Week 4 Worklog

Week 4 Objectives:

  • Deepen understanding of Identity & Security in AWS:

    • Learn how access management services work: IAM, Cognito, AWS Identity Center (SSO), and Organizations.
    • Understand data encryption using AWS KMS and apply encrypt at rest in practice.

  • Get familiar with and practice AWS Security Hub to aggregate and assess system security standards.

  • Understand IAM Role, Condition keys, and Permission Boundaries, and apply them to limit and control resource access.

  • Learn how to analyze and optimize cost between EC2 and Lambda to choose the right service per scenario.

  • Practice reading and translating AWS technical documentation to support in-depth knowledge synthesis and internal sharing.

Tasks to carry out this week:

DayTasksStart dateCompletion dateReference Material
2- Study services related to Identity & Security in AWS:
  + Amazon Cognito: Authentication, authorization, and user management for web & mobile apps.
  • Learn User Pools (user signup/sign-in) and Identity Pools (granting access to other AWS services).

  + AWS Organizations: Central management of multiple AWS Accounts, use OUs, Consolidated Billing, and Service Control Policies (SCPs).

  + AWS Identity Center (SSO): Manage access to AWS Accounts & external applications; learn Identity source and Permission Sets.

  + AWS KMS: Key management; learn CMK, Data Key, and encrypt at rest mechanism.

- Practice labs:
  + Lab 2: IAM Role ✅
  + Lab 30: IAM Permission Boundary ✅
  + Lab 27: Tag and Resource Groups ✅
  + Lab 28: Manage EC2 via Resource Tags
  + Lab 18: AWS Security Hub ✅
  + Lab 12: AWS SSO (SUS)
  + Lab 33: KMS Workshop ✅
  + Lab 44: IAM Role and Condition
  + Lab 48: IAM Role and Application
  + Lab 22 ✅		29/09/202529/09/2025AWS Study Group YouTube Playlist
3- Study & practice AWS Security Hub:
  + Enable Security Hub and integrate with other security services (GuardDuty, Config, Inspector).
  + Check and evaluate security standards (CIS AWS Foundations Benchmark, PCI DSS, etc.).
  + Analyze Findings and handle security alerts.

- Cost comparison & optimization between EC2 and AWS Lambda:
  + Analyze pricing models: EC2 (runtime-based) vs Lambda (requests & execution duration).
  + Evaluate suitable use cases and select the more cost-effective service.

- Manage EC2 access using Resource Tags and AWS IAM:
  + Create tag-based IAM policies.
  + Restrict EC2 resource access by Tag.
  + Test and verify access controls.		30/09/202530/09/2025Get started with AWS Security Hub
EC2 vs Lambda cost optimization
Manage EC2 access via Resource Tags
4- Study IAM Role and Condition in AWS IAM:
  + Review IAM Roles and how to attach Roles to AWS services (EC2, Lambda…).
  + Differentiate Trust Policies and Permission Policies.
  + Explore Condition keys in IAM Policies to restrict access by conditions (e.g., aws:SourceIp, aws:RequestedRegion, or by Tag).
  + Lab: configure and test IAM Role with specific conditions.

- Study “Encrypt at rest” with AWS KMS:
  + Review CMK (Customer Managed Key) and Data Key concepts.
  + Practice encrypting stored data using AWS KMS on S3/EC2.
  + Distinguish encryption at rest vs encryption in transit.		01/10/202501/10/2025IAM Role Condition
Encrypt at rest with AWS KMS
5- Limit User permissions with IAM Permission Boundaries:
  + Review IAM Policy and Role-based Access Control (RBAC).
  + Learn how Permission Boundaries act as a maximum limit for IAM User or Role permissions.
  + Differentiate between regular IAM Policies and Permission Boundary Policies.
  + Lab: create a User and attach a Permission Boundary to limit actions (e.g., allow creating EC2 only in a specific region).
  + Verify results via AWS CLI and Console.		02/10/202502/10/2025Limit user permissions with IAM Permission Boundary
6- Translate blog & materials related to AWS / Cloud:
  + Translate Document 1: “AWS recognized as Leader in 2024-25 Omdia Universe for Cloud Container Management & Services”
  + Translate Document 2: “AWS Savings Plans: How to Implement an Effective Chargeback Strategy”
  + Translate Document 3: “AWS Weekly Roundup: Amazon S3 Express One Zone price cuts, Pixtral Large on Amazon Bedrock, Amazon Nova Sonic, and more (April 14, 2025)”		03/10/202503/10/2025Google Doc 1
Google Doc 2
Google Doc 3

Week 4 Achievements:

  • Completed study and hands-on practice of Identity & Security related services in AWS, including:

    • Amazon Cognito – authentication and user authorization for web/mobile apps.
    • AWS Organizations – central management of multiple accounts with OUs, SCPs, and Consolidated Billing.
    • AWS Identity Center (SSO) – managing access to multiple AWS accounts and external apps.
    • AWS KMS (Key Management Service) – key management and encrypt-at-rest practices.
    • AWS Security Hub – monitoring & assessing overall security posture.
    • IAM Permission Boundary – setting maximum permission limits for users/roles.

  • Completed security & access management labs:

    • IAM Role & Condition ✅
    • Permission Boundary ✅
    • Security Hub ✅
    • Tag-based Access Control for EC2 ✅
    • Encrypt at rest with AWS KMS ✅

  • Mastered IAM policy concepts and their application:

    • Trust Policy, Permission Policy, and Condition Keys.
    • Applied tag-based policies to restrict resource access based on practical conditions.

  • Learned how to assess & optimize costs between EC2 and Lambda to choose the appropriate service per workload.

  • Translated and summarized 3 in-depth AWS & Cloud documents/blogs:

  • Improved ability to read – translate – analyze English technical AWS documentation, strengthening foundational Cloud Security knowledge.