Day 1
Module 1 : AWS Big Picture – 10000 feet overview ( concepts)
- AWS Regions and Availability Zones
- AWS Compute service overview
- AWS Storage Options overview
- AWS Database services overview
- AWS network services overview
Module 2 : AWS- Virtual Private Cloud (VPC) – Concepts
- What is VPC? – A comprehensive introduction
- Understanding VPC configurations
- Internet gateway and NAT gateway
- Security group and NACL
- AWS direct connect and AWS VPN
Module 3 : AWS- Virtual Private Cloud (VPC) – Hands-on-Lab by students
- VPC with single public subnet
- VPC with public and private subnet
- VPC Peering with region and across region
- Access control List
- Configuring VPC Instances ( Hands on lab by students)
- Creating a VPC
- Subnets
- Internet Gateway
- Routing
- Configuring a NAT Gateway
- Creating security groups
- Launching instances in public and private subnets
- NAT vs Bastions
- VPC Flow Logs
- VPC clean up
Day 2
Module 4 : Amazon S3 ( Hands on lab by students)
- AWS s3- Overview and pricing
- Create Bucket and Folder
- Upload, download, share and delete object
- File Versioning
- Cross Region Replication
- Setting s3 life cycle policy
- Create static Website in s3
- S3 Transfer Acceleration
- S3 security and encryption
- Logging and monitoring of S3 events
- Delete Bucket
Module 5 : AWS Cloudfront ( Hands-on laby by students )
- Cloudfront overview and pricing
- Create a origin bucket for cloudfront
- Upload file to origin bucket
- Create CDN distribution and use origin bucket
- Access files through Cloudfront distribution
- Setting up Geo restrictions
- Signed urls
Module 6 : Amazon Elastic Load Balancing (ELB) ( Hands on lab by students)
- Launch Two Ubuntu EC2 Instances- apache web servers with user data
- Edit HTML files to both the servers
- Test your web Servers through internet
- Create Elastic Load Balance
- Add both the Ubuntu servers to ELB
- Test your Elastic Load Balancer
- Delete your Elastic Load Balancer
Module 7 : AWS Route53 – Demo by Trainer
- What is Route53
- Route-53 demo integration with ELB you created ( Performed by Instructor only)
- Geo-location policy
Day 3
Module 8 : AWS – IAM (Identity and Access Management) concepts and Handosn
- What is IAM? – A comprehensive introduction
- Getting started with IAMs
- IAM user- groups ( Hands on lab by students)
- Creating a user and group
- Adding a user to the group
- Password policy setup for users
- Attaching policy to users
- Enabling dual /Multi factor authentication to the users
- IAM roles ( Hands on lab by students)
- Creating a IAM role and assign s3 full access policy
- Launching a EC2 instance using a S3 full access role
- AWS CLIinstall and create s3 bucket using cli, upload file and delete bucket from s3
- Deleting a role
- S3 bucket level policy setup
Module 9 : AWS cloud watch - concepts and Handson lab by students
- AWS cloud watch overview
- Configure ec2 logging agent
- Cloudwatch Log-group
Day 4
Module 10 : AWS security concepts
- AWS shared security responsibility model
- Shared security model for Infrastructure services
- Shared security model for container services
- Shared security model for abstracted services
- Protecting data at rest in ec2, ebs, s3, RDS, Glacier, DynamoDB,and EMR
- Securing Your VPC
- Security moniroting, alerting and audit trail
Module 11 :AWS security tools – hands on Labs
- Trusted advisor
- Cloud trail
- AWS config
- AWS App config
- AWS well architected Tool concepts
- Key Management services for EBS encryption
Day 5
Module 12: Penetration testing on AWS cloud – live demo by Trainer
- Penetration Testing of EC2 Instances using Kali Linux
- Elastic Block Stores pen testing.
- Deleted Data
- Reconnaissance - Identifying Vulnerable S3 Buckets
- Exploiting Permissive S3 Buckets
- Identity Access Management on AWS
- Security and Pentesting of AWS Lambda
- Pentesting and Securing AWS RDS
- Using Pacu for AWS Pentesting
Addon Topics on Security : ( hands-on-lab-by students)
- Athena overview and quick lab
- analyze data in Amazon S3 using standard SQL.
- Macie overview and lab
- Generate report of s3 services any unencrypted and publicly accessibly buckets
- GuardDuty
- Analyze events published on cloud trail or vpc flow logs
- SecurityHub overview and demo by trainer
- Network packet inspection concepts
- Cloud HSM concepts
- WAF concepts
- Case studies
- KMS -service : use for EBS volume encryption
- AWS Cognito service- overview and features
Addon Topics on Networking : ( concepts only introduction to services and usecase )
- BGP concepts
- CloudHub
- Network cost management and optimization
- Placement groups- Optimizing network performance
- Case studies
