-
Notifications
You must be signed in to change notification settings - Fork 25
0.0
I am a founder of Stelligent and Chief AWS Evangelist at Mphasis. I am 6 times AWS certified including AWS Certified DevOps Engineer Professional and AWS Certified Security - Specialty, and I have architected, implemented and managed software and systems solutions for over 20 years. I have been an AWS Hero since 2016, which recognizes a very select group for their significant knowledge-sharing contributions to the AWS community. In addition, I have authored multiple books and publications on DevOps and Continuous Integration including the award-winning Continuous Integration: Improving Software Quality and Reducing Risk (Addison-Wesley) and DevOps Essentials on AWS LiveLessons (Addison-Wesley). I blog at mphasis.com and stelligent.com, and I host the DevOps on AWS Radio podcast.
Continuous Encryption on AWS is a course that is most useful if you are a software developer or a security and compliance professional who wants to integrate encryption into every facet of the software development and delivery process. It assumes you have a working knowledge of AWS and programming experience and want to make encryption ubiquitous across all your systems.
In this course, you will learn how to automate encryption on AWS using AWS Developer Tools, Security, Identity, & Compliance, and AWS Management & Governance services. The focus of the course is on how to apply continuous delivery to encryption and not on software architectures.
The Continuous Encryption on AWS course has a heavy focus on the use of AWS Developer Tools, AWS Management & Governance tools, and other services, most notably the following:
- AWS Key Management Service - a tool you can use to create and manage resources with templates
- AWS CloudFormation - a fully-managed service for easily creating and controlling the keys used to encrypt your data.
- AWS CodePipeline - a fully-managed service for releasing software using Continuous Delivery.
- AWS CodeCommit - a fully-managed service for storing code in private Git repositories.
- AWS CodeBuild - a fully-managed service for building and testing code.
- AWS Config and Config Rules - a fully-managed service for tracking resource inventory and changes. AWS Config Rules checks whether changes violate any of the conditions in your rules.
- Amazon CloudWatch Event Rules - a fully-managed service for detecting events and triggering targets that can remediate noncompliant resources.
All of the examples in this course are automated via AWS CloudFormation. AWS CodePipeline is the service used for continuous delivery of encryption in this course. All of the examples are available from a GitHub repository that will be referenced throughout this course: https://github.com/PaulDuvall/aws-encryption-workshop/.
If you launch all of the sample solutions and then terminate the resources after one day, you will spend less than $10 on AWS fees for the use of the AWS services. While the course predominantly uses AWS tools, there will be some third-party integrations and open-source tools incorporated into the examples. You can fork the GitHub repository to make your own changes.
In Lesson 1, Automating AWS Resources, you will learn about automation and Continuous Delivery on AWS using CloudFormation and CodePipeline.
In Lesson 2, Key Management, you will learn how to create, disable, and delete 256-bit symmetric keys using the AWS Key Management Service and CloudFormation.
In Lesson 3, Developing with Encryption, you will learn how to perform client-side encryption and manage secret data when developing applications.
In Lesson 4, Encryption in Transit, you will learn how to encrypt data as it is sent over the wire between clients and servers using the Console, CloudFormation, and CodePipeline.
In Lesson 5, Encryption at Rest, you will learn how to encrypt data at rest for specific AWS resources using the Console and CloudFormation.
In Lesson 6, Detecting Encrypted Resources, you will learn how to run detective compliance checks using AWS Config Rules using the Console and CloudFormation.
In Lesson 7, Logging Key Usage, you will learn how to create a CloudTrail log and determine whether a KMS key has recently been used.
In Lesson 8, Continuous Encryption, you will put together an end-to-end Continuous Encryption solution on AWS.
The best way to reach me is @paulduvall.
- Introduction
- Labs
- The Current State of Encryption
- Setup Development Environment
- Lesson 1: Automating AWS Resources
- Lesson 2: Key Management
- Lesson 3: Developing with Encryption
- Lesson 4: Encryption in Transit
- Lesson 5: Encryption at Rest
- Lesson 6: Detecting Encrypted Resources
- Lesson 7: Logging and Searching KMS Keys
- Lesson 8: Continuous Encryption
- Summary