Become a cloud pro! This course provides essential cloud architecture insights for managers and leaders. Get hands-on, no setup, no cleanup, no hassle—ideal for workplace conversations and interviews.

"Cloud Architecture: A Guide To Design & Architect Your Cloud", is a course designed by a group of AWS, Azure Cloud Solution Architects. This course is for Leaders who are thinking about moving their applications to the cloud or for managers what to be a part of the cloud movement one way or the other. The people who generally benefit from this course are Software Development Managers (SDM), IT Managers, Engineering Managers, Technical Program Managers (TPM) and even developers. 

This course essentially gives you all the knowledge you would need to have a well-informed conversation at your workplace or an interview. It is a course for beginners and does not go into details on how you would configure your Load Balancer or how you would set up a bastion host.

Gaurava Gupta

Thanks a lot for such a wonderful course. It helped my understand all the basics. 

Great Course

Nara P

I am a TPM at one of the FANG companies and was looking to learn more about the cloud. This course gave be a good understanding. 

Very good for managers. 

Miklos Rogers

What I especially liked: the lessons are well structured, give a very good understanding. I liked the chapters on Security and the cloud principles. 

This is an excellent course !

Iggy

This was my very first paid course here and it was well worth the money !

This course gave me a head start on the Cloud 

Denver M

This course covers all the key points that were asked at my interview. Hopefully i get the next interview. 

Good overview !

Cloud Architecture: A Guide To Design &  Architect Your Cloud

# Security on the cloud consists of -
1. Infrastructure Structure Security
1. DDoS Mitigation
1. Data Encryption 
1. Inventory & Configuration 
1. Monitoring and Logging 

## Infrastructure Structure Security
Several security capabilities and services to increase privacy and control network access. These include:
Network firewalls built into the VPC and web application firewall capabilities using WAF will let you create private networks and control access to your instances and applications
Encryption in transit with TLS across all services
Connectivity options that enable private, or dedicated, connections from your office or on-premises environment

## DDoS Mitigation
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.
Availability is of paramount importance in the cloud. Customers benefit from DDoS protection services and technologies built from the ground up to provide resilience in the face of DDoS attacks.
Some services like auto-scaling also are designed with an automatic response to DDoS to help minimize time to mitigate and reduce impact.

## Data Encryption
AWS offers you the ability to add an additional layer of security to your data at rest in the cloud, providing scalable and efficient encryption features. This includes:

Data encryption capabilities are available in AWS storage and database services, such as EBS, S3, Glacier, Oracle RDS, SQL Server RDS, and Redshift.

Flexible key management options, including AWS Key Management Service, allow you to choose whether to have AWS manage the encryption keys or enable you to keep complete control over your keys.

Encrypted message queues for the transmission of sensitive data using server-side encryption (SSE) for Amazon SQS.

Dedicated, hardware-based cryptographic key storage using AWS CloudHSM, allowing you to satisfy compliance requirements.

 
## Inventory & Configuration
The Cloud range of tools allows you to move fast while still ensuring that your cloud resources comply with organizational standards and best practices. This includes:

A security assessment service like Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage.

Deployment tools to manage the creation and decommissioning of AWS resources according to organization standards.

Inventory and configuration management tools, including AWS Config, that identify AWS resources and then track and manage changes to those resources over time.

Template definition and management tools, including CloudFormation to create standard, pre-configured environments.

 
## Monitoring and Logging
The cloud provides tools and features that enable you to see exactly what’s happening in your environment. This includes:

Deep visibility into API calls, including who, what, who, and from where calls were made.

Log aggregation options, streamlining investigations, and compliance reporting.

Alert notifications through CloudWatch when specific events occur or thresholds are exceeded.
 
These tools and features give you the visibility you need to spot issues before they impact the business and allow you to improve security posture, and reduce the risk profile, of your environment.

## Identity and Access Control
Cloud Providers offer you capabilities to define, enforce, and manage user access policies across services. This includes services like:
AWS Identity and Access Management (IAM) lets you define individual user accounts with permissions across AWS resources.

AWS Multi-Factor Authentication for privileged accounts, including options for hardware-based authenticators
AWS Directory Service allows you to integrate and federate with corporate directories to reduce administrative overhead and improve end-user experience.
 
AWS provides native identity and access management integration across many of its services plus API integration with any of your own applications or services.

Most cloud providers like Azure and AWS are ISO1, ISO2, ISO3, PCI, HIPPA, SOC, FedRAMP compliant. 


Security on the cloud consists of - a) Infrastructure Structure Security b) DDoS Mitigation c) Data Encryption d) Inventory & Configuration e) Monitoring and Logging

Introduction

Cloud Principles

Operating on the cloud

Security on the Cloud

Understanding the Cloud Architecture

Contact Us

Basics of Securing Your Cloud

Security on the cloud consists of -

Infrastructure Structure Security

DDoS Mitigation