Overview

The AWS Cloud Security Virtual event aims to improve your cloud security skills through a series of guided workshops, Security JAM scenario challenges and on-demand talks. In this portal you will find the following:

Workshops

These workshops are designed to help you get familiar with AWS Security and Operational services so you can improve your security and compliance objectives. You’ll be working with services such as AWS Systems Manager (operational management), AWS Config (configuration change management), Amazon Inspector (vulnerability & behavior analysis) and AWS WAF (web application firewall).

At the start of each workshop you will be able to watch a short video that will provide you an overview and a real world example.

Topic Description Skill Level Time
Eliminate Bastion Hosts with Systems Manager In this session, you will configure AWS Systems Manager Session Manager to provide secure interactive access to your managed instances without the need to expose inbound ports, manage bastion hosts, or manage SSH keys. You will learn how Session Manager works by default and will progressively increase the security posture of your environment by enabling enhanced session encryption, configuring session logging and reducing default permissions. Beginner - Intermediate 1 - 2 hours
Security Through Good Governance In this session, you will leverage Systems Manager and AWS Config to enforce governance across your AWS resources. You will collect inventory from your instances, automate patch management, ensuring consistency across your instances and automating compliance enforcement. Beginner - Intermediate 1 - 2 hours
Protecting Workloads from the Instance to the Edge In this session, you will build an environment consisting of two Amazon Linux web servers behind an application load balancer. The web servers will be running a PHP web site that contains several vulnerabilities. You will then use AWS Web Application Firewall (WAF), Amazon Inspector and AWS Systems Manager to identify the vulnerabilities and remediate them. Advanced 2 - 3 hours
AWS Secrets Manager with Amazon RDS and AWS Fargate In this session, you will access the RDS database with Secrets Manager. You will then use Secrets Manager to rotate the data base password. You will then use Secrets Manager to access the database again to show that you can continue to access the data base after the rotation. In the second phase of the lab, you will extend your use of Secrets Manager into an AWS Fargate container. You will create an Amazon ECS task definition to pass secrets to the Fargate container and then launch the Fargate container. You will then SSH into the container to show that the secret was passed to the container and that you can access the RDS data base. Intermediate - Advanced 1 hour

On-Demand Tracks

Watch great talks about AWS cloud security, presented by a mix of AWS customers and AWS experts.

Topic Description Skill Level
Introduction to AWS Security Ensuring security and compliance is a shared responsibility between AWS and the customer. In this session, we introduce the AWS Shared Responsibility Model along with key security services that allow you to build security controls that are aligned to the NIST Cybersecurity Framework categories: identify, protect, detect, respond, and recover. You also hear from a financial institution in Singapore about how they are developing a cloud security strategy that allows innovation within defined risk guardrails. 100
Advanced container security Learn how to leverage the identity and authorisation, network security and secrets management features of the wider AWS platform for their containers, including Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Container Service for Kubernetes (Amazon EKS). We also discuss best practices for the security of your container images such as scanning them for known vulnerabilities. 300
Cloud security for everyone: Multi-account strategy The cloud enables every business to have enterprise-grade security. Leveraging multiple accounts is an essential security pattern, even in small teams without dedicated security personnel. In this session, we dive deep into the accounts and learn how to configure them. Attendees are expected to have an understanding of the shared responsibility model and IAM. 300
Cloud-enabled security evolution with Origin Energy Moving your business to the cloud is a once-in-a-generation opportunity to significantly evolve your security capability and culture. Origin Energy, Australia’s largest energy retailer, started its cloud journey a few years ago. In this session, Origin Energy’s chief security officer and its security lead for cloud discuss their experience transforming a largely outsourced security capability into an in-house, business-aligned team. Learn how the company builds and runs cloud-native security at scale, at low cost, and with improved security. 200
Federated access and authorisation made simple In this session, learn how to implement attribute-based access control with role-based access control. We discuss how you can use this strategy to ensure that people have the right access to the things they need in their role, and we show you how to simplify their IAM policies in the process. Also learn how automation can deliver the consistency of access and authorisation, and how you can apply this to your environment. 200
How AFL secures real-time player tracking with encryption Through the sharing of real-time data and insights about the prevailing game and players, fan engagement in sports has been revolutionised. However, the sensitivity, influence, and impact of such data, as determined by various entities in the sports ecosystem, is critical. In this session, discover how a highly secure application has been designed and implemented not only to appease the various sporting entities, but also to ensure data is kept secure. 300
How to put SecOps to work in your organisation Open Universities Australia (OUA) migrated their core business systems to AWS in 2014 and have continued to optimise their environment on AWS. Leveraging AWS tools, OUA have automated responses to security events, limiting intervention of engineering staff, and enabling secure self-service tasks to simplify access to secure systems. In this session, OUA covers what worked, what didn’t, and what they learned along the way. 200
How Xinja built a neobank on the cloud Xinja is a 100-percent digital cloud-based neobank composed of a microservices architecture built with Kubernetes and Apache Kafka on AWS and hooked into many modern, cloud-based banking, payment, and channel platforms. This session focuses on how Xinja built its technology stack to exceed stringent security, risk, and resiliency requirements. Learn how it established a contemporary cloud network foundation, delivered transaction and deposit accounts with debit card payment capability, and integrated Apple Pay and Google Pay (including PCI DSS compliance). Additionally, hear how Xinja created multiple on-demand data pipelines and worked with APRA to secure its banking license and revolutionise its customers’ banking experience. 300
The fundamentals of AWS Security AWS offers an ever-growing landscape of services designed for a wide range of workloads in the cloud. But how do you secure all those different types of workloads? This session, intended for security-minded builders, introduces the fundamental AWS security building blocks that can be simply, easily, and authoritatively applied to anything you build on AWS. 200
IAM: Best practices for managing identity with AWS AWS Identity and Access Management (IAM) enables you to securely manage access to AWS services and resources. Using IAM, you can create and manage AWS users and groups, as well as use permissions to allow and deny their access to AWS resources. In this session, you learn best practices for managing user identity and permissions with AWS. We examine role-based access control (RBAC) and attribute-based access control (ABAC) models to ensure that people have the right access to what they need to perform their roles. 200
Security best practices: The Well-Architected way As you continually evolve your use of AWS, it’s important to consider ways to improve your security posture and take advantage of new security services and features. In this session, you explore architectural patterns for meeting common challenges, learn about service limits, and hear some tips and tricks, as well as learn ways to continually evaluate your architecture against best practices. Automation and tools are featured throughout, and we also include code giveaways! 200