Five-Project Series

AWS Security: Audit and Intrusion Detection Automation you own this product

prerequisites
basic knowledge of *nix/bash command shell • basic knowledge of the Git version control system • hands-on experience with AWS CloudFormation • Intermediate knowledge of AWS accounts and AWS Organizations
skills learned
automate security control configuration, develop mechanisms for test automation and change control based on CI/CD • restrict access to resources with organizations service control policies • hands-on experience with AWS CloudTrail, Amazon GuardDuty, AWS Identity and Access Management, AWS Lambda, Amazon CloudWatch Logs, and AWS CodeBuild
Eric Kascic
5 weeks · 6-8 hours per week average · INTERMEDIATE

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more


Making the front page news would be great for a company...if it’s for the right reasons. Qrypto Tremolo is an up-and-coming startup that develops next-generation financial services. As is typical with startups, its business management team has prioritized feature delivery over security. You’ve been hired by the startup to add security controls to its application developers’ accounts… and stop the company from making front page news for the wrong reasons.

Your goal is to provide security controls that improve observability of possible security events and avoid impacting the application developers. Since this task is solely your responsibility, you must maximize automation so that you can roll out changes quickly and reliably. To achieve your goals, you’ve chosen the following security services: AWS CloudTrail, Amazon GuardDuty, and the service control policy feature of AWS Organizations.

For more on AWS security, please see AWS Security: Compliance and Observability.

These projects are designed for learning purposes and are not complete, production-ready applications or solutions.

The topics and techniques are important and very useful. It's hard to collect all this on yourself, so packaged in a project is nice.

Håvard Wall

here's what's included

Project 1 CloudTrail Automation

In this liveProject, you’ll bring visibility to customer AWS accounts using AWS CloudTrail, a vital tool that provides insight into all API actions invoked in consumer accounts. To achieve your objective, you’ll iteratively develop infrastructure as code in the form of AWS CloudFormation templates, then learn to address cross-account automation issues.

Project 2 CloudTrail Test and CI/CD

In this liveProject, you’ll ensure that Qrypto Tremolo’s security team can make incremental, verifiable changes to its AWS CloudTrail configuration. To achieve this, you’ll develop a suite of automated tests and CI/CD CodeBuild pipelines to deploy and test changes across the organization.

Project 3 GuardDuty Intrusion Detection

In this liveProject, you’ll set up the intrusion detection service Amazon GuardDuty to help catch any hackers who may be trying to break in—or who already have and are up to no good! To achieve this goal, you’ll iteratively develop infrastructure as code in the form of AWS CloudFormation templates, then learn to address cross-account automation issues.

Project 4 GuardDuty Test and CI/CD

In this liveProject, you’ll ensure that the security team can make incremental, verifiable changes to its Amazon GuardDuty intrusion detection configuration. You’ll develop a suite of automated tests and CI/CD AWS CodeBuild pipelines to deploy and test changes across the organization.

Project 5 Organizations Service Control Policy

In this liveProject, you’ll leverage organizations service control policies to protect administrative and security resources in the accounts used by development teams where these teams have privileged access. Specifically, you will add automation to restrict access of local administrators (and intruders!) to any AWS CloudTrail and Amazon GuardDuty resources located in the accounts. Without these protections, the security controls we have put in place for audit, forensic analysis, and intrusion detection can be interfered with by the local administrators.

book resources

When you start each of the projects in this series, you'll get full access to the following book for 90 days.

choose your plan

team

monthly
annual
$49.99
$399.99
only $33.33 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • AWS Security: Audit and Intrusion Detection Automation project for free

The cloud security market is booming. The content offered for the project is quite good.

El Mokhtar Hasnabi

project author

Eric Kascic

Eric Kascic is a software developer with 25 years of professional experience. He has developed software solutions across a variety of business domains including telecommunications, medical imagery, and financial services. He has developed embedded, desktop, and server-side software, and has specialized in creating build, deployment, and test automation systems.

Since 2013, he has primarily focused on the AWS platform. At Stelligent, a boutique consulting firm that traditionally specialized in CI/CD, DevOps, and AWS automation, he developed CI/CD solutions for the AWS platforms of financial services companies. In developing infrastructure-as-code solutions, security was a primary focus. Eric invented the cfn_nag tool in 2016 to perform static analysis on CloudFormation templates to help customers prevent deploying unsecured AWS resources (such as those missing encryption or with overly permissive access).

He is currently a principal security engineer at a financial services company where he develops software to support security processes including automation of AWS IAM role creation, as well as a platform to detect and remediate insecure AWS resources across hundreds of accounts. Eric has published several articles relevant to security automation in AWS, including articles about cfn_nag, IAM, CloudFormation, and CI/CD.

Prerequisites

This liveProject series is intended for security engineers with intermediate experience in AWS and infrastructure as code. You will need the following:

TOOLS
  • Basic knowledge of *nix/bash command shell, including pipes, redirection, command substitution
  • Intermediate knowledge of Python 3, including lists, sets, dicts, loops, comprehensions, functions, conditionals
  • Basic knowledge of the Git version control system
  • Basic hands-on experience with AWS CloudFormation
  • Intermediate hands-on experience with the AWS CLI
TECHNIQUES
  • Intermediate understanding of cloud computing and the AWS platform
  • Basic understanding of “infrastructure as code”
  • Basic understanding of security concepts

Note: For all projects in this series beware that it costs money to deploy AWS resources and leave them running. The costs depend upon the type of resource.

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.