02/06/2023 - 02/06/2023
10:00 AM - 06:00 PM
Online Virtual Class
USD $650.00
03/20/2023 - 03/20/2023
10:00 AM - 06:00 PM
Online Virtual Class
USD $650.00
05/08/2023 - 05/08/2023
10:00 AM - 06:00 PM
Online Virtual Class
USD $650.00


In this course, you will learn to:

  • Establish a landing zone with AWS Control Tower
  • Configure AWS Organizations to create a multi-account environment
  • Implement identity management using AWS Single Sign-On users and groups
  • Federate access using AWS SSO
  • Enforce policies using prepackaged guardrails
  • Centralize logging using AWS CloudTrail and AWS Config
  • Enable cross-account security audits using AWS Identity and Access Management (IAM)
  • Define workflows for provisioning accounts using AWS Service Catalog and AWS Security Hub


This course is intended for:

• Solutions architects, security DevOps, and security engineers


Before attending this course, participants should have completed the following:


• AWS Security Fundamentals course

AWS Security Essentials course


• AWS Cloud Management Assessment

• Introduction to AWS Control Tower course

• Automated Landing Zone course

• Introduction to AWS Service Catalog course


One day


Outline for AWS Security Governance at Scale Training

Course Introduction

  • Instructor introduction
  • Learning objectives
  • Course structure and objectives
  • Course logistics and agenda

Module 1: Governance at Scale

  • Governance at scale focal points
  • Business and Technical Challenges

Module 2: Governance Automation

  • Multi-account strategies, guidance, and architecture
  • Environments for agility and governance at scale
  • Governance with AWS Control Tower
  • Use cases for governance at scale

Module 3: Preventive Controls

  • Enterprise environment challenges for developers
  • AWS Service Catalog
  • Resource creation
  • Workflows for provisioning accounts
  • Preventive cost and security governance
  • Self-service with existing IT service management (ITSM) tools
  • Lab 1: Deploy Resources for AWS Catalog
  • Create a new AWS Service Catalog portfolio and product.
  • Add an IAM role to a launch constraint to limit the actions the product can perform.
  • Grant access for an IAM role to view the catalog items.
  • Deploy an S3 bucket from an AWS Service Catalog product.

Module 4: Detective Controls

  • Operations aspect of governance at scale
  • Resource monitoring
  • Configuration rules for auditing
  • Operational insights
  • Remediation
  • Clean up accounts
  • Lab 2: Compliance and Security Automation with AWS Config
  • Apply Managed Rules through AWS Config to selected resources
  • Automate remediation based on AWS Config rules
  • Investigate the Amazon Config dashboard and verify resources and rule compliance
  • Lab 3: Taking Action with AWS Systems Manager
  • Setup Resource Groups for various resources based on common requirements
  • Perform automated actions against targeted Resource Groups

Module 5: Resources

  • Explore additional resources for security governance at scale