AW261: Security Engineering on AWS™

Training: AWS™ - Cloud - Certification

AWS ATP Select Tier Logo

Participants receive a practical introduction to security engineering on AWS™. The course covers identity and access management, account management, and monitoring of API activities. It addresses the protection and encryption of stored data, logging, collection and monitoring of security events, as well as incident detection and analysis with AWS™ services. Exercises reinforce the practical application.

Online training Online training

Start: 2025-11-17 | 10:00 am

End: 2025-11-19 | 05:00 pm

Location: Online

Price: 2.685,00 € plus VAT.

Online training Online training

Start: 2026-11-30 | 10:00 am

End: 2026-12-02 | 05:00 pm

Location: Online

Price: 2.685,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Security Overview and Review
    • Explain Security in the AWS™ Cloud.
    • Explain AWS™ Shared Responsibility Model.
    • Summarize IAM, Data Protection, and Threat Detection and Response.
    • State the different ways to interact with AWS™ using the console, CLI, and SDKs.
    • Describe how to use MFA for extra protection.
    • State how to protect the root user account and access keys.

  • Securing Entry Points on AWS™
    • Describe how to use multi-factor authentication (MFA) for extra protection.
    • Describe how to protect the root user account and access keys.
    • Describe IAM policies, roles, policy components, and permission boundaries.
    • Explain how API requests can be logged and viewed using AWS™ CloudTrail and how to view and analyze access history.
    • Hands-On Lab: Using Identity and Resource Based Policies.

  • Account Management and Provisioning on AWS™
    • Explain how to manage multiple AWS™ accounts using AWS™ Organizations and AWS™ Control Tower.
    • Explain how to implement multi-account environments with AWS™ Control Tower.
    • Demonstrate the ability to use identity providers and brokers to acquire access to AWS™ services.
    • Explain the use of AWS™ IAM Identity Center (successor to AWS™ Single Sign-On) and AWS™ Directory Service.
    • Demonstrate the ability to manage domain user access with Directory Service and IAM Identity Center.
    • Hands-On Lab: Managing Domain User Access with AWS™ Directory Service

  • Secrets Management on AWS™
    • Describe and list the features of AWS™ KMS, CloudHSM, AWS™ Certificate Manager (ACM), and AWS™ Secrets Manager.
    • Demonstrate how to create a multi-Region AWS™ KMS key.
    • Demonstrate how to encrypt a Secrets Manager secret with an AWS™ KMS key.
    • Demonstrate how to use an encrypted secret to connect to an Amazon Relational Database Service (Amazon RDS) database in multiple AWS™
      Regions
    • Hands-on lab: Lab 3: Using AWS™ KMS to Encrypt Secrets in Secrets Manager

  • Data Security
    • Monitor data for sensitive information with Amazon Macie.
    • Describe how to protect data at rest through encryption and access controls.
    • Identify AWS™ services used to replicate data for protection.
    • Determine how to protect data after it has been archived.
    • Hands-on lab: Lab 4: Data Security in Amazon S3

  • Infrastructure Edge Protection
    • Describe the AWS™ features used to build secure infrastructure.
    • Describe the AWS™ services used to create resiliency during an attack.
    • Identify the AWS™ services used to protect workloads from external threats.
    • Compare the features of AWS™ Shield and AWS™ Shield Advanced.
    • Explain how centralized deployment for AWS™ Firewall Manager can enhance security.
    • Hands-on lab: Lab 5: Using AWS™ WAF to Mitigate Malicious Traffic

  • Monitoring and Collecting Logs on AWS™
    • Identify the value of generating and collecting logs.
    • Use Amazon Virtual Private Cloud (Amazon VPC) Flow Logs to monitor for security events.
    • Explain how to monitor for baseline deviations.
    • Describe Amazon EventBridge events.
    • Describe Amazon CloudWatch metrics and alarms.
    • List log analysis options and available techniques.
    • Identify use cases for using virtual private cloud (VPC) Traffic Mirroring.
    • Hands-on lab: Lab 6: Monitoring for and Responding to Security Incidents

  • Responding to Threats
    • Classify incident types in incident response.
    • Understand incident response workflows.
    • Discover sources of information for incident response using AWS™ services.
    • Understand how to prepare for incidents.
    • Detect threats using AWS™ services.
    • Analyze and respond to security findings.
    • Hands-on lab: Lab 7: Incident Response

Objectives:

In this course AW261 Security Engineering on AWS™, you will learn to:
  • State an understanding of AWS™ cloud security based on the CIA triad.
  • Create and analyze authentication and authorizations with IAM.
  • Manage and provision accounts on AWS™ with appropriate AWS™ services.
  • Identify how to manage secrets using AWS™ services.
  • Monitor sensitive information and protect data via encryption and access controls.
  • Identify AWS™ services that address attacks from external sources.
  • Monitor, generate, and collect logs.
  • Identify indicators of security incidents.
  • Identify how to investigate threats and mitigate using AWS™ services.

Target audience:

This course AW261 Security Engineering on AWS™ is intended for: 
Security engineers
• Security architects
• Cloud architects
• Cloud operators working across all global segments.
  • Security engineers
  • Security architects
  • Cloud architects
  • Cloud operators working across all global segments.

Prerequisites:

To participate in the course AW261 Security Engineering on AWS™ at qSkills™, you should have completed the following AWS™ trainings:
Furthermore, you should meet the following prerequisites:
  • Experience with governance, risk, and compliance regulations as well as control objectives
  • Hands-on experience with IT security procedures
  • Hands-on experience with IT infrastructure concepts
  • Understanding of cloud computing concepts

Description:

Security is a concern for both customers in the cloud, and those considering cloud adoption. An increase in cyberattacks and data leaks remains top of mind
for most industry personnel. The AW261 Security Engineering on AWS™ course addresses these concerns by helping you better understand how to interact and build with Amazon Web Services (AWS™) in a secure way.

In this course AW261 Security Engineering on AWS™, you will learn about managing identities and roles, managing and provisioning accounts, and monitoring API activity for anomalies. You will also learn about how to protect data stored on AWS™. The course AW261 Security Engineering on AWS™ explores how you can generate, collect, and monitor logs to help identify security incidents. Finally, you will review detecting and investigating security incidents with AWS™ services.

This course AW261 Security Engineering on AWS™ includes presentations, hands-on labs, demonstrations, and group exercises.
check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

2.685,00 € plus VAT.

(including lunch & drinks)

Exam (Optional):

290,00 € plus VAT.

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.