Force7 Training
FRCAWS-15AWS

Security Engineering on AWS

Duration · 3 daysVirtual + In-PersonInstructor-Led

Course Description

This intensive 3-day instructor-led course teaches security professionals, cloud engineers, architects, and administrators how to design, implement, automate, and manage secure workloads and environments on Amazon Web Services (AWS). Students learn advanced cloud security concepts, governance strategies, identity management, threat detection, incident response, data protection, and security automation using AWS-native services and best practices.

The course combines technical lectures, demonstrations, architecture discussions, hands-on labs, and real-world security scenarios to build practical cloud security engineering skills.

— Be First in Line —

Register Your Interest

We're finalizing the schedule for Security Engineering on AWS. Add your details below and we'll notify you the moment a session opens for registration — no payment or commitment required.

Audience Profile

This course is intended for:

  • Security Engineers
  • Cloud Security Architects
  • Solutions Architects
  • DevSecOps Engineers
  • Systems Administrators
  • Cloud Engineers
  • Compliance and Governance Teams
  • IT Security Managers

Prerequisites

Before enrolling, you should have:

  • Familiarity with AWS core services
  • Understanding of networking and security concepts
  • Basic experience with IAM and cloud operations
  • Knowledge of Linux or Windows administration helpful
  • General understanding of compliance frameworks recommended

— What You'll Learn —

Learning Objectives

In this course, you will learn to:

  • 1Design secure AWS cloud architectures
  • 2Implement advanced identity and access controls
  • 3Protect networks, workloads, and applications
  • 4Secure data using encryption and key management
  • 5Detect and respond to security threats
  • 6Automate security operations and compliance
  • 7Implement governance and auditing controls
  • 8Build incident response and recovery strategies
  • 9Apply AWS security best practices and frameworks

— Day-by-Day —

Course Outline

Day 1 — Security Foundations and Identity Protection

Module 1

Security Fundamentals and AWS Shared Responsibility

Topics

  • Cloud security principles
  • AWS global infrastructure security
  • Shared Responsibility Model
  • AWS Well-Architected Security Pillar
  • Defense-in-depth architecture
  • Security design best practices
  • AWS Services Covered
  • AWS Organizations
  • AWS Well-Architected Tool
  • AWS Trusted Advisor

Lab

  • Review AWS security architecture
  • Analyze shared responsibility scenarios
  • Configure foundational security settings

Module 2

Identity and Access Management (IAM)

Topics

  • IAM architecture and policy evaluation
  • Users, groups, roles, and permissions
  • Least privilege access
  • Role assumption and federation
  • Temporary credentials
  • Permission boundaries and SCPs
  • Multi-factor authentication (MFA)
  • AWS Services Covered
  • AWS IAM
  • AWS IAM Identity Center
  • AWS Organizations

Lab

  • Create secure IAM policies
  • Configure federated access
  • Implement MFA and least privilege controls

Module 3

Governance and Multi-Account Security

Topics

  • Multi-account security architecture
  • Organizational units and SCPs
  • Governance frameworks
  • Centralized logging and auditing
  • Resource tagging strategies
  • Compliance management
  • AWS Services Covered
  • AWS Organizations
  • AWS Control Tower
  • AWS Config
  • AWS CloudTrail

Lab

  • Configure governance policies
  • Enable centralized auditing
  • Implement account security baselines

Module 4

Securing AWS Networking

Topics

  • VPC security architecture
  • Public vs private subnet design
  • Security groups and network ACLs
  • Secure remote access
  • Hybrid connectivity security
  • DDoS protection strategies
  • AWS Services Covered
  • Amazon VPC
  • AWS Transit Gateway
  • AWS Shield
  • AWS Direct Connect
  • AWS VPN

Lab

  • Build secure VPC architectures
  • Configure layered network security
  • Implement secure connectivity patterns

Day 2 — Data Protection, Threat Detection, and Monitoring

Module 5

Data Protection and Encryption

Topics

  • Encryption fundamentals
  • Data classification strategies
  • Encryption at rest and in transit
  • Customer-managed vs AWS-managed keys
  • Secrets and certificate management
  • Backup and recovery security
  • AWS Services Covered
  • AWS KMS
  • AWS CloudHSM
  • AWS Secrets Manager
  • AWS Certificate Manager
  • Amazon S3

Lab

  • Configure encryption policies
  • Manage cryptographic keys
  • Protect application secrets

Module 6

Application and Workload Security

Topics

  • Securing EC2 workloads
  • Container security best practices
  • Serverless security
  • Patch and vulnerability management
  • Web application security
  • Secure software development concepts
  • AWS Services Covered
  • Amazon EC2
  • Amazon ECS
  • Amazon EKS
  • AWS Lambda
  • AWS WAF
  • Amazon Inspector

Lab

  • Secure compute workloads
  • Configure container security controls
  • Protect web applications

Module 7

Monitoring, Logging, and Threat Detection

Topics

  • Security monitoring strategies
  • Log aggregation and analysis
  • Threat intelligence concepts
  • Continuous monitoring
  • Event correlation and alerting
  • Security operations workflows
  • AWS Services Covered
  • Amazon CloudWatch
  • AWS CloudTrail
  • Amazon GuardDuty
  • AWS Security Hub
  • Amazon Detective

Lab

  • Enable threat detection services
  • Analyze security findings
  • Configure security alerts and dashboards

Module 8

Incident Response and Recovery

Topics

  • Incident response lifecycle
  • Automated response strategies
  • Forensics fundamentals
  • Containment and remediation
  • Disaster recovery planning
  • Business continuity concepts
  • AWS Services Covered
  • AWS Systems Manager
  • AWS Lambda
  • AWS Backup
  • Amazon EventBridge

Lab

  • Simulate security incidents
  • Automate remediation workflows
  • Implement recovery procedures

Day 3 — Advanced Security Engineering and Automation

Module 9

Security Automation and DevSecOps

Topics

  • Infrastructure as Code security
  • CI/CD security integration
  • Automated compliance validation
  • Security testing pipelines
  • Policy-as-code concepts
  • Security automation best practices
  • AWS Services Covered
  • AWS CloudFormation
  • AWS CodePipeline
  • AWS CodeBuild
  • AWS Config
  • Amazon EventBridge

Lab

  • Build automated security workflows
  • Integrate security into CI/CD pipelines
  • Deploy compliance automation

Module 10

Compliance and Risk Management

Topics

  • Regulatory compliance frameworks
  • Risk assessment methodologies
  • Audit readiness
  • Data residency considerations
  • Governance reporting
  • Enterprise security operations
  • AWS Services Covered
  • AWS Artifact
  • AWS Audit Manager
  • AWS Config
  • AWS Security Hub

Lab

  • Review compliance reports
  • Configure audit tracking
  • Perform security assessments

Module 11

Advanced Security Architectures

Topics

  • Zero Trust architectures
  • Secure landing zones
  • Cross-region security strategies
  • Hybrid and multi-cloud security
  • High availability and resilience
  • Enterprise-scale security design
  • Group Workshop
  • Analyze enterprise security case studies
  • Design secure cloud architectures
  • Evaluate security trade-offs and controls

Module 12

Capstone Project

  • Student Project
  • Students design and implement a secure enterprise AWS environment using best practices and security automation.
  • Capstone Activities
  • Build secure multi-account architecture
  • Configure IAM and governance controls
  • Implement threat detection and monitoring
  • Secure workloads and data
  • Develop automated incident response workflows
  • Present architecture and security strategy
  • Included Hands-On Labs
  • Students complete guided labs covering:
  • IAM and federation
  • Governance and SCP configuration
  • Secure VPC design
  • Encryption and key management
  • Container and serverless security
  • Threat detection and monitoring
  • Incident response automation
  • Security compliance auditing
  • DevSecOps integration
  • Security operations workflows

— Additional Details —

What else is included

Suggested Course Materials

  • Student guide
  • Instructor presentation slides
  • Hands-on lab manual
  • AWS security architecture diagrams
  • Security policy templates
  • Incident response playbooks
  • Compliance checklists

Note: Course outlines are provided as a general guide. Content, pacing, labs, and instructional emphasis may vary based on instructor expertise, student experience levels, and customer-specific learning objectives.

— Keep Exploring —

Need a different angle?

Browse the full AWS catalog or chat with an advisor about a custom training plan for your team.