1. Virtual Private Cloud Security (AWS VPC)
   1. Basic of VPC's
   2. SG
   3. NACLs
   4. Routing
      1. AWS PrivateLink
      2. AWS Transit Gateway
   5. VPC Flow Logs
   6. Traffic Mirroring
   7. VPC Reachability Analyzer
2. Anti-DDoS (AWS Shield)
   1. Shield Standard (free)
      1. Basic L3 & 4 protection
         1. Network layer
         2. Transport layer
         3. Detections
            1. Detection logic for infrastructure layer threats
            2. Detection logic for multiple resources in an application
            3. DDoS detection vectors
   2. Shield Advanced (paid/premium)
      1. Sheild Advanced - features
         1. Detection logic for application layer threats
         2. Amazon CloudFront distributions.
         3. Amazon Route 53 hosted zones.
         4. AWS Global Accelerator standard accelerators.
         5. Amazon EC2 Elastic IP addresses. Shield Advanced protects the resources that are associated with protected Elastic IP addresses.
         6. Amazon EC2 instances, through association to Amazon EC2 Elastic IP addresses.
         7. The following Elastic Load Balancing (ELB) load balancers:
            1. Application Load Balancers.
            2. Classic Load Balancers.
            3. Network Load Balancers, through associations to Amazon EC2 Elastic IP addresses.
      2. Shield Advanced Capabilities and options
         1. AWS WAF integration (at no extra cost)
         2. AWS Firewall Manager integration (at no extra cost)
         3. Automatic application layer DDoS mitigation
         4. Health-based detection
         5. Protection groups
         6. Enhanced visibility into DDoS events and attacks
         7. Centralized management of Shield Advanced protections by AWS Firewall Manager
         8. AWS Shield Response Team (SRT)
            1. AWS WAF log analysis and rules
            2. Build custom network mitigations
            3. Network traffic engineering
            4. Architectural recommendations
            5. Proactive Engagement (15min)
         9. Cost protection opportunities
   3. When to choose Shield Advanced
      1. Applications
      2. Resources
      3. Side by side table
   4. Security with AWS Shield
   5. Documentation
   6. Pricing
3. Web App Protection (AWS WAF)
   1. Documentation
   2. Sample input rule criteria
      1. Scripts that are likely to be malicious (example known as cross-site scripting (XSS)
      2. IP addresses or address ranges that requests originate from
      3. Country or geographical location that requests originate from
      4. Length of a specified part of the request, such as the query string
      5. SQL code that is likely to be malicious (example known as SQL injection)
      6. Strings that appear in the request (support for regex)
      7. Labels that prior rules in the web ACL have added to the request
   3. Features
      1. Monitors HTTPS
         1. Amazon CloudFront
         2. AWS Application Load Balancer
         3. AWS API Gateway
         4. AWS AppSync GraphQL API
      2. Controls access to content
         1. Web ACL's
         2. Rules
         3. Rules groups
         4. Web request body inspection
      3. Protect applications on Amazon ECS
      4. Customized web requests and responses
         1. Allow, count, CAPTCHA, block
      5. Labels on web requests
      6. Managed protections
         1. Bot Control
         2. Fraud Control (acount takeover prevention - ATP)
         3. Client application integration
         4. CAPTCHA
      7. Logging web ACL traffic
         1. CloudWatch Logs
         2. Amazon S3 buckets
         3. Kinesis Data Firehose
   4. Getting started with AWS WAF
   5. Security in AWS WAF
4. Layer 7 network firewall + IPS (AWS Network Firewall)
   1. Use cases
      1. Filter inbound Internet traffic
      2. Filter outbound traffic
      3. VPC to VPC traffic
      4. Secure AWS Direct Connect and VPN traffic
      5. Filters both network and application layer traffic
   2. Features
      1. High availability and automated scaling
      2. Stateful firewall
         1. To/from outside of VPC
            1. Transit Gateway
            2. Site-to-site VPN
            3. AWS Direct Connect
            4. Internet Gateway
         2. Policies
            1. IP
            2. Port
            3. Protocol
            4. Domain
            5. Pattern matching
            6. Includes match setting for traffic direction
         3. To/from inside of VPC
            1. Private Subnets
            2. Public Subnets
      3. Web filtering
         1. SNI
         2. FQDN
      4. Alert and flow logs
         1. Amazon S3
         2. Amazon Kinesis
         3. Amazon CloudWatch
         4. Logging and Monitoring
      5. Central management and visibility
         1. Integration with AWS Firewall Manager
      6. Intrusion prevention system (IPS)
         1. Internal/in-house
         2. Open source platforms
         3. 3rd party vendors
         4. Suricata User Guide
      7. Diverse ecosystem of partner integrations
         1. Partners
   3. Security in AWS Network Firewall
   4. Getting started with AWS Network Firewall
   5. FAQ's
   6. Documentation
5. DNS Firewall (Route 53 Resolver DNS Firewall)
   1. Features
      1. VPC-outbound DNS (domain-based) filtering/protection
         1. Allow/alert/block particular domains
         2. Block DNS resolution in private hosted zones
         3. Block/allow requests for Amazon EC2
      2. Complements AWS Network Firewall for domain name filtering (which does not has visibility into queries made by Route 53 Resolver)
      3. Monitor activity with logs and metrics
   2. Integrated within AWS Firewall Manager
   3. Enabling Route 53 Resolver DNS Firewall protections for your VPC
   4. Security in Amazon Route 53
   5. Amazon Route 53 Documentation
6. Management and aggregation (AWS Firewall Manager)
   1. Features
      1. Automatically deploy
         1. Amazon VPC Security Rules
         2. AWS WAF rules
         3. AWS Shield Advanced protections
         4. AWS Network Firewall rules
         5. Amazon Route 53 DNS Firewall rules
      2. Integrated with AWS Organizations
         1. By Account
         2. By Resource Type
         3. By Tag
         4. Cross-account protection policies
      3. Dashboard with compliance notifications
      4. Audit existing and future security groups in your VPCs
   2. AWS Firewall Manager findings
      1. AWS Security Hub
      2. Finding types
         1. AWS WAF policy findings
         2. AWS Shield Advanced policy findings
         3. Security group common policy findings
         4. Security group content audit policy findings
         5. Security group usage audit policy findings
         6. Amazon Route 53 Resolver DNS Firewall policy findings
   3. Getting started with AWS Firewall Manager
   4. Security in AWS Firewall Manager
   5. AWS Firewall Manager FAQ's
   6. Documentation