Module 3 - Security
Engineering on AWS: Account Management and Provisioning on AWS
Unit notes:
Learn more about nesting OUs with the “Organizing your AWS Control
Tower Landing Zone with nest OUs AWS Blog https://aws.amazon.com/blogs/mt/organizing-your-aws-control-tower-landing-zone-with-nested-ous/
For more information about self-service provisioning with AWS
Control Tower, see the “Enabling self-service provision of AWS
resources with AWS Control Tower” AWS Blog https://aws.amazon.com/blogs/mt/enabling-self-service-provisioning-of-aws-resources-with-aws-control-tower/
Learn more with the "AWS Federated Authentication with Active
Directory Federation Services (AD FS)" AWS Blog https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/
Learn more with the "How to Establish Federated Access to Your AWS
Resources by Using Active Directory User Attributes" AWS Blog https://aws.amazon.com/blogs/security/how-to-establish-federated-access-to-your-aws-resources-by-using-active-directory-user-attributes/
Learn more about deploying custom AWS Config Rules in an AWS
Organization Environment with this AWS blog post https://aws.amazon.com/blogs/mt/deploying-custom-aws-config-rules-in-an-aws-organization-environment/
Do I need multiple accounts? https://docs.aws.amazon.com/accounts/latest/reference/welcome-multiple-accounts.html
Session Policies https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
Policy Evaluation Logic https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
Organizing Your AWS Control Tower Landing Zone with Nested OUs https://aws.amazon.com/blogs/mt/organizing-your-aws-control-tower-landing-zone-with-nested-ous
AWS Control Tower https://aws.amazon.com/controltower
Strategies for Consolidating AWS Environments AWS https://aws.amazon.com/blogs/mt/strategies-for-consolidating-aws-environments
Enabling Self-Service Provisioning
of AWS Resources with AWS Control Tower https://aws.amazon.com/blogs/mt/enabling-self-service-provisioning-of-aws-resources-with-aws-control-tower
What is AWS Resource Access Manager? https://docs.aws.amazon.com/ram/latest/userguide/what-is.html
Enabling SAML for Your AWS Resources https://aws.amazon.com/identity/saml
AWS IAM Identity Center (Successor to AWS Single Sign-On) https://aws.amazon.com/iam/identity-center/
AWS Service-Linked Role https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role
What is IAM Identity Center? https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
Permission sets https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetsconcept.html
Introducing AWS IAM Identity Center https://aws.amazon.com/blogs/security/introducing-aws-single-sign-on
Common Amazon Cognito Scenarios https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html
Using Adaptive Authentication https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html
Amazon Cognito identity pools (federated identities) https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
Trainings:
Customizations for AWS Control Tower in the AWS Solutions Library
https://aws.amazon.com/solutions/implementations/customizations-for-aws-control-tower/
Introduction to AWS Identity and Access Management (IAM) https://explore.skillbuilder.aws/learn/course/internal/view/elearning/120/introduction-to-aws-identity-and-access-management-iam
AWS Identity and Access Management - Basics https://explore.skillbuilder.aws/learn/course/internal/view/elearning/454/aws-identity-and-access-management-basics
AWS Identity and Access Management - Architecture and Terminology
https://explore.skillbuilder.aws/learn/course/internal/view/elearning/479/aws-identity-and-access-management-architecture-and-terminology
Introduction to AWS Organizations https://explore.skillbuilder.aws/learn/course/internal/view/elearning/219/introduction-to-aws-organizations
Using service control policies to set permission controls across
accounts https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-to-set-permission-guardrails-across-accounts-in-your-aws-organization/
Getting
Started with AWS Control Tower https://explore.skillbuilder.aws/learn/course/internal/view/elearning/14823/getting-started-with-aws-control-tower
Deep Dive with Security: AWS Identity and Access Management (IAM)
(Includes Labs) https://explore.skillbuilder.aws/learn/course/internal/view/elearning/7647/deep-dive-with-security-aws-identity-and-access-management-iam-includes-labs
Getting Started with AWS Security, Identity, and Compliance https://explore.skillbuilder.aws/learn/course/internal/view/elearning/101/getting-started-with-aws-security-identity-and-compliance
AWS Federated Authentication with AD FS https://explore.skillbuilder.aws/learn/course/internal/view/elearning/900/aws-federated-authentication-with-ad-fs
Videos:
AWS re:Invent 2022 - Best practices for organizing and operating
on AWS https://www.youtube.com/watch?v=Eeyd6BDpucw
AWS re:Inforce 2019: Managing Multi-Account AWS Environments Using
AWS Organizations https://www.youtube.com/watch?v=fxo67UeeN1A
AWS Control Tower playlist on YouTube https://www.youtube.com/playlist?list=PLhr1KZpdzukdS9skEXbY0z67F-wrcpbjm
AWS Directory Service Extend On-Premises Microsoft AD to AWS Cloud
Using AWS Managed Microsoft AD https://www.youtube.com/watch?v=iLxc8XaMpno
Authentication for Your Applications: Getting Started with Amazon
Cognito - AWS Online Tech Talks https://www.youtube.com/watch?v=OAR4ZHP8DEg
Fine-grained Access Control with Amazon Cognito Identity Pools https://www.youtube.com/watch?v=tAUmz94O2Qo
How do I configure Cognito User Pool federation with Google? https://www.youtube.com/watch?v=PkP2GB713rY
How do I set up Auth0 as SAML identity provider with an Amazon
Cognito user pool? https://www.youtube.com/watch?v=NVKUQctvpUE
Best practices for using AWS Organizations in your multi-account
environment https://www.youtube.com/watch?v=uOrq8ZUuaAQ
AWS Resource Access Manager - granular access control with managed
permissions https://www.youtube.com/watch?v=X3HskbPqR2s
AWS Resource Access Manager https://www.youtube.com/watch?v=KL9SICG52zY
AWS Directory Service and Hybrid Strategy https://www.youtube.com/watch?v=ytSjsEER-y0
AWS Directory Service: Configure and Administer Your AWS Managed
Microsoft AD https://www.youtube.com/watch?v=1p-waiW2xvQ
AWS re:Invent 2020: Best practices for running Microsoft Active
Directory on AWS https://www.youtube.com/watch?v=rpHXDc8PLpM
AWS Supports You: Migrating Active Directory to AWS https://www.youtube.com/watch?v=uxAlkwncxDM
How to Create Trust Between AWS Managed Active Directory and
On-Premises Active Directory https://www.youtube.com/watch?v=SIBCi76wspQ
Amazon Cognito User Pools New Console Walkthrough https://www.youtube.com/watch?v=WgvVxKf2CFc
Amazon Cognito https://www.youtube.com/watch?v=vqAirwf
How do I set up AD FS as a SAML identity provider with an Amazon
Cognito user pool? https://www.youtube.com/watch?v=6-qEQHgGu2U
Fine-grained Access Control with Amazon Cognito Identity Pools https://www.youtube.com/watch?v=tAUmz94O2Qo
Previous
Top
Next