AWS Account Setup Best Practices LiveLessons identifies best practices and good guidance that can be applied to existing accounts, including account creation and management, from single- to multi-account organizations. The goal is to provide possible strategies to cut overhead and have seamless account functionality. It discusses how to keep track of billing across diverse architectures using metadata tags; introduces good data security practices and account monitoring strategies that can be used to improve awareness of account activities; and covers recent AWS offerings that consolidate and automate tasks such as account security, account management, and backups. The course closes with pointers toward other AWS and non-AWS tools that can be used to make your life easier and more cost-efficient.
The inspiration for this course came from the realization that there isn’t a targeted discussion around what happens when you’ve already used AWS for a period of time, and realize you didn’t start with a detailed strategy in place. With Chad Smith’s lengthy background in AWS, along with numerous video courses, including the “AWS Certified Security – Specialist Complete Video Course,” he is uniquely positioned to guide you through streamlining your AWS management.
Learn How To
* Set up the root account and know when to use it* Use access control policies* Understand monitoring and its impact on billing* Use CloudWatch and set up billing alarms* Use tags and implement compliance features* Use data protection mechanisms in AWS* Use CloudTrail, GuardDuty, and Macie for monitoring* Use Control Tower, Security Hub, and AWS Backup to reduce overhead
Who Should Take This Course
* Anyone getting into AWS for the first time and looking specifically for account setup strategies and best practices* Anyone with a basic knowledge of AWS who has been using it for a while and wants to restart with a strategy in place before account setup
Basic understanding of AWS fundamental concepts
Lesson 1, “Securing AWS Account Access,” covers the basics of account creation, including the root account and when to use it and access control using policies. You will see a demonstration using AWS Organizations and IAM resources within a newly created account.
Lesson 2, ” Implementing Billing Alarms and Budgets,” discusses monitoring and how it applies to the AWS monthly bill. The CloudWatch service is introduced, along with how to create billing alarms and budgets, followed by a demonstration of each.
Lesson 3, “Tagging Resources with Compliance Checks,” goes over tagging strategies in AWS and how this relates to compliance monitoring. Different services that create tags automatically on the resources they provision are discussed, and the lesson finishes with a demonstration of tagging compliance controls.
Lesson 4, “Protecting Data In-Transit and At-Rest,” details different types of data protection mechanisms in AWS. Services that implement encryption at-rest, both by default as an option are covered, along with encryption in-transit using services and networking features. The lesson then goes into data protection compliance controls and finishes with a demonstration of how to use some of these features in a real-world setting.
Lesson 5, “Monitoring Your AWS Account Activity,” covers account activity audits and how to turn this into actual monitoring. CloudTrail is introduced, as well as the AWS account Event bus, which can be used to funnel events to different services or consolidate events across accounts. This lesson also covers both GuardDuty and Macie as built-in services monitoring activity for abnormal behavior. The lesson ends with a demonstration of how to enable and configure both of these services.
Lesson 6, “Simplifying Account and Infrastructure Management,” dives into recently released offerings that can greatly reduce the overhead of managing accounts and resources. It starts with Control Tower and discusses how it can be used to manage multi-account configurations. Next, it covers Security Hub and its features for consolidating security monitoring. After that, AWS Backup and how it can be used to manage backup processes and lifecycles is discussed, and the lesson finishes with demonstrations of Security Hub and the creation of backup plans.
Lesson 7, “Helpful Resources,” provides some direction on other tools that can be used to automate activities in AWS. It recommends some reading material in the form of AWS whitepapers that can provide guidance and explain some of these best practices in more detail.