Hands-on labs for learning AWS security essentials

These hands-on labs are designed to teach you how to apply Identity and Access Management and other AWS services to address real-world security scenarios.

This post highlights hands-on labs that will help you get real-life experience building up AWS security skills.

Put your hands together for hands. From snapping and clapping to blowing a kid’s mind by doing that thing where you pretend to slide your thumb off, hands sure do come in handy. Hands are also hands-down the best way to learn cloud skills like AWS security. 

In this blog post, we’ll share five ACG hands-on labs that are perfect for AWS apprentices and practitioners looking to level up their AWS security skills.

These guided labs will let you get your hands cloudy while walking you through real-world objectives in safe cloud environments.

Clocking in at around three hours, this stack of five hands-on labs is designed to teach you how to apply AWS Identity and Access Management in concert with several other AWS services to address real-world application and service security management scenarios.

Ready? Let's get to learning!

Check out our other hands-on labs playlists

AWS your jam? Check out Ryan’s cloud playlist: Hands-on labs for learning AWS essentials. 
All in on Azure? Tune into Lars’ cloud playlist: Hands-on labs for Azure fundamentals.
You down with GCP? Press play on our Hands-on labs playlist for learning GCP essentials.

The AWS Security Essentials playlist

Skill Level: Practitioner  
5 Labs | 3 hours

Suggested Music Pairings

• Security — Amyl and The Sniffers
• Safety Dance — Men Without Hats
• Security — Otis Redding
• Unlock it (Lock It) — Charli XCX

Note: To get started with the hands-on labs below, you’ll need a Pluralsight Skills or ACG account. Don’t have an account? Don’t fret! Start a free trial. 

1. Introduction to AWS Identity and Access Management (IAM)

Duration: 45 minutes

Objectives: 

• Add the Users to the Proper Groups
• Use the IAM Sign-In Link to Sign in as a User

Overview: AWS Identity and Access Management (IAM) allows AWS customers to manage user access and permissions for their accounts and available APIs/services within AWS. IAM can manage users and security credentials and allow users to access AWS resources.

In this hands-on lab, you’ll walk through the foundations of IAM. We'll focus on user and group management as well as how to assign access to specific resources using IAM-managed policies. We'll learn how to find the login URL where AWS users can log in to their account and explore this from a real-world use-case perspective.

2. Managing AWS IAM User Permissions Using Groups and Policies

Duration: 30 minutes

Objectives:

• Create a Customer-Managed Policy
• Create a Group Controlled via a Customer-Managed Policy
• Assign Users to a Group

Overview: In this hands-on lab, we do a bit of role-playing. You’re a security engineer working for a new startup launching an online bookstore for rare and antique books. The founder needs your help with setting up her development team with the proper access permissions. In order to provide access and ensure the proper security measures are in place, you’ll use AWS Identity & Access Management (IAM). You’ll group users and assign permissions for the developer group using policies.

3. Create and Configure Basic VPC Components in AWS

Duration: 30 minutes

Objectives:

• Create a VPC
• Create an Internet Gateway
• Edit the Main Route Table
• Create a Network Access Control List (NACL) and associate it.
• Create two public subnets

Overview: AWS Networking consists of many different components. Understanding the relationship between these components is a huge part of understanding the overall functionality and capabilities of AWS. In this hands-on lab, you’ll create a VPC with an Internet Gateway and subnets across multiple Availability Zones.

Watch: What Leaders Need To Know About Cloud Security
Is your business safe in the cloud? The answer is largely up to you. Watch this free on-demand webinar with Mark Nunnikhoven as he tackles the keys to cloud security that sticks.

4. AWS Security Essentials - Network Segmentation Lab

Duration: 90 minutes

Objectives:

• Configure Security Groups
• Configure Network Access Control Lists (NACLs)

Overview: In this hands-on lab, you’ll use security groups and network access control lists to segment the network so only necessary traffic is available. You’ll gain experience using security groups and network access control lists to secure the different layers of a multi-tier application.

5. AWS Security Essentials - VPC Endpoints for S3

Duration: 30 minutes

Objectives:

• Secure the S3 Buckets
• Create a VPC Endpoint

Overview: AWS S3 and DynamoDB are fantastic managed services. (Some go so far as saying S3 is the greatest cloud service of all time.) These services allow you to focus on what’s important while AWS focuses on the backend processes. Unfortunately, because these services are managed by AWS, they require traffic to leave your protected VPC to be accessed. Enter VPC Endpoints! 

VPC Endpoints allow you to create endpoints within your VPC that keep the traffic on a private link between your VPC resources and these AWS services. Accessing DynamoDB and S3 privately using your own VPC CIDR range is crucial to maintaining a secure environment that is resistant to hackers, data thieves, and other undesirable folks.

In this hands-on lab, you’ll configure a VPC Endpoint and utilize encryption to ensure your data is secure.

Recommended next steps for learning AWS security

• Once you have these labs down to a science, you can crank the difficulty up a notch. Many of the above labs can be taken on using our new Challenge Mode option.
• ACG's AWS Security Essentials course is perfect for learners who are in search of a more security-minded architecture.
• From there, you might want to consider which AWS certification path is right for you. The AWS Certified Security - Specialty certification is worth considering if security is important to you.
• Not sure where to go next? Check out our AWS Security learning path for guidance on what to learn to keep advancing your AWS security skills as you go from novice to guru.

Security-related resources

• Ransomware and AWS: 6 ways to reduce your blast radius
• Fixing 5 Common AWS IAM Errors
• How to audit and secure an AWS account
• 12 AWS Config rules that every account should have
• Securing your multi-cloud Terraform pipelines with policy-as-code

Lock down your AWS security skills

Learn faster. Move faster. Get started with Pluralsight Skills and ACG and transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.