About the course and author
For someone getting started on their AWS security journey, if there’s one service I’d recommend that they learn very well, it would be CloudTrail.
AWS CloudTrail is such an important service because it gives you visibility into your AWS account activity, and without visibility, you don’t have security.
This is a key aspect of security and operational best practices in the cloud (frankly also outside the cloud, but that’s not what we’re focusing on here).
So if you’re serious about learning AWS security, you’re in the right place, and let’s take a closer look at what this course will teach you!
About your author
Before we do that, let me share just a little bit about me and who I am, and why you should take this course from me.
Hi, I’m Christophe Limpalair, and I’m the founder and an author at Cybr, where I’ve published many courses on topics of cloud security and ethical hacking. You may also know me from Linux Academy, where I taught multiple AWS courses including AWS certification courses. I taught for the AWS Certified Developer, AWS Certified SysOps, AWS Certified DevOps Engineer Professional, and the AWS Cloud Practitioner certifications.
There, I helped build, manage, and secure production AWS infrastructure that ran as a $1m/year budget.
Through that and other experiences, I learned how to properly design and secure AWS environments and resources. I continue to build on AWS for our platform at Cybr, and for various consulting gigs.
All that to say: I have years of experience working in AWS and building as well as securing production environments, and I’m now working on sharing my experiences in this (and other) courses to help you secure your own AWS resources.
For more details about my background, check out my LinkedIn profile and feel free to connect!
About the syllabus
This course is designed for anyone, regardless of current skill level, to be able to walk away with a thorough understanding of what CloudTrail is, how it can be used, and how you should configure it to get observability in your AWS environments depending on your specific use case.
We start off by explaining what data CloudTrail is able to collect and log depending on how it’s configured. There is a common misunderstanding that I’ve found from working with others in the industry, regarding the differences between logging Management, Data, or Insights Events.
When you create an AWS account, by default, only Management Events get collected, and this can be a problem that we’ll explore in detail.
In addition, CloudTrail offers 3 primary ways of recording data, and each of those ways has pros and cons that are important to understand, and so we’ll cover those topics.
Then, we jump into the AWS console to learn how to:
- Work with Event history
- Create our first trail
- Work with trails
- Work with pushing logs to CloudWatch for analytics, monitoring, and alerting
- Work with CloudTrail Insights to detect unusual activity
- Use CloudTrail Lake for auditing, security investigation, and operational troubleshooting
We’ll then wrap up the course by explaining how to secure our CloudTrail deployments and log files, by using IAM, log file integrity, encryption, and a checklist of security best practices.
By the end of this course, you will feel confident deploying CloudTrail for production environments, and you’ll be ready to learn more advanced topics like threat hunting and investigating security events, which we will teach in a separate course.
If you have any questions about this course, please reach out in our community. But otherwise, I hope you’re excited to get started and I’ll see you in the course!