This post highlights hands-on labs that will help you get real-life experience building up AWS security skills.
Put your hands together for hands. From snapping and clapping to blowing a kid’s mind by doing that thing where you pretend to slide your thumb off, hands sure do come in handy. Hands are also hands-down the best way to learn cloud skills, like AWS security.
In this blog post, we’ll share five ACG hands-on labs that are perfect for AWS apprentices and practitioners looking to level up their AWS security skills with some essentials all cloud gurus need to know.
These guided labs will let you get your hands cloudy while walking you through real-world objectives in safe cloud environments.
Clocking in at around three hours, this stack of five hands-on labs is designed to teach you how to apply AWS Identity and Access Management, in concert with several other AWS services, to address real-world application and service security management scenarios.
Ready? Let’s get to learning!
Check out our other hands-on labs playlists
AWS more your jam? Check out Ryan’s cloud playlist: Hands-on labs for learning AWS essentials.
All in on Azure? Tune into Lars’ cloud playlist: Hands-on labs for Azure fundamentals.
You down with GCP? Press play on our Hands-on labs playlist for learning GCP essentials.
The AWS Security Essentials playlist
Skill Level: Practitioner
5 Labs | 3 hours
Suggested Music Pairings
- Security — Amyl and The Sniffers
- Safety Dance — Men Without Hats
- Security — Otis Redding
- Unlock it (Lock It) — Charli XCX
Note: To get started with the hands-on labs below, you’ll need an ACG account. Don’t have an account? Don’t fret! Start a free trial. Or sign up for a free account and start learning with this month’s batch of free courses, including our AWS Security Essentials course and other AWS-some AWS content like Amazon DynamoDB Deep Dive and How to Properly Secure an S3 Bucket.
Securing Your AWS Environment
In this free, on-demand webinar, get a breakdown of taking complex AWS environments from zero to secure and see how to audit and secure an AWS account.
1. Introduction to AWS Identity and Access Management (IAM)
Duration: 45 minutes
- Add the Users to the Proper Groups
- Use the IAM Sign-In Link to Sign in as a User
Overview: AWS Identity and Access Management (IAM) allows AWS customers to manage user access and permissions for their accounts and available APIs/services within AWS. IAM can manage users and security credentials and allow users to access AWS resources.
In this hands-on lab, you’ll walk through the foundations of IAM. We’ll focus on user and group management as well as how to assign access to specific resources using IAM-managed policies. We’ll learn how to find the login URL where AWS users can log in to their account and explore this from a real-world use-case perspective.
Already an ACG member? Try this lab here.
2. Managing AWS IAM User Permissions Using Groups and Policies
Duration: 30 minutes
- Create a Customer-Managed Policy
- Create a Group Controlled via a Customer-Managed Policy
- Assign Users to a Group
Overview: In this hands-on lab, we do a bit of role-playing. You’re a security engineer working for a new startup launching an online bookstore for rare and antique books. The founder needs your help with setting up her development team with the proper access permissions. In order to provide access and ensure the proper security measures are in place, you’ll use AWS Identity & Access Management (IAM). You’ll group users and assign permissions for the developer group using policies.
ACG member already? Start this lab here.
3. Create and Configure Basic VPC Components in AWS
Duration: 30 minutes
- Create a VPC
- Create an Internet Gateway
- Edit the Main Route Table
- Create a Network Access Control List (NACL) and associate it.
- Create two public subnets
Overview: AWS Networking consists of many different components. Understanding the relationship between these components is a huge part of understanding the overall functionality and capabilities of AWS. In this hands-on lab, you’ll create a VPC with an Internet Gateway and subnets across multiple Availability Zones.
Signed into ACG? Fire up this lab here.
Watch: What Leaders Need To Know About Cloud Security
Is your business safe in the cloud? The answer is largely up to you. Watch this free on-demand webinar with Mark Nunnikhoven as he tackles the keys to cloud security that sticks.
4. AWS Security Essentials – Network Segmentation Lab
Duration: 90 minutes
- Configure Security Groups
- Configure Network Access Control Lists (NACLs)
Overview: In this hands-on lab, you’ll use security groups and network access control lists to segment the network so only necessary traffic is available. You’ll gain experience using security groups and network access control lists to secure the different layers of a multi-tier application.
ACG member? Lockdown this lab here.
5. AWS Security Essentials – VPC Endpoints and Securing S3
Duration: 60 minutes
- Secure the S3 Buckets
- SSH into AppServer1
- Create a VPC Endpoint
Overview: AWS S3 and DynamoDB are fantastic managed services. (Some go so far as saying S3 is the greatest cloud service of all time.) These services allow you to focus on what’s important while AWS focuses on the backend processes. Unfortunately, because these services are managed by AWS, they require traffic to leave your protected VPC to be accessed. Enter VPC Endpoints!
VPC Endpoints allow you to create endpoints within your VPC that keep the traffic on a private link between your VPC resources and these AWS services. Accessing DynamoDB and S3 privately using your own VPC CIDR range is crucial to maintaining a secure environment that is resistant to hackers, data thieves, and other undesirable folks.
In this hands-on lab, you’ll configure a VPC Endpoint and utilize encryption to ensure your data is secure.
Signed into your ACG account? Get hands-on here.
Recommended next steps for learning AWS security
- Once you have these labs down to a science, you can crank the difficulty up a notch. Many of the above labs can be taken on using our new Challenge Mode option.
- ACG’s AWS Security Essentials course is perfect for learners who are in search of a more security-minded architecture. It’s also totally free this month, so check it out!
- From there, you might want to consider which AWS certification path is right for you. The AWS Certified Security – Specialty certification is worth considering if security is important to you.
- Not sure where to go next? Check out our AWS Security learning path for guidance on what to learn to keep advancing your AWS security skills as you go from novice to guru.
- Ransomware and AWS: 6 ways to reduce your blast radius
- Fixing 5 Common AWS IAM Errors
- How to audit and secure an AWS account
- 12 AWS Config rules that every account should have
- Securing your multi-cloud Terraform pipelines with policy-as-code
Lock down your AWS security skills
Learn faster. Move faster. Get started with ACG and transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.