Well-Architected LabsAWS
Well-Architected Labs
  • Operational Excellence
    • 100 Labs
      • 100 - Inventory and Patch Management
        • 1. Intro
        • 2. Setup
        • 3. Deploy an Environment
        • 4. Inventory Management
        • 5. Patch Management
        • 6. Maintenance Windows
        • 7. Creating SNS topic
        • 8. Teardown
      • 100 - Dependency Monitoring
        • 1. Deploy Infrastructure
        • 2. Understanding Metrics
        • 3. Create Alarm
        • 4. Test Fail Condition
        • 5. Bonus Content
        • 6. Tear down this lab
  • Security
    • 100 Level Foundational Labs
      • Account Setup and Root User
        • 1. Account Settings & Root User Security
        • 2. Tear down
      • Identity and Access Management User, Group, Role
      • CloudFront with S3 Bucket Origin
        • 1. Create S3 bucket
        • 2. Upload example index.html file
        • 3. Configure Amazon CloudFront
        • 4. Tear down
      • Enable Security Hub
        • 1. Enable AWS Security Hub via AWS Console
      • Create a Data Bunker Account
        • 1. Creating data bunker account in console
    • 200 Level Intermediate Labs
      • Automated Deployment of Detective Controls
        • 1. Create Stack
        • 3. Tear down
      • Automated Deployment of EC2 Web Application
        • 1. Create Web Stack
        • 2. Tear down this lab
      • Automated Deployment of IAM Groups and Roles
        • 1. AWS CloudFormation to Create Groups, Policies and Roles with MFA Enforced
        • 2. Assume Roles from an IAM user
        • 3. Tear down
      • Automated Deployment of VPC
        • 1. Create VPC Stack
        • 2. Tear Down
      • Automated Deployment of Web Application Firewall
        • 1. Configure AWS WAF
        • 2. Configure Amazon CloudFront
        • 3. Tear down
      • Automated IAM User Cleanup
        • 1. Deploying IAM Lambda Cleanup with AWS SAM
        • 4. Tear down
      • Basic EC2 WAF Protection
        • 1. Launch Instance
        • 2. Create AWS WAF Rules
        • 3. Create Application Load Balancer with WAF integration
        • 4. Tear down
      • AWS Certificate Manager Request Public Certificate
        • 1. Requesting a public certificate using the console
        • 2. Tear down
      • CloudFront for Web Application
        • 1. Configure CloudFront - EC2 or Load Balancer
        • 2. Tear down
      • CloudFront with WAF Protection
        • 1. Launch Instance
        • 2. Configure AWS WAF
        • 3. Configure Amazon CloudFront
        • 4. Tear down this lab
      • Remotely Configuring, Installing, and Viewing CloudWatch logs
        • 1. Deploy the CloudFormation Stack
        • 2. Install the CloudWatch Agent
        • 3. Store the CloudWatch Config File in Parameter Store
        • 4. Start the CloudWatch Agent
        • 5. Generate Logs
        • 6. View your CloudWatch Logs
        • 7. Export Logs to S3
        • 8. Query logs from S3 using Athena
        • 9. Create a QuickSight Visualization
        • 10. Lab Recap
        • 11. Lab Teardown
    • 300 Level Advanced Labs
      • Autonomous Monitoring Of Cryptographic Activity With KMS
        • 1. Deploy The Lab Base Infrastructure
        • 2. Configure ECS Respository and Deploy The Application Stack
        • 3. Configure CloudTrail
        • 4. Configure The Workload Logging and Alarm
        • 5. Testing the Workload Functionality
        • 6. Teardown
      • Autonomous Patching with EC2 Image Builder and Systems Manager
        • 1. Deploy The Lab Base Infrastructure
        • 2. Deploy The Application Infrastructure
        • 3. Deploy The AMI Builder Pipeline
        • 4. Deploy The Build Automation With SSM
        • 5. Teardown
      • IAM Permission Boundaries Delegating Role Creation
        • 1. Create IAM policies
        • 2. Create and Test Developer Role
        • 3. Create and Test User Role
        • 4. Knowledge Check
        • 5. Tear down
      • IAM Tag Based Access Control for EC2
        • 1. Create IAM policies
        • 2. Create Role
        • 3. Test Role
        • 4. Knowledge Check
        • 5. Tear down
      • Incident Response Playbook with Jupyter - AWS IAM
        • 1. Install Python & AWS CLI
        • 2. Playbook Run
      • Incident Response with AWS Console and CLI
        • 1. Getting Started
        • 2. Identity & Access Management
        • 3. Amazon VPC
      • Lambda Cross Account Using Bucket Policy
        • 1. Identify (or create) S3 bucket in account 2
        • 2. Create role for Lambda in account 1
        • 3. Create bucket policy for the S3 bucket in account 2
        • 4. Create Lambda in account 1
        • 5. Tear down
      • Lambda Cross Account IAM Role Assumption
        • 1. Create role for Lambda in account 2
        • 2. Create role for Lambda in account 1
        • 3. Create Lambda in account 1
        • 4. Tear down
    • Quests
      • Introduction to Security
        • 1. New AWS Account Setup and Securing Root User
        • 2. Basic Identity and Access Management User, Group, Role
        • 3. CloudFront with WAF Protection
        • 4. Automated Deployment of Detective Controls
      • Quick Steps to Security Success
        • 1. Control Tower
        • 2. Centralize Identities
        • 3. Enable Additional Guardrails
        • 4. Monitoring and Alerting
        • 5. Operating
      • AWS Incident Response Day
      • Automate The Well-Architected Way With WeInvest
      • AWS Security Best Practices Workshop
      • Security Best Practices Day
      • Managing Credentials & Authentication
      • Control Human Access
      • Control Programmatic Access
      • Detect & Investigate Events
      • Defend Against New Threats
      • Protect Networks
      • Protect Compute
      • Classify Data
      • Protect Data at Rest
      • Protect Data in Transit
      • Incident Response
  • Reliability
    • 100 Labs
      • Deploy using CloudFormation
        • 1. Deploy Infrastructure
        • 2. Deploy Application
        • 3. Explore Web Application
        • 4. Explore CloudFormation
        • 5. Tear down this lab
    • 200 Labs
      • S3 Bi-Directional Replication
        • 1. Deploy Infrastructure
        • 2. Configure CRR
        • 3. Test CRR
        • 4. Tear down this lab
        • 5. Resources
      • Update CloudFormation
        • 1. Deploy Infrastructure
        • 2. Explore Deployment
        • 3. Use Parameters
        • 4. Add S3 Bucket
        • 5. Add EC2 Instance
        • 6. Tear down this lab
      • Testing Backup and Restore
        • 1. Deploy Infrastructure
        • 2. Create Backup Plan
        • 3. Enable Notifications
        • 4. Test Restore
        • 5. Teardown
      • Test Resiliency of EC2
        • 1. Deploy Application
        • 2. Execution Environment
        • 3. EC2 Failure Injection
        • 4. Tear down this lab
    • 300 Labs
      • Health Checks & Dependencies
        • 1. Deploy Application
        • 2. Dependency failure
        • 3. Deep health checks
        • 4. Fail open
        • 5. Tear down this lab
      • Test Resiliency EC2, RDS, & AZ
        • 1. Deploy Application
        • 2. Execution Environment
        • 3. Failure Injection Prep
        • 4. EC2 Failure Injection
        • 5. RDS Failure Injection
        • 6. AZ Failure Injection
        • 7. Failure Injection - optional
        • 8. Tear down this lab
      • Fault isolation with shuffle sharding
        • 1. Deploy workload
        • 2. Impact of failures
        • 3. Implement sharding
        • 4. Impact of failures - Sharding
        • 5. Implement shuffle sharding
        • 6. Impact of failures - Shuffle Sharding
        • 7. Teardown
        • 8. Resources
  • Performance Efficiency
    • 100 Labs
      • Monitoring with CloudWatch Dashboards
        • 1. View Amazon CloudWatch Automatic Dashboards
        • 2. Teardown
      • Calculating differences in clock source
        • 1. Deploy
        • 2. Test performance
        • 3. Change clock type
        • 4. Teardown
      • Monitoring Windows EC2 with CloudWatch Dashboards
        • 1. Deploy Infrastructure
        • 2. Deploy Instance
        • 3. Create CloudWatch Dashboard
        • 4. Add metrics to Dashboard
        • 5. Generate load
        • 6. Teardown
      • Monitoring Linux EC2 with CloudWatch Dashboards
        • 1. Deploy Infrastructure
        • 2. Deploy Instance
        • 3. Create CloudWatch Dashboard
        • 4. Add metrics to Dashboard
        • 5. Generate load
        • 6. Teardown
  • Cost Optimization
    • Fundamentals
    • Expenditure Awareness
    • Cost Effective Resources
    • 100 Labs
      • Level 100: AWS Account Setup: Lab Guide
        • 1. Configure IAM access
        • 2. Create an account structure
        • 3. Configure Cost and Usage reports
        • 4. Enable Single Sign On (SSO)
        • 5. Configure account settings
        • 6. Setup Amazon QuickSight
        • 7. Enable AWS Cost Explorer
        • 8. Enable AWS-Generated Cost Allocation Tags
        • 9. Tear down
      • Level 100: Cost and Usage Governance
        • 1. Create and implement an AWS Budget for monthly forecasted cost
        • 2. Create and implement an AWS Budget for EC2 actual cost
        • 3. Create and implement an AWS Budget for EC2 Savings Plan coverage
        • 4. Create and implement an AWS Budget Report
        • 5. Tear down
      • Level 100: Pricing Models
        • 1. View your Savings Plan recommendations
        • 2. Understand your usage trend
        • 3. Analyze your Savings Plan recommendations
        • 4. Visualize your Savings Plan recommendations
        • 5. Tear down
      • Level 100: Cost and Usage Analysis
        • 1. View your AWS Invoices
        • 2. View your cost and usage in detail
        • 3. Download your monthly cost and usage file
        • 4. Tear down
      • Level 100: Cost Visualization
        • 1. View your cost and usage by service
        • 2. View your cost and usage by account
        • 3. View your Savings Plan coverage
        • 4. View your Elasticity
        • 5. View your Reserved Instance coverage
        • 6. Create custom EC2 reports
        • 7. Tear down
      • Level 100: EC2 Rightsizing
        • 1. Getting to know Amazon Cloudwatch
        • 2. Using Amazon EC2 Resource Optimization Recommendations
        • 3. Download the Amazon EC2 Resource Optimization CSV File and sort it to find quick wins
        • 4. Action the recommendations
        • 5. Amazon EC2 Rightsizing Best Practices
        • 6. Tear down
      • Level 100: Goals & Targets
        • 1. Cloud Financial Management
        • 2. Govern Usage
        • 3. Monitor Cost and Usage
        • 4. Decommission Resources
        • 5. Service Selection
        • 6. Resource Type, Size & Number
        • 7. Pricing Models
        • 8. Data Transfer
        • 9. Manage Demand & Supply Resources
        • 10. Evaluate New Services
    • 200 Labs
      • Level 200: Cost and Usage Governance
        • 1. Create a group of users for testing
        • 2. Create an IAM Policy to restrict service usage by region
        • 3. Create an IAM Policy to restrict EC2 usage by family
        • 4. Extend an IAM Policy to restrict EC2 usage by instance size
        • 5. Create an IAM policy to restrict EBS Volume creation by volume type
        • 6. Teardown
      • Level 200: Pricing Models
        • 1. View an RI report
        • 2. Download and prepare the RI CSV files
        • 3. Sort and filter the RI CSV files
        • 4. Tear down
      • Level 200: Cost and Usage Analysis
        • 1. Verify your CUR files are being delivered
        • 2. Use AWS Glue to enable access to CUR files via Amazon Athena
        • 3. Cost and Usage analysis
        • 4. Tear down
      • Level 200: Cost Visualization
        • 1. Create a data set
        • 2. Create visualizations
        • 3. Share your Analysis and Dashboard
        • 4. Tear down
      • Level 200: EC2 Right Sizing
        • 1. Getting to know Amazon Cloudwatch
        • 2. Create an IAM Role to use with Amazon CloudWatch Agent
        • 3. Attach CloudWatch IAM role to selected EC2 Instances
        • 4. Cloudwatch Agent Manual Install
        • 5. Updated Amazon EC2 Resource Optimization recommendations
        • 6. Amazon EC2 Right Sizing Best Practices
        • 7. Tear down
      • Level 200: Pricing Model Analysis
        • 1. Create Pricing Data Sources
        • 2. Create the Usage Data Source
        • 3. Setup QuickSight Dashboard
        • 4. Create the Recommendation Dashboard
        • 5. Format the Recommendation Dashboard
        • 6. Teardown
      • Level 200: Enterprise Dashboards
        • 1. Create Cost Intelligence Dashboard
        • 2. Modify Cost Intelligence Dashboard
        • 3. Create Data Transfer Cost Analysis Dashboard
        • 4. Distribute Dashboards
        • 5. Tear down
      • Level 200: Workload Efficiency
        • 1. Create the Data Sources
        • 2. Create the efficiency data source
        • 3. Create the Visualizations
        • 4. Teardown
      • Level 200: Licensing
        • 1. Create Pricing Data Source
        • 2. Analyze and Understand Licensing
        • 3. Teardown
      • Level 200: Cost Journey
        • 1. Configure Services
        • 2. Create Journey
        • 3. Teardown
    • 300 Labs
      • Level 300: Automated Athena CUR Query and E-mail Delivery
        • 1. Overview architecture
        • 2. Create S3 Bucket
        • 3. Create an IAM policy and role for Lambda function
        • 4. Configure parameters of function code and upload code to S3
        • 5. Create a Lambda function
        • 6. Customize query strings and create scheduled CloudWatch event
        • 7. Teardown
      • Level 300: Automated CUR Updates and Ingestion
        • 1. Create the CloudFormation Stack
        • 2. Multiple CURs
        • 3. Teardown
      • Level 300: CUR Queries
        • Analytics
        • Application Integration
        • AWS Cost Management
        • Compute
        • Container
        • Customer Engagement
        • Database
        • End User Computing
        • Global Queries
        • Machine Learning
        • Management & Governance
        • Networking & Content Delivery
        • Security, Identity, & Compliance
        • Storage
        • CUR Query Library Help
          • Library Contribution Guide
          • CUR Query Library Contributors
      • Level 300: Splitting the CUR and Sharing Access
        • 1. Setup Output S3 Bucket
        • 2. Perform one off Fill of Member/Linked Data
        • 3. Create Athena Saved Queries to Write new Data
        • 4. Create Lambda function to run the Saved Queries
        • 5. Trigger the Lambda When a CUR is Delivered
        • 6. Sub Account Crawler Setup
        • 7. Tear Down
      • Level 300: Organization Data CUR Connection
        • 1. Create Static Resources
        • 2. Create Automation Resources
        • 3. Utilize Organization Data Source
        • 4. Visualize Organization Data in QuickSight
        • 5. Join with the Enterprise Cost Intelligence Dashboard
        • 6. Bonus Organization Tags
        • 7. Teardown
  • Well-Architected Tool
    • 100 Labs
      • Level 100: Walkthrough of the Well-Architected Tool
        • 1. Navigating to the console
        • 2. Creating a workload
        • 3. Performing a review
        • 4. Saving a milestone
        • 5. Viewing and downloading the report
        • 6. Tear down this lab
      • Contributing to Well-Architected Labs
    • 200 Labs
      • Level 200: Using AWSCLI to Manage WA Reviews
        • 1. Configure Environment
        • 2. Create a Well-Architected Workload
        • 3. Performing a review
        • 4. Saving a milestone
        • 5. Viewing and downloading the report
        • 6. Programmatic access via API
        • 7. Teardown

    •   Contributing (GitHub)
    •   Labs RSS Feed
    •   Amazon Free Tier

    • Clear History

    License

    Documentation License
    Licensed under the Creative Commons Share Alike 4.0 license.
    Code License
    Licensed under the Apache 2.0 and MITnoAttr License.
    © 2021 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at https://aws.amazon.com/apache2.0/ or in the license accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
    Edit this page
    AWS Well-Architected Labs > Security > 300 Level Advanced Labs

    300 Level Advanced Labs

    List of labs available

    • Level 300: Autonomous Monitoring Of Cryptographic Activity With KMS
    • Level 300: Autonomous Patching With EC2 Image Builder And Systems Manager
    • Level 300: IAM Permission Boundaries Delegating Role Creation
    • Level 300: IAM Tag Based Access Control for EC2
    • Level 300: Incident Response Playbook with Jupyter - AWS IAM
    • Level 300: Incident Response with AWS Console and CLI
    • Level 300: Lambda Cross Account Using Bucket Policy
    • Level 300: Lambda Cross Account IAM Role Assumption
    • Privacy
    • |
    • Site Terms |
    • © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.