Cloud
Amazon AWS — fundamentals
IAM, VPC, EC2/S3, Boto3, cost and security best practices.
- 0112 minAccounts, Organizations and IAMintro
How the AWS hierarchy is laid out — accounts, Organizations, OUs — and the basics of IAM: users, roles, policies and the principle of least privilege.
- 0213 minNetworking: VPC, subnets, security groupscore
Networking basics in AWS: Virtual Private Cloud, public and private subnets, security groups vs NACLs, and internet access.
- 0312 minCompute and storage: EC2, S3, RDScore
The three fundamental AWS services: EC2 virtual machines, S3 object storage and managed RDS databases — together with their security controls.
- 0413 minAutomation with Boto3 (Python)core
Boto3 — the official AWS SDK for Python: clients vs resources, sessions, paginators and credential handling — with inventory examples.
- 0512 minSecurity: GuardDuty, Security Hub, IAM Access Analyzeradvanced
Three native AWS security services: GuardDuty (threat detection), Security Hub (aggregation) and Access Analyzer (excessive access).
- 0611 minCost control and taggingcore
How to keep AWS costs under control: tagging, Cost Explorer, budgets and cost allocation — and why tags matter for security.
- 0714 minHow ZEUS reads AWS (IAM role / access key, Boto3, GuardDuty, Security Hub)advanced
The full anatomy of the ZEUS connector to AWS: a read-only identity (cross-account role or access key), Boto3, and integration with native security services.
Check your knowledge — quiz
5 questions · pass mark 80%. Score saved locally.
1.In AWS, what is the fundamental boundary for isolation and billing?
2.Which Organizations mechanism constrains what accounts in an OU can do, regardless of their own IAM permissions?
3.What is the most common critical security group finding that ZEUS flags?
4.Why does the ZEUS connector assume a cross-account role via assume_role instead of using an access key?
5.Why does the trust policy of the ZEUS cross-account role require an ExternalId condition?