AWS Security Training

2 Day u_short 16 CPE Hour Training: August 2020 * AUG 3,4

Scott Piper, SummitRoute


2 days of advanced, fast paced Amazon Web Services (AWS) training. You'll learn how to assess AWS accounts, how to secure them, and best practices for ensuring they stay secure. You'll learn how to detect attackers and how to respond to incidents on AWS.

Key Learning Objectives

  • Be able to identify security misconfigurations and risks in AWS accounts
  • Understand how AWS auditing tools work and their limitations
  • Be able to review IAM policies and resource policies
  • Know the different log sources on AWS and their limitations
  • Learn techniques for analyzing logs using jq and Athena
  • Understand what GuardDuty looks for and what additional detections you can create
  • Know the publicly available attack tools, techniques, and public security incidents of companies that have been breached while running on AWS
  • Learn best practices for running securely on AWS

Who Should Attend

This is useful for security teams securing their own AWS environments, incident responders, pentesters, developers, and more. This training is fast paced and densely packed.


"Just finished a truly excellent AWS security training by @0xdabbad00. Well delivered, lean and super useful." -Claudio Criscione
"Cloud security is complex, and confusing the first time you look at it. Scott's AWS training was clearly structured, well-delivered, and helped me ramp up way more quickly than I could have on my own." -Thomas Dullien (halvarflake)
"If you're looking for serious AWS Security training @0xdabbad00 from @SummitRoute is your guy. Highly recommend considering this if your security teams are still scratching their heads on how to tame clouds, or believe they figured it all out." -Karim El-Melhaoui


Day 1:

  • Overview of AWS: Shared responsibility model, unofficial rules AWS has held true with customers
  • Disaster recovery; outages; SLAs
  • S3 bucket policies and ACLs
  • Other resources with policies and that can become public
  • Logs: CloudTrail, CloudWatch Events, VPC Flow Logs
  • GuardDuty
  • Using jq and Athena
  • Incident response

Day 2:

  • Access keys and metadata service
  • How IAM works: Understanding policies, ABAC, mistakes AWS has made, IAM boundaries, SCPs
  • How common open-source security tools work: CloudMapper, CloudTracker, RepoKid, Security Monkey, Cloud Custodian, and more
  • How to audit AWS accounts
  • Known attack tools and techniques
  • Known incidents of companies running on AWS
  • Best practices when running on AWS


You should have some minimal experience using AWS, such as knowing what an EC2 instance or S3 bucket are. Only a laptop is needed. Labs will use the browser and EC2 Instance Connect (web-based SSH terminal).