Blog

MCY 612 Module 7: Project

MCY 612 Module 7: Project

First, you need to choose one option from the list below to study a new AWS security service. Then, you need to define a use case to illustrate how you can apply the service to enhance system security. Finally, you need to implement the use case using CLI commands. You need to run two test cases to validate your implementation.

AWS Security Service List

  • AWS Config

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. First, you need to read AWS Config documents at https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html. Then you need to define an AWS Config project that you want to do. Finally, you need to implement your project with AWS CLI.

  • AWS Private Certificate Authority (CA)/AWS Certificate Manager (ACM)  

AWS Private CA creates private certificates to identify resources and protect data. AWS Certificate Manager manages the lifecycle of certificates: creating, storing, deploying, and managing renewals for AWS services such as Elastic Load Balancing, Amazon CloudFront, and so on.  First, you need to read AWS Private CA documents at https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html  and AWS Certificate Manager documents at https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html. Then you need to define an AWS Private CA/ACM project that you want to do. Finally, you need to implement your project using AWS CLI.

  • AWS Shield

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency. First, you need to read AWS Shield documents at https://docs.aws.amazon.com/waf/latest/developerguide/shield-chapter.html to study the AWS Shield service. Then you need to define an AWS Shield project that you want to do. Finally, you need to implement your project using AWS CLI.

  • AWS Audit Manager

AWS Audit Manager helps you continually audit your AWS usage to simplify how you manage risk and compliance with regulations and industry standards. First, you need to read Audit Manager documents at https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html  to study the Audit Manager service. Then you need to define an Audit Manager project that you want to do. Finally, you need to implement your project using AWS CLI.

  • AWS Detective

AWS Detective makes it easy to analyze, investigate, and quickly identify the root cause of security findings or suspicious activities. First, you need to read Detective documents at https://docs.aws.amazon.com/detective/latest/adminguide/what-is-detective.html to study the Detective service. Then you need to define a Detective project that you want to do. Finally, you need to implement your project using AWS CLI.

  • AWS Elastic Disaster Recovery

AWS Elastic Disaster Recovery (AWS DRS) minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery. First, you need to read AWS DRS documents at https://docs.aws.amazon.com/drs/latest/userguide/what-is-drs.html to study the AWS DRS service. Then you need to define an AWS DRS project that you want to do. Finally, you need to implement your project using AWS CLI.

  • AWS Security Hub

AWS Security Hub is a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation. First, you need to read AWS Security Hub documents at https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html to study the AWS Security Hub service. Then you need to define an AWS security hub project that you want to do. Finally, you need to implement your project using AWS CLI.

  • Any other new AWS security service

If you want to study any other new AWS security service, please write your project description and email it to me at for approval.

For AWS CLI Command Reference, please visit https://docs.aws.amazon.com/cli/latest/index.html

Project Requirements

  • You must use AWS CLI to implement and test your project.
  • You need to turn in a report in a Word document to Canvas. The report must include all of the sections listed below.
  1. Title Page containing the title of the project, your name, the name of the class, your instructor’s name, and the date the project was submitted.
  2. Introduction Describe your project clearly.
  3. System Architecture Describe in a diagram and words what your system architecture is. In this section, you need to draw a diagram clearly showing all components you use in the project.
  4. Implementation includes two subsections: Materials and Methods

Materials List all materials used in the project including AWS CLI, VM, AWS services, your AWS Access Key ID, and your AWS Secret Access Key (Note: you only need to show the last five characters of your AWS Access Key ID and the last five characters of your AWS Secret Access Key. For example, the AWS Access Key ID is *********AMPLE.).

Methods Describe the steps completed during your investigation. Be sufficiently detailed so that anyone could read this section and duplicate your efforts. You need to provide inputs and outputs of all your AWS CLI commands.

  1. System Testing includes test case description, detailed test steps, and test results. You need to provide all testing commands and their outputs.
  2. Analysis Discuss your test results.
  3. Conclusion A short summary of your project.
  4. References List any references that you used during the course of your project.
Tags: , , , , , , ,