Cloud Security Tools on AWS | Harshit Srivastava | Skillshare
Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
13 Lessons (49m)
    • 1. AWS Security- Introduction

    • 2. THE Artifact

    • 3. SEC Artifact {demo}

    • 4. THE Certificate Manager

    • 5. SEC Certificate Manager {demo}

    • 6. THE CloudHSM

    • 7. SEC Cloud HSM {demo}

    • 8. SEC Directory Service {demo}

    • 9. SEC GuardDuty {demo}

    • 10. SEC Inspector {demo}

    • 11. SEC Secrets Manager {demo}

    • 12. SEC Single Sign On {demo}

    • 13. SEC WAF and Shield {demo}

  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.





About This Class

In this course, we would explore Amazon Cloud- Amazon Web Services. Learn all the available Identity and Security tools and services under catalog, and what we can do with each service provided with platform. This course covers wide range of AWS services with theoretical lectures and practical demonstration including-

Artifact, CloudHSM, Certificate Manager, Secrets Manager, Directory Service, Guard Duty, Inspector, Single Sign-On, WAF and Shield, etc.

Meet Your Teacher

Teacher Profile Image

Harshit Srivastava

Developer on IBM Cloud, Bluemix


I am Self-Taught developer who had worked on various platforms using varied languages, and involved in various Projects both Open Source and Proprietary.

I have developed Web and Android Applications, chrome Extension, worked on various frameworks, fixed bugs for some projects, and explored numerous others. I think education and learning should be free and open, not be bound with restrictions like attending classes or going to college, People from all age groups, gender, faith, race, nations, etc must get equal privilege. When entire world would act this way like being a single FAMILY, we would truly realise VALUE of Knowledge and Human Life.

See full profile

Class Ratings

Expectations Met?
  • Exceeded!
  • Yes
  • Somewhat
  • Not really
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Your creative journey starts here.

  • Unlimited access to every class
  • Supportive online creative community
  • Learn offline with Skillshare’s app

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.



1. AWS Security- Introduction: You have developed in application and hosted on the cloud. It's running perfectly well. Until he noticed something weird. They smoke is coming up. There's an attack are a massive security breach. Now it's time to call a security team. But you realize you have none. Maybe you have a security team, but they don't handle the cloud. Your witnesses, Arun, and you're losing millions of dollars every second. You could have simply avoided this kind of incident. Just got better control over stuff. If you have learned and applied various cloud security tools and services. So we are resource person, savior organization at critical times, they start learning cloud security. Now. 2. THE Artifact: we complained. Now we're going to learn about eight Iblis identity and security in the coming Siri's um, which consist of videos, are eight of their services on flower, including artifact On more So these are the identity and security crews are services of level on a cloud using you could, ah, secure your everything cloud instances be from wild services are referees say that elastic beanstalk are easy to instances as three storage all things like that we have artifact of certificate manager Cloud A Jeff in our directory service a guard beauty inspector secrets , manager of single sign on our WTF and to we have these services at your hand and we could use the services to secure our applications on the cloud. So these are the things we have. I am that we already knew the identity and access when it's where that is the most vital tool off for each of the 6 10 50 If you're creating a group, our project with codecommit, you need an I am wrote. You mean I am role for white range of services like and dynamodb level is lambda and things like that it will authenticate, really if users where you could create your identity on different kind of rules. Similarly, there are services that go hand in hand or same authentication or tradition and security perspective. So let's talk with Adam with artifact, which is a no course self service portal for only one access to AWS compliance reports. Here you have access to the report that you could create on demand for some service for analyzing really perspectives off your services that are running there. You can donate a central resource for complexity information that my test of you, uh, artifact provide to you on the wind excess to security and compliance reports and select online ad remains obligate of this. The reports have level on artifact into gear, a service automation control reports, a payment card. Industry reports on certifications from accreditation bodies across the harbor. Fees and compliance verticals that validated the implementation on operating effectiveness off a double security controls. Uh, agreements available on artifact includes witness associate our render on a non disclosure agreement, but anti you have the artifact directly from the management pencil. Here you can you're different kinds of reports. Our documents right customer without easier access to obtain a different reports. Ah, as the based on different kinds off government or regulatory authority authority. So integrations on regulations. Are there few benefits off artifact? I provide your comprehensively source on different auditors that issued reports that certifications, accusations and other third party attack stations that you need for your, uh, publication off your intense or applications are projects on the club. You have the agreement governess to review except and manage your argument with a list. Apply your analyst agreements to current and future country are munitions so you could be in a safe estate, a beater nd aid on this loser element and things like that you could create those agreements are sign of one the existing active agreements any time of one. Then you have deep inside to perform millions off a diverse and in hostas, transparency for security and controlled in one minute you can monitor and secure, applying says we need a list with immediate access to nearly force. There are different pores are there which have been tested by auditors on third parties for compliance off global, regional and industry is Pacifica's security standards that you need to follow or diplomat absurdity. Instances are certain projects, so it is very simple to begin report on AWS artifact When you move to the security and identity, particularly on Amazon Cloud, you have this artifact service, and from this artifact you could create or generate data fold Moving to the report section . You can generate the artifact off particular things like, ah, cloud computing complaints controls Catalogue C five. He could get this artifact by hitting the get decided adoption. Download our second form it off documents under system. You can go to the document, then think until the things implementations, you can get the riverside. If we could just try to forget with last year when it stopped, you can add different domain names or review on the SSL anti lesson. Think of fitness. Wow, yeah R ight. Effect depositories the village and upload on the sections. You have artifact repository, the easy to environment. You can build and upload the Jenkins with the artifact or using a simple XML types in Texas . Then you have the easy to the production. Several stating Intestinal like you could select a virgin and deploy on the text service. The artifact service is in the former top, either Jason or example. Former. You have the key value. Pair off the Gaels. You could be fined aversion The statement. Affect, allow or deny action. At the gate are defect the resources on the Karen for Amazon Source. Name for respective artifact and things like that that you could die for different services . You have different stages off development for the source court wilderness stating I get you have artifact Durer's for the documentations and things like that in the day Wolf. So are self credit looking like second here when your crank of a certain project using the day walks on cloud, you have to get repository get helps our codecommit You could write the court, perform various operations like we're book on a P I get way of making get are forced to request allowing it to integrate with a lamb die Scripts using cold wind on artifacts Road to integrate the services are I never forgot to our tradition off the bucket are different things. So this was a brief introduction about artifact. We can get the active fact It is not a difficult king, but get a huge number off defects out there. I you have to choose off for proper By sending on, you may need a legal person for different stages. We're learning more security and identity services on Amazon Club. I killed them. Keep running and keep moving ahead. 3. SEC Artifact {demo}: welcome friends here in this video we're going to create and instead for Amazon artifact, which is a security identity and compliance to We are learning at the end of the security and we're services. So this is that effect. We features a comprehensive list off access control documents. If he these we live into a complex in security on Amazon Cloud, you can build again with his 30 figures, like bio Forum, I t control our implementation about responsibilities. Cloud comfort in compliance Given financial record, a few principles and more. You can get various kinds off artifact on, integrated with very services on Amazon Club, you also have services have level in multiple languages placed on the different countries like Japanese. The service information controls Assoc report and we're you have released kinds off agreement here for different countries and even to from the organizations it was first are down or this agreement extension hated. I'm you load very soon I defect. You have India and nondisclosure regular mint. Based on these artifacts, you can choose to bring on accepting dollars option here. So could we downloaded and you could go through this artifact based on your scenario 4. THE Certificate Manager: we come back. Friends. We're learning identity and security on Amazon Flower I. Now we're going to learn about the certificate manager, which is service on Amazon Cloud or AWS, of this lecture. So let's start Certificate Manager is among the different services are level as an identity and security tools for our traditions, authentication and securing your loud instances or projects out there on the club. So it's certificate manager, which is a service that lets you easily provisions are managing. Deploy public or private SSL certificate or TLS certificates. We secure socket layer or transport layer security certificate for use on eight of the services with your internal connected resources which job are mobile applications on the SSL certificates are used to secure natural communication on established identity of websites over the Internet as well as a resource on public networks. But certificate manager. You can remove the time consumer mental process off for cheating, uploading and renewing a society less certificate so all these things will be automated on . You actually find their domains are different things like that. It could be integrated with request off a certificate deploy with ACM integrated our AWS resources such as your balancers. Cloudfront distributions The U P. Eyes on a p A gateway. Uh, the certificate manager. You can handle certificate renewals. Andi, will you do create a private sort of figure for your Internet resource management on different life cycles century? You have these things and you have to pay for much the operations for property and for the marriage certificate few issue on for other public resources and after on the pay for the resources, not for the public. She's certificate. They have some benefits. For using the certificate manager, you have three public certificate for ACM integrated services. If you integrate different services on the public domain, you have the free access for TLS or I said that certificate I you have going to pay for the underlying resources we wait for implemented by load balancing or a p a gateway or things like a elastic beanstalk or lambda. Then you have the Manus certificate. Renewal option will be managed by Amazon Cloud using the ACM for the renewal process. The ultimately don't need to go on the manual basis, but we on premises sources are under club. You get outside to forget easily, Uh, by Aaron for me steps are toe. Get a website or applications. There is no need to generate Keep ear or certificate signing. Request CSR or somewhere toe certificate authority or uploaded. Install a certificate. Wants to review their few clicks. I've level on AWS consult that became the crystal first SSL certificate. So it will be easy for you to manage these things. It would be our lack off course living in I'm favorite. There are real issues, cases of it certificate manager you can predict and security website if we have a website or whether applications out there autumn while applications Yeah, you You would however, an access to secure this thing by adding different encryptions persons of dictator so that no fishing are a similar hacking technology could be implemented. I guess your website eso that your website would be capable in serving your customers in a more secure fashion. So you will allow the identities of website over the Internet to encrypt the communication in Britain, Onda and all the sensitive data in transit for a congregation human were backing solution or a big off private form or anything, Any admonition who walked off who is very concerned about their security are still replications. You you need SSL electing you have to protect and secure Internet resources. Then you can also use ah slow to forget manager for private certifications Beginning a recommendation on the cloud or on the PRA mice you could use are these things. Even in the BBC, the proper certificate could be useful identifying their securing communication between different connected devices, beating a PPC virtual private network or servers. I two devices. But I'd be camera in different tools like that Fresh verify and things like that you could gender different private ACM, sir. Eight of the certificate managers. I ended up a private side of Forget programmatically using the GPS or things like that. We can help him with complaints requirement with a Cicilline t lift off to meet regulatory and complex requirement for encryption of data in transit. Uh oh. Do you feel more secure? You have improved up time so that the website may load faster than the only way and you don't need to worry about next fighting certificate. So this is the dash work for lead of this certificate, my nature, where you can easy be provisioned and managed deploying really other Teela certificates in November 1 you can simply requested certificate and create a custom are, um, defied certificates providing a different. You see him request the producers are difficult for the ACM. Upload a certificate. So I am now the option to to the certificate from my I am and more options. You have to configure security settings. You have to consider load balancers not to configure security groups. You have to configure rocking, have to configure raced for target with security. Aside of predicament in a generator certificate based on your come with the less or ssl you , this is the difference between a normal left sight and a secure website assistant. Another reflect may start with STP hypertext transfer protocol on a secure website with SSL and TLS will have a zoom in like a STD P s is secured with a locker symbol certainly secured and verify the rest. Their website may look like this If you have a TLS or SSL significant, I didn't kill me. Then you can add a private secretary authority. This will be a flow. You could have the easy to instance and other resources like device that one for my server . Something like that. All this could be managed with a private certificate manager on Amazon gloves you could select are different certificates you from the existing said to forget. Use an existing certificate for identity and access management. Uploading USSR certificate are Have more forward you congenital multiple certificates Convention on different projects. What application here is the workflow. You have your developer or and a team of developers You could create a different instances or the resources like history. Easy to lambda Well, I have or things like that and you could generate a significant monetary quest. Generators KCM certificate Ever some certificate manager, you can integrate these things with the cloud friend on the resources between the CME and implement on different locations, all regions with R w. It would be integrated on unpromising vpc and I was on cloud in any region you could add a load balancer with BBC are in the normal. You have a question resource is I'm thinks like that. So this laws about that side to pick it manager, we're going to learn more about identity and security on cloud Till then, keep learning and keep moving ahead 5. SEC Certificate Manager {demo}: Welcome back, friends here in this video, we're going to create an instance for Amazon certificate Manager, which is available as a service under the security identity and compliance. Uh oh. Chef on the human Amazon dash word here you can create an instant for certificate manager by going through the dashboard options. So as it say's uh, museum, the certificate manager makes it easy to provisioned. Manage deploy on review as a self secure socket layer TLS certificate on AWS platform so you can provision various certificate the SSL and TLS L certificates and you get created a private certificate authority as well. For you and your idea address station team to enable of secure manage infrastructure off for issuing and they're looking private day Still, center figures you can get started with both the options from the getting started out off inevitable here. So it is our documentation for him. You can get the overview. If you have any doubt on you. Want to check any updates? You can, both with the documents. All the recent upgrades are being published here on the complete a beginner, then your hair. It is an option. We can import a certificate we can request a certificate. The requested certificate. We have toe provide a authority you can choose from the private certificate body or the Amazon body. Go to the bandage off. Shim you have to provide us are difficult body. Uh, you You can request a public sector figure. If you have you have accepted. You have to provide a domain name based on your organization. For example. Say a cripple every city. No, Lex. Why there Not come, uh, things like that. Not good. Or Japan. You are issuing a SSL certificate for a specific website. You can choose for the Guinness Village Validation or email valuation, which would reevaluate it for you in the idea after mechanism. In the first case, you can obtain permissions to modify DNS configurations. And in the second guess you won't have permission for you. Well, you have to provide the email. I d associate curator. Come. Maybe we're done here. You can confirm Antichrist option. The authority time could be a subordinate. See, here currency, you have to provide obedience off the organization. Say anything. What is the name of your organization? Unit off the organization. The country where it is resigning they Steve and provinces and more like that The common name the locality name. So you can create an SSL certification on make your website more Thank your. It will be a level to your users In a secure fashion, Fishing would be quite difficult. You feel often an SSL certificate. You can provide various options the common name for hidden next option. You can always choose from the everyone settings that level here You confuse from the artisan certifications that you CBS A I'm or I got some that I used who attended the key. You can also enable that certificate vocation list CRS. You're history bucket are you? Can I provide a link to your certain s playbook? It The letter to this list employed a custom. Seattle is no. And then finally, if you're done, I feel that create and come promotion 6. THE CloudHSM: Welcome Back press. We're learning identity and security on Amazon Flower and here in this electoral going to learn about cloud xsl but your service offered by Amazon Web services or hardware security module. So let's start. It is among the service for identity and security with artifact certificate manager guard duties in the signing. I know more so we can cloud 87 which is a hardware security module. You can secure your hardware in utility with their own encryption keys. On Amazon Cloud, you can manage your own encryption keys with F I PS 1 40 You level three well regulated systems. You have the ah cryptographic extensions and Microsoft crypto nd on different libraries. I've level you with industry standard. Every eyes cloudhsm with the standard compliant and enables you to export all of her keys to most other commission of level 80 firms. Subject of your configurations. We can have a fully managed service which automates time condemning at Michigan task for you suggest harder provisioning, softer batting community and backups. You have to you have quick scaling availability. On the capability to remove are different capacities on the mind with no cost. There are huge benefit With Cloud 18 you can generate and use encryption keys. We have the control off the encryption keys. You can reply secure, compliant workloads. You have, AH, load balancing and high mobility options. You can use an open assembled on industry standards on it is easy to manage so hard work. You have a cow that's a recent instance Running on Amazon Web services Beat on Virtual Private Cloud are a public cloud. You have, ah cloudhsm grilling as an instance with maybe BC on you have no less. You can add an essential authentication, your application by a nasty animal as a some plan. Suppose a client makes a request for the website, it will pass through the cloudhsm reflected back to your desks. Word I know it indicated by the SSL on the application and chest 20 are Amazon BC enabling you to user access application running with her elastic compute cloud or you see two instances you can add a standard to your PC. Security can close. The man is different. Our data centers. I'm cloud. You have defending separation based on roads and things like that. There are various implementations or use cases off. I guess them. You have the off Lord SSL processing for Web services. Was that your topic? Clear? I said So. Well, it's indication you can use to confirm the identity and Web server to our domestic GPS connection. Oh, I decide to forget my nature. Another tools, Uh, you have the production off private keys or in issuing certificate authority, using public key infrastructure or peaky I for and needing to issue dish Intel certificates for the island nation to restore property and scientists are difficult request so that you can security actors and issuing certificate authority To issue a certificate for your automation. You have to enable transparent data encryption for reconnect everything. You can use a cloudhsm who stole different types of incomplete data. It would be supported off with SQL Server uh, ideas and different kinds of data bases. As so this is the example that using the cloud attacked them with every PC. Here we have any Stanfel for HSM connected by SSL for different vpc incenses. Here we have ah one application distance ready. Similarly, we can have ah different instances running simultaneously in thing with each other. There will be on authentication estates off for hardware security water that will be authenticated by the computer for keys. We have different things off certificates for hardware as well. The hardware certifications, the manufacturer hardware certification, exam certification for blisters and left a siesta. We could also integrate excess, um, with different applications for cloud windows as well, like a peon sap on different tools like that. We could also integrate without we and we're cloud. We have the cloud egotism of where we have, uh, a person to have the control keys and crypto operations. Then there's an AWS and restricted, which manages the appliances and different are developed tools. We could also integrated with our different kinds off the hook, eastern sides, other services, but someone excited. It's always looks different things. It will protect you from a magic CSO invader for compromise to front and distance. It will protect you on the hardware level or follow database level with certificates and things like that. We have bucket. We can add the security to your bucket along your toe back in eight back off, but indicated with ageism all you can restore through the new look at us. You can perform this operation of photographically and with us here, like my line interface off Amazon. Come on, light. So this one direction of our cloud edges him. It is a quite a complex topic of when you dive in deeper. You have different kind of secure two years that you could implement off the hardware and the application level of security. We're learning more. I'm security and identity. When is when then keep running and keep pulling. 7. SEC Cloud HSM {demo}: Milton back. Friends, Welcome back, friends. Now we're going to create. And instead, for Amazon Cloud 80 of them, which is a security and identification application, duel a little on Amazon. You get three time instance by going through the dash for anything related. Lester's Delete. Lester. I need backup proteins and more. You can configure laughter based on certain words. Your private child. You have to define the cloud if you don't have ah, you PC instance. Yet you can create. I have to provide a location region, and you can create a blister. So here it. If the cluster has been created, the creation process is undergone. Maybe it is created. You can perform with this operation. Here, you have a backup option available. You can perform in addition, off north and more operations. And when it is not a views, you can delete it any time. 8. SEC Directory Service {demo}: Welcome back, friends here in this lecture, we're going to create an instance for Amazon directory services, which is a level of the Doolin security identity and complaints on Amazon dash for so you can create a service. I simply going toward Allen. So there is our last for four directory service. We have multiple directly being created. Yet we can send up new decrease the little Danny, please. And then from various operations on the left hand side, we have various operations like active Eric Re There. We have, ah, their priest that she shared with me. We can perform actions like reset passwords and what we can face the r Dr D days by seeking without a priest we have the here in religion with I relayed your service. That is a neighbor like Amazon working space, a quick side and more. It has a certain BBC linked with the submit on angry, Similarly going through the right through that I have created it, isn't I? Also I never would have work is please it may have, and you are that is optional. Based on other sermons that is being integrated with their Then we have options with cloud that creek. Uh, we can do that. It pre anything Wakanojo secrete is scheme us similar asset. We want to clear the directory. You have to select the directory type like AWS minus Microsoft 80 Simple Amazon directory. The A Amazon pre connector called me to use their foods and well, you can go with and it off this options based on your comment. If I go with the cognitive pool, I have to define the coordinator instance as well. Do you find the triggers and more? Thank you. Is ah any of them? You can go with the canonization all the end of reservation and the resolution would be a costlier option to you. You have to provide a DNS name for your website. The Night bios name that is optional and more options because I stayed with that I was. Then we have the simple 80 which have ideas and more services associated with him. ID I normally we aws lambda and more. We have a negotiator passport wear to provide the passwords and more. And we have the 80 connector when we even create able simply after the it's my left and live options and hit the description panel manager is calling it a user pull. It really liked us to the cometo dash for user control. From here we can manage the cognito services, and instantly we can integrate with covenant or does. 9. SEC GuardDuty {demo}: now we're going to create an instant for Amazon. Our duty, which is a tool of 1100 security, identity and compliance, could agree on Amazon Cloud in Beauty, for instance, by going through the option and hit the guard duty. Berta, it takes some time to load this service. You can use a guard duty toe as I turn detection. A system to manage your buffalo. It will block all the unauthorized eyepiece and different things. You can analyze the crowd, reel off DNS queries locked to gender security findings and more. You can hit this animal, Gardner. The option on link and you are have level. 10. SEC Inspector {demo}: Now we're going to viewed any stance for Amazon inspector, but your service I will level under the security identity in compliance. We can integrate this semester with a wide range off Amazon services. So here it is the X factor, which never fear to analyze that we have wear off analysts defenses and have identified potential security issues. You can install it of it as an agent for your easy doing stuff elastic Larkham Comfort Club and run the services based on a weekly monthly our daily basis. You can also choose from reading once it will perform the assessment on check for one reason. The software, uh, and host the Hardening Bench Month implement. The best service is the best practices in the configuration category. It will find ah and the air the guard. Okay, finding error the inspector create an analyst is referred on that and have a farm dog assess may on. Based on the assessment, you can define the template. You have to provide the rules the state of blues and provide coordination among for which it is being executed. 11. SEC Secrets Manager {demo}: Now we're going to create instant for Amazon secrets Manager, You can write or provided this secret or any kind of credential information. A confidential information. Did you get any store? In the end secret fashion. It would be anything like a possible to use their name. Are associated Are Barrick reconfigurations the keys? I did a bit pretentious and more You compete, isn't it? Instead, from going to redact for you have already give. Then you can create a store on your secret. But we don't have a secret not to choose from the top. It would be a date. Every secret. Your toe. That would be a credential based or anything like that. I simply you can write your custom Time off secret in a plain text are evil appear Just reading the plain text. We have a key value period. He received 123 the key and the valley. You have to choose the encryption key. You have to provide a name out of secret. What is the name of the secret? Say it could be a user name for my humility or anything like that. Actually it is not recommended. Toe, He stole your password anywhere. But in case you need it could be Landy. You could not memorizing. You have to store it anywhere. You can configure the automatic rotation. You can enable Choose to enable or disable automatic irritation if we choose animal automatically. Rotation. You have to provide a number of these. Inderal, our custom option. At least it could be integrated. You have a bride The lambda function associated with this. In case you have, you can just about everything. After we are defined, all the things you have to you have the software for sample code. Originally the sample come for your key. The JavaScript, Java Feature up ruby and bite him called a little earlier. When you are done, you can hit that store. What time I restore as our secret key. The Alfa. It contains every information that we have initialized. Similarly, goto the setting. You can find the settings the area associated here in the Amazon resource name for this, um, be effective. You have all the considerations here. Every will and you can always create multiple kind of sneakers. Um, and it started gravy secrets, aware of confidential information, but, uh, secrets, my ***, You can for fun with yourself since you can edit the configuration and good. Frankie, you didn't find article Finke sl edited. You can shoot, do the creation Based on certain, Dave. Yet the bride of value, you can believe if anything is not required, it won't go. Teoh, Watch your mind. So don't worry about the viewing. 12. SEC Single Sign On {demo}: Now we're going to create a distant for Amazon SSO single sign on There's a Security Gil. I will be from Amazon Nashville. I enjoyed this option and create any staff for SSO. Single thing on it is a top service that makes it easy to manage access or multiple a dealer's account and business applications. You can send a process so assigned essence of access to users and groups in your corporate Microsoft Active Directory all you can use. Ah, with account and business applications. The inner various use cases have living for this. You have the animal s Cecil exhaust. Then you have to connect with your corporate at entities, and then you can integrate with other teams. It has the greatest easy integration on commonly used witness applications associated with seeing this. I know next year a holes in desk and love, you have to hit the animal aws sso off button. I'm living here. If you do not have to support, you have to beat them with our tradition. They're fine. The arm infinitive. You can also go to the dogs. Documentation on D day Getting started. Guy, do you learn how you can perform everything I think a few services are there that has not level on multiple countries. I have to set all features that we animal on. You know, this information I can't muster accounted the most before you begin the tester. So we after defined very stews. If you have, you should have, um, existing Microsoft Active Directory that they don't have. If you have an active directory, then you could integrated with AWS Derek Reese enemas. And then just with SSO single sign on it will allow you to access both the active directory on Microsoft on either Miss Territory together. These are the staff. You have to perform them with management console and create the master on credentials. You need an active medication like yourself are with Amazon territory. And then you have to create the SSO and integrated with all of them. It is not a difficult thing. Simply that 13. SEC WAF and Shield {demo}: Now we're going to create an instant for Amazon. WTF on she just a security identity in compliance toe and level on Amazon Club. You can choose this option. I'm just always have the option. It will have you protected eight of those resources from exploits and basically DOS attack . Indeed, US attacks this deliberate denial of service attacks that are being toe thing off dead and different hacking attacks that goto harming traffic. And a seven You're gonna initiate that thing the way you have a website or app, like a running over of serving a customer. Beef off millions of 1000 off customers. And when there isn't that kind of Dido's there you have a massive request to your site so that you could crash down are Actually users will be able to access your site. You have to rely. Decide entities you have to send of the access control lists. A list off access control list you can define. Lose that contains conditions you can perform afterward with I p r malicious eyepiece that are there. You can choose to do so. Remove the part. You won't want any kind of size traffic do up there. You greet us instance, You have to provide a web easy a limb and me on the cloudwatch metric associated with the region. Then you can create the conditions. The call site is script matting. Exorcists attack that could be used. Yeah, to prevent acting. You can do the do match conditions. The ivory match conditions. Ask the injection mechanisms. There are more options for security implementations, but using the W f N Shell would ensure you more security over anything like that. It is club, so you need a better protection. My feminism and the more that lasting you have an option. So you have to never is this thing. It could be a costly After you have defined everything that you have to save them. The after go to that every option. Here we have the fire. What manager as well. The application firewall. The physical firewall Network firewall. Here we have the shell. You can go to the Monitor edition option. What? I was covered in which option that he does his funds over team support. And one, the free dear is free activated. And the read option is not activated. Now for my come, it was jarred heavy imam thing that really were tall apartment. If we have information you could use, there is no way if you go option because it will be running every time your traffic me come up or down, it would be a skin, but the security application could not be skill. So you have to keep paid upfront car. If we have the capability reviews, you can manage all of these things between regular expression matching and all kind off security implementations.