Gained hands-on experience with common security weaknesses around the most commonly used AWS services and covered mitigations to help in securing these services. Key Learnings 🧠

1. IAM Permissions and Credentials 🔑 Long-term Credentials: Created via the AWS Console or AWS CLI using commands like aws iam create-access-key. Short-term Credentials: Generated by AWS Security Token Service (STS) using commands like aws sts get-session-token. Best Practices: Avoid using IAM Users when possible; prefer SAML or OIDC for session credentials. Never commit access keys to source code repositories. Rotate access keys regularly and use Multi-Factor Authentication (MFA) for enhanced security.
2. Resource Policies and Service Control Policies (SCPs) 📜 IAM Policies: Define what actions a principal can perform on resources. Resource Policies: Attached to resources (e.g., S3 buckets) to define who can access them. SCPs: Applied at the organizational level to enforce compliance and security policies across accounts.
3. AWS Services and Security ☁️ AWS Lambda: Explored security implications of serverless functions, including execution roles and resource-based policies. S3 Buckets: Learned about public S3 buckets, their naming conventions, and how to identify misconfigured buckets. EC2 Instances: Gained insights into launching and managing EC2 instances, including security group configurations and IAM roles.
4. VPC and Networking 🌐 VPC Components: Understood the structure of VPCs, including subnets, route tables, and security groups. NAT Gateways and VPC Endpoints: Learned how to manage internet access for private subnets and secure communication with AWS services.
5. Monitoring and Logging 📊 VPC Flow Logs: Used for monitoring network traffic and identifying potential security threats. AWS GuardDuty: A threat detection service that uses machine learning to identify suspicious activity.
6. Hands-On Labs 🛠️ Engaged in practical labs that involved: Creating IAM users and roles. Configuring access keys and environment variables. Exploring and exploiting public S3 buckets. Using tools like FireProx for IP rotation in API requests. Conclusion 🎉 This training has not only equipped me with valuable skills but also reinforced my commitment to continuous learning in cybersecurity and cloud computing. I am excited to apply this knowledge in real-world scenarios and contribute to secure cloud architectures