Welcome to Skilled Inspirational Academy (sianets.

com)
Topic :: AWS Advance Networking and Security
Mobile No :: +919019232915/9817187997

Basic to Advance AWS Networking + Security

We have designed this content in such a way. So, it can full fill the
current industry requirements. This content brings the pure production
environment.

Prerequisite : Basic Knowledge of Networking

Introduction of Cloud
Introduction to cloud computing
Essential Characteristics of Cloud Computing
Service Models in Cloud computing
What is IAAS, PAAS & SAAS?
What is Public Cloud, Private Cloud, Hybrid Cloud &On-Premise DCs?
What are the advantages of cloud?
What is Amazon AWS?
Amazon AWS Services?
AWS Hostory
Why we should learn only AWS?
How AWS is leading cloud market?
AWS Certifications
Gartner Magic Quadrant
Creating Amazon AWS Account
Fee tier limitations overview
Multi Factor Authetication on AWS Account
Creating a budget
Introduction to Billing Dashboard & Cost Explorer
Create the Production Account
Identity and Access Management (IAM) Basics
Adding an IAM Admin - GENERAL ACCOUNT
Adding an IAM Admin User - PRODUCTION ACCOUNT
IAM Access Keys
Creating Access keys and setting up AWS CLI v2 tools
AWS Organisations
AWS CLI and Console
Managing AWS Resources & Subscriptions
AWS Global infrastructure (Region, AZ, PoP)
What is Regions in AWS?
What is Availability Zones in AWS?
AWS Services Walkthrough-High-Level
Service Level Agreement (SLA) of AWS over data and its security

Incident Response

AWS Gaurd Duty

Trusted IP
Action needs when services compromised
Incident response in Cloud

Logging and Monitoring

Introduction to Vulnerability, Exploit, Payload

AWS Inspector
Security Hub
AWS WAF
System Manager
Cloud Watch , Cloud Trail , Athena
AWS Config
Trust Advisor
AWS Macie
VPC Flow logs
SNS

Network Security
AWS Shield
Identity Services
Identity vs Resource-Based Policies
IAM Roles and Policies
Federation
SAML
Single Sign On
AWS Cognito
AD Trust
AWS Control Tower

Data Protection
HSM
KMS
Certificate Manager
Data Key Caching
AWS Secrets Manager

AWS Networking &Infrastructure Security

Networking in the Cloud

Bandwidth and Latency
IP Addressing Basics (IPv4)
The OSI Model
Routing and Switching
Network Address Translation
Firewalls
On-Premise Network
On-Premise Network Traffic Flow Lan to Wan
Virtual Private Cloud (VPC) - Deep Dive
VPC Component vs Onprim DC Devices
Private and Public AWS Services
VPC Structure & IP Plan
Custom VPCs Overview
VPC Subnets (Public and Private)
Implementing a VPC & Subnet Design
Implement multi-tier VPC subnets
DHCP In a VPC
VPC Router Deep Dive
Stateful vs Stateless Firewalls
Network Access Control Lists (NACL)
Security Groups (SG)
VPC Flow Logs
IPv6 in AWS
VPC Traffic Mirroring
VPC Public Networking - Deep Dive
Internet Gateway (IGW) - IPv4 and IPv6
Egress Only Internet Gateway
Configuring public subnets and Jumpbox
Bring your own IP
Bastion Hosts & JUMPBOXAuthentication
Port Forwarding
NAT Instance in AWS
NAT Gateway in AWS
Implementing private internet access using NAT Gateways

VPC Endpoints - Deep Dive

AWS Privatelink
Gateway VPC Endpoint
Interface VPC Endpoints
VPC Endpoints - Gateway
VPC Endpoints – Interface
Egress-Only Internet Gateway
Endpoint Policies

EC2 - The Backbone of AWS

Introduction of EC2
Scaling features of EC2
Limitations of EC2
New Console Orientation - EC2
Launch EC2 Instance Hands-on
Types of Operating systems
Windows and its versions
Unix and its flavors
Linux and its flavors
Cisco Devices in AWS
PaloAlto Networks Devices in AWS
Instance types
Free tire limitations of EC2
What is EBS (Elastic Block Store)?
Types of Storages
Difference between Object and Block stores
Launching Windows Server
Launching Linux Server
System Ports & Security groups
Key pairs (PEM & PPK)
Connect to EC2 Instance
Putty Tool installation and configuration
Putty Gen Tool installation and configuration
Stopping & Terminating EC2 Instances
User data
Instance Status Checks
Instance Status Checks
Protection from Accidental Termination
Encryption of EBS Volumes
Delete on Termination of EBS Volumes
Pricing models of EC2 Instances
Types of EBS Volumes
Difference between SSD & HDD
Upgrading EBS volumes
Converting the type of EBS Volumes
Attaching & Detaching EBS volumes to EC2 instances
Amazon Machine Images (AMIs)
Snapshots
Creating our own Amazon Machine Images (AMIs)
Deletion sequence as per dependencies
Instance Metadata
Instance User Data
Status Checks and Monitoring
Public Private and Elastic IP addresses overview
Private IP Addresses
Public IP Addresses
Elastic IP Addresses and Elastic Network Interfaces
Private Subnets and Bastion Hosts
Connect from Windows with Agent Forwarding
NAT Instances and NAT Gateways Overview
Private Subnet with NAT Gateway
Private Subnet with NAT Instance

Introduction to AWS Storage and File System Preview

1. Storage Services - Introduction
2. Pricing - S3 Storage
3. S3 Bucket Creation
4. S3 File Upload
5. S3 Versioning
6. S3 Replication
7. S3 Lifecycle Management
8. S3 Security and Encryption
9. S3 Security and Encryption - Lab
10. S3 Bucket Sharing
11. S3 Lifecycle Policies
12. S3 Glacier
13. S3 oneZoneIA
14. S3 Storage Classes
15. AWS EBS Introduction
16. Elastic Block Storage (EBS)
17. Elastic File System (EFS)
18. Create EBS volumes
19. Attach and detach EBS volumes
20. Mounting and unmounting EBS volume
21. EBS vs Instance Store
22. EBS Volume Types
23. Launch Instance with Multiple EBS Volumes
24. Attach volume to running Instance
25. Create Volume from Snapshot in Another AZ
26. Working with AMIs
27. Working with Snapshots
28. EBS Copying Sharing and Encryption
29. Cleaning Up EBS
30. EBS Performance
31. Amazon EFS Overview
32. Create and mount EFS File System
33. Amazon FSx for Windows File Server and Lustre
34. AWS Storage Gateway
35. Creating and deleting snapshots
36. Creating volumes S3(Simple Storage Service)
37. Snow Family
38. Storage Gateway
39. AWS Backup
40. Private S3 Buckets
41. S3 Access Points
42. EBS Volume Secure wipes

EC2/VPC Networking - Deep Dive

EC2 Network Architecture
Enhanced Networking (SR-IOV)
Elastic Fabric Adaptor (EFA)
Placement Groups (Cluster, Spread & Partition)
Instance Metadata

VPC Peering - Deep Dive

VPC Peering Fundamentals
Peering VPCs
VPC Peering Same-Region vs Cross-region
VPC Peering btw Diffirent Accounts
VPC Peering Overlapping CIDRs & Unsupported Configurations

VPC Hybrid Networking (Virtual) - Deep Dive

IPSec VPN Fundamentals
Virtual Private Gateway Deep Dive (VGW)
AWS Site-to-Site VPN
BGP
BGP Path Selection
Local Preference and Multi Exit Discriminator (MED)
Global Accelerator
Accelerated VPN
Transit Gateway
Transit Gateway Deep Dive
Advanced Site-to-Site VPN with Other AWS Account
Advanced Site-to-Site VPN with PaloAlto Firewall
Advanced Site-to-Site VPN with Cisco ASA Firewall
Advanced Site-to-Site VPN with Cisco Router
Client VPN Overview -AWS Remote Access VPN
Client VPN -SETUP
Client VPN -Directory
Client VPN -Certificates
Client VPN -Create Client VPN Endpoint
Client VPN -Configure Client VPN Endpoint
Client VPN -Install and test client
Client VPN -Cleanup
AWS Routing Priority
CloudFront - Architecture
AWS Certificate Manager (ACM)
CloudFront - SSL/TLS & SNI
CloudFront - Security - OAI & Custom Origins
CloudFront - Georestrictions
CloudFront - Private Behaviours, Signed URL & Cookies
CloudFront - Field Level Encryption
DDOS
AWS Shield
AWS Network Firewall

Elastic Load Balancing (ELB) - Deep Dive

Load Balancing Evolution
Elastic Load Balancer Architecture
Application Load balancing (ALB) vs Network Load Balancing (NLB)
AWS Network Load Balancer (AWS NLB - L3 and L4)
AWS Application Load Balancer (AWS ALB - L7)
Amazon EC2 Auto Scaling Group
Load Balancer Security Policies
Gateway Load Balancer (GWLB)
AWS Global Accelerator
1. Elastic Load Balancing Concepts
2. Network Load Balancer
3. Application Load Balancer - Path-Based Routing
4. Application Load Balancer - Host-Based Routing
5. EC2 Auto Scaling Overview
6. EC2 Auto Scaling Group with ALB
7. ASG Scaling Policies
8. Launch Configurations and Launch Templates
9. Auto Scaling Health Checks
10. Auto Scaling Termination Policies
11. New Console Orientation - ASG
12. Cross-Zone Load Balancing Overview and Setting up the Lab
13. NLB Cross-Zone Load Balancing
14. ALB Cross-Zone Load Balancing
15. ELB Sticky Sessions
16. ALB Listeners and SSL TLS
17. Public ALB with Private Instances and Security Groups
18. Multi-tier Web Application and Security Groups Concepts
19. Proxy Protocol X-Forwarded-For and Logging
20. ALB/NLB Server Access and Client Logs

Route53 (R53) Networking - Deep Dive

Route53 Fundamentals
What is DNS?
Purpose of DNS?
Registering a Domain
DNS Record Types
R53 Public Hosted Zones
R53 Private Hosted Zones
R53 Aliases
Simple Routing
R53 Health Checks
Diffirent Routing Policies
Failover Routing
Using R53 and Failover Routing
Multi Value Routing
Weighted Routing
Latency Routing
Geolocation Routing
Geoproximity Routing
R53 Interoperability
Advanced Hybrid DNS Architectures
Hybrid R53 and On-premises DNS
Implementing DNSSEC using Route53

Network Content Delivery (CDN) in AWS

CloudFront - Architecture
TTL and Invalidations
AWS Certificate Manager (ACM)
CloudFront - SSL/TLS & SNI
CloudFront (CF) - Adding a CDN to a static Website
CloudFront (CF) - Adding an Alternate CNAME and SSL
CloudFront - Security - OAI & Custom Origins
CloudFront (CF) - Using Origin Access Control (OAC) (new version of
OAI)
CloudFront - Georestrictions
CloudFront - Private Behaviours, Signed URL & Cookies
CloudFront - Field Level Encryption

VPC Hybrid Networking (Physical) - Deep Dive (Only Theory)

AWS Direct Connect (DX) - Concepts
AWS Direct Connect (DX) - Physical Connection Architecture
AWS Direct Connect (DX) - Security (MACSec)
AWS Direct Connect (DX) - Connection Process
AWS Direct Connect (DX) - BGP Session + VLAN
AWS Direct Connect (DX) - Private VIFs
AWS Direct Connect (DX) - Public VIFs
AWS Direct Connect (DX) - Public VIF + VPN (Encryption)
AWS Direct Connect (DX) - Bidirectional Forwarding Detection
AWS Direct Connect (DX) - BGP Communities
AWS Direct Connect (DX) - Gateway
AWS Direct Connect (DX) - Transit VIFs and TGW
AWS Direct Connect (DX) - Resilience
AWS Direct Connect (DX) - LAGs
Advanced VPC Routing

Identity and Access Management (IAM)

IAM Identity Policies
IAM Users and ARNs
IAM Groups
IAM Roles - The Tech
When to use IAM Roles
Service-linked Roles and PassRole
Security Token Service (STS)
EC2 Instance Roles & Profile
Revoking IAM Role Temporary Security Credentials
Revoking Temporary Credentials
AWS Organizations
AWS Organizations
Service Control Policies (SCP)
Using Service Control Policies
IAM Policy Variables
Policy Interpretation
AWS Permissions Evaluation
IAM Permissions Boundaries and Delegation
Directory Service Deep Dive (Microsoft AD)
Directory Service Deep Dive (AD Connector)
What is ID Federation?
Amazon Cognito - User and Identity Pools
Implementing a simple WEBIDF App
SAML Federation
IAM Identity Center (formally AWS SSO)
Adding Single Sign-on
S3 PreSigned URLs
Creating and using PresignedURLs
S3 Security (Resource Policies & ACLs)
S3 Object Lock
S3 Versioning & MFA
Cross Account Access to S3 - SETUP
Cross Account Access to S3 - ACL
Cross Account Access to S3 - BUCKET POLICY
Cross Account Access to S3 - ROLE
EC2 Instance Metadata
AWS Control Tower

Logging and Monitoring

Cloud Watch Introduction
Cloud Watch Logs Architecture
Cloud Watch Events and EventBridge
Cloud Watch Monitoring, Metrics and Analysis
What is monitoring?
Why we should monitor?
What is the need of monitoring tool?
Default Monitoring
Detailed Monitoring
Create Alarms
Create Billing Alarms
Cloud Watch graphs
How to create Dash board?
Line Graph
stacked area Graph
Number Graph
Text Graph
Monitoring EC2
Monitoring RDS
SNS (Simple Notification Service)
What is SNS?
SNS Architecture
Need of notifications
Formats of SNS
Topics in SNS
Subscribers in SNS
Subscription in SNS
CloudTrail Architecture
Implementing an Organizational Trail
CloudTrail log file integrity validation
CloudTrail Event Types
S3 Log File Validation
Centralized Logging Architecture
Cross-Account Logging for CloudTrail
Centralized Logging Policy
S3 Bucket Policy for Cross Account CloudTrail
Conditional S3 Bucket Policy for CloudTrail
Overview of Layer 7 Firewalls
Understanding AWS WAF
Application Layer (7) Firewalls
Deploying AWS WAF
Web Application Firewall (WAF), WEBACLs, Rule Groups and Rules
Logging and Metrics with CW Agent
Overview of AWS Systems Manager
Configure SSM Agent
Overview of Sessions Manager
SSM - Run Command
AWS Security Hub
Introduction to AWS Inspector
AWS Inspector Vulnerability Scans
AWS Trusted Advisor
AWS Config
AWS Athena
Overview of Amazon Macie
AWS Glue
AWS Artifact
Data Protection
What is a hardware security Module (HSM)
AWS Key Management Service (KMS)
CloudHSM
S3 Object Encryption
Object Encryption and Role Separation
Envelope Encryption
Bucket Keys
AWS Managed Keys vs Customer managed Keys
KMS - Encrypting the battleplans with KMS
Importing Key Material vs Generated Key Material
Asymmetric keys in KMS
Digital Signing using KMS
Encryption SDK - Data Key Caching
KMS security Model & Key Policies
KMS Grants
KMS Multi-region keys
CloudHSM vs KMS
KMS Custom Key Stores
AWS Secrets Manager
RDS Encryption & IAM Authentication
DynamoDB Encryption
KMS encryption context
Elastic Load Balancer Architecture
Application Load balancing (ALB) vs Network Load Balancing (NLB)
ELB : SSL Offload and Session Stickiness
Seeing Session Stickiness in Action
Load Balancer Security Policies
Incident Response
AWS Abuse Notice, UAP & Penetration Testing
AWS Guardduty
Amazon Detective