Learning Path: AWS Security

Secrets in AWS

Nearly all applications contain some kind of sensitive personal information belonging to their users. In a modern cloud environment, data like this is always in transit, and securing it is a major challenge in itself. You’ll find this course to be a detailed, comprehensive look at secret management in cloud-native environments: what works, what doesn’t, and everything you need to know to manage confidential data as securely as possible.

We begin the course with an introduction to secrets, where we talk about instances of bad secrets management that have caused real-world security incidents. Using hands-on labs, you’ll learn common antipatterns, taking a Red Team approach to find secrets with various tools in different environments. We’ll show you the best practices in secrets management with AWS KMS, GitOps and DevOps.

All of this will be taught with the help of practical labs deployed on the cloud so they function as realistic simulations of cloud-native environments. The material on this course is a distillation of years of security testing experience, knowledge, and original research across our entire team. It’s why we’ve put such a strong focus on real-world techniques, challenges and scenarios that you’ll be able to directly make use of when securing actual cloud deployments.

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • Overview of Secrets and Encryption Services in AWS
  • Secrets Manager, SSM and AWS Key Management Service
  • Exploring the Key Management Service
  • Using Key Management Service with your apps
  • Lab: AWS KMS Tour