Security is foundational to AWS. Governance at scale is a new concept for automating cloud governance that can help companies retire manual processes in account management, budget enforcement, and security and compliance. By automating common challenges, companies can scale without inhibiting agility, speed, or innovation. In addition, they can provide decision makers with the visibility, control, and governance necessary to protect sensitive data and systems.

In this course, you will learn how to facilitate developer speed and agility, and incorporate preventive and detective controls. By the end of this course, you will be able to apply governance best practices.

Course objectives

In this course, you will learn to:

• Establish a landing zone with AWS Control Tower
• Configure AWS Organizations to create a multi-account environment
• Implement identity management using AWS Single Sign-On users and groups
• Federate access using AWS SSO
• Enforce policies using prepackaged guardrails
• Centralize logging using AWS CloudTrail and AWS Config
• Enable cross-account security audits using AWS Identity and Access Management (IAM)
• Define workflows for provisioning accounts using AWS Service Catalog and AWS Security Hub

Activities

This course includes presentations, demonstrations, and assessments.

Intended audience

This course is intended for:

• Solutions architects, security DevOps, and security engineers

Prerequisites

Before attending this course, participants should have completed the following: Required:

• AWS Security Fundamentals course
• AWS Security Essentials course

Optional:

• AWS Cloud Management Assessment
• Introduction to AWS Control Tower course
• Automated Landing Zone course
• Introduction to AWS Service Catalog course