security Governance at Scale

Course Introduction

• Instructor introduction
• Learning objectives
• Course structure and objectives
• Course logistics and agenda

Module 1: Governance at Scale

• Governance at scale focal points
• Business and Technical Challenges

Module 2: Governance Automation

• Multi-account strategies, guidance, and architecture
• Environments for agility and governance at scale
• Governance with AWS Control Tower
• Use cases for governance at scale

Module 3: Preventive Controls

• Enterprise environment challenges for developers
• AWS Service Catalog
• Resource creation
• Workflows for provisioning accounts
• Preventive cost and security governance
• Self-service with existing IT service management (ITSM) tools

Lab 1: Deploy Resources for AWS Catalog

• Create a new AWS Service Catalog portfolio and product.
• Add an IAM role to a launch constraint to limit the actions the product can perform.
• Grant access for an IAM role to view the catalog items.
• Deploy an S3 bucket from an AWS Service Catalog product.

Module 4: Detective Controls

• Operations aspect of governance at scale
• Resource monitoring
• Configuration rules for auditing
• Operational insights
• Remediation
• Clean up accounts

Lab 2: Compliance and Security Automation with AWS Config

• Apply Managed Rules through AWS Config to selected resources
• Automate remediation based on AWS Config rules
• Investigate the Amazon Config dashboard and verify resources and rule compliance

Lab 3: Taking Action with AWS Systems Manager

• Setup Resource Groups for various resources based on common requirements
• Perform automated actions against targeted Resource Groups

Module 5: Resources

Explore additional resources for security governance at scale