Course Name: Cloud Security

Lectures Per Week: 3

Week Unit Chapters Content

- Introduction to Cloud Computing
- Problems with On-premise setup
1 Cloud Fundamentals - Advantages & Risks of Cloud
- Evolution of Cloud
- Cloud Access Security Brokers
- Private Cloud
- Public Cloud
- Community Cloud
Introduction to Cloud Computing - Hybrid Cloud
Cloud Deployment Models
- Related Concepts
- Virtualization
2 - Virtual Machine
- Containers
- IaaS
- SaaS
Cloud Computing Models
- PaaS
- Example of each computing model
- AWS Regions and AZs
- IAM
- EC2
- Instance Launch Types
On-Demand
Savings plan
Reserved Instances
Spot Instances
Dedicated Hosts
- Security Groups
- Elastic IP
- EC2 Instance Types
3 Fundamental Services General Purpose
Compute Optimized
Memory Optimized
Accelerated Computing
Storage Optimized
- AMI
Custom AMI
Copying and sharing AMI
Cross Account AMI copy
Basic Cloud Services - Placement Group
Cluster
Spread
Partition
- Scalability and High Availability Support
- Elastic Load Balancer
- Classic Load Balancer
- Application Load Balancer
Routing based on:
host-header
http-request-method
path-pattern
source-ip
Availability & Scalability Services
query string
- Network Load Balancer
- Cross Zone Load Balancing
- Troubleshooting Elastic Load Balancer
4 - Load Balancer Stickiness
- SSL Certificates & Load Balancer
- Auto Scaling Groups
Setting up launch configuration
- Health Checks
- AWS storage types
- Elastic Block Storage
Scope of EBS
Making an EBS volume available for use
EC2 Storage EBS Snaphot and migration
EBS encryption
EBS Lifecycle Policy
- Elastic File Storage
- Instance store vs EBS vs EFS
- Introduction to Relational Database Service
- RDS adavantage over traditional approach for DB
- RDS backups
- RDS Read Replicas for read scalability
- RDS Multi-AZ and Disaster Recovery
- RDS Security
5 Database Services Encryption
Network & IAM

Cloud Storage & Database

5 Database Services
Cloud Storage & Database
6 S3 Standard
7 Incident Response
8 Logging and Monitoring
9 Infrastructure Security
- Elastic Cache and its use cases
- Aurora
- Global Aurora
- Aurora Security
- S3 Storage
- S3 Versioning
- S3 encryption for objects
- Bucket policies
- S3 Website
- S3 CORS
- Consistency issues in Amazon S3
AWS S3
- S3 Storage Classes
S3 Intelligent-Tiering
S3 Standard-IA
S3 One zone-IA
S3 Glacier
S3 Glacier Deep Archive
- Route53
Other Services
- Architecting AWS Resources - Examples
- AWS Abuse Report
- AWS Guard Duty
- Whitelisting Alerts in Guard Duty
- Guard Duty Alert List
Incident Response in AWS
- Dealing with Exposed Access Keys
- Dealing with Compromised EC2 instance
- Verification of Incident Response Plan
- Penetration Testing Guidelines for AWS
- AWS Inspector
- AWS Security Hub
- AWS WAF
- Systems Manager
SSM Agent
Rund Command
Session Manager
Logging and Monitoring Services in AWS Parameter Store
- Cloudwatch logs
- AWS Cloud Trail
- Validating log file integrity
- Macie
- Cross Account Cloudwatch logs
- S3 event notifications
- VPC flow logs
- Bastion Host
- OpenVPN
- AWS VPN Tunnel
- IPSec Tunnel with OpenSwan
- VPC Peering
- VPC endpoint
Infrastructure Security related Services VPC endpoint access control
- Network ACL
- Security Group v/s NACL
- AWS Cloudfront (CDN)
- API Gateway
- Lambda function for API Gateway
- Lambda and S3