This quest is the guide for an AWS led event including incident response day. Using an AWS supplied, or your own AWS account, you will learn through hands-on labs in the AWS Well-Architected area of Incident Response. The skills you learn will help you secure your workloads in alignment with the AWS Well-Architected Framework.
This hands-on lab will guide you through how to use AWS CloudFormation to automatically configure detective controls including AWS CloudTrail, AWS Config, and Amazon GuardDuty. You will use the AWS Management Console and AWS CloudFormation to guide you through how to automate the configuration of each service.
In this workshop, you will build an environment consisting of two Amazon Linux web servers behind an application load balancer. The web servers will be running a PHP web site that contains several vulnerabilities. You will then use AWS Web Application Firewall (WAF), Amazon Inspector and AWS Systems Manager to identify the vulnerabilities and remediate them.
This hands-on lab will guide you through a number of examples of how you could use the AWS Console and Command Line Interface (CLI) for responding to a security incident. It is a best practice to be prepared for an incident, and have appropriate detective controls enabled.
Walks you through a scenario covering threat detection and automated remediation using Amazon GuardDuty; a managed threat detection service. The scenario simulates an attack that spans a few threat vectors, representing just a small sample of the threats that GuardDuty is able to detect.
This lab consists of using an open source python module for orchestrating memory acquisitions and analysis using AWS Systems Manager. It analyzes the memory dump using Rekall with the most common plugins: psaux, pstree, netstat, ifconfig, pidhashtable.
AWS Security Incident Response Guide
Find further information on the AWS website around AWS Cloud Security and in particular what your responsibilities are under the shared security model