Week 4 Worklog

Week 4 Objectives:

  • Security Core: Master Shared Responsibility Model and identity management with IAM, Cognito, Organizations.
  • Database Services: Master database services like RDS, Aurora, Redshift, and ElastiCache.
  • Data Encryption: Practice comprehensive data encryption with AWS KMS integrated with S3 and CloudTrail.
  • App Protection: Explore web application protection layers with AWS WAF, Shield, and Security Hub.
  • Access Control: Deploy granular access control with IAM Role and Conditions.

Tasks to be carried out this week:

Day Task Start Date Completion Date Reference Material
1 - AWS Security Services:
  + Shared Responsibility Model
  + AWS Identity and Access Management
  + Amazon Cognito
  + AWS Organizations
  + Amazon Key Management Service		 29/09/2025 29/09/2025 https://github.com/tuanvu250/AWS-FCJ/blob/main/module/module-05/note.md
2 -Getting Started with AWS Security Hub:
  + Enable Security Hub & review security standards
- Explore AWS Shield & AWS WAF		 30/09/2025 30/09/2025 https://000018.awsstudygroup.com/vi/
https://000053.awsstudygroup.com/vi/
3 - AWS Database Services:
  + Amazon RDS & Amazon Aurora
  + Redshift - Elasticache		 01/10/2025 01/10/2025 https://github.com/tuanvu250/AWS-FCJ/blob/main/module/module-05/note.md
4 - Encryption at Rest with AWS KMS:
  + Create Key Management Service & Amazon S3
  + Create AWS CloudTrail & Amazon Athena
  + Test and share encrypted data on S3
- Practice IAM Role & Condition		 02/10/2025 02/10/2025 https://000033.awsstudygroup.com/vi/
https://000044.awsstudygroup.com/vi/
5 - Event [AWS GenAI Builder Club] AI-Driven Development Life Cycle: Reimagining Software Engineering (2pm Friday 3/10/2025) 03/10/2025 03/10/2025
6 - Practice Granting application access to AWS services with IAM Role
- AWS Database Services: Database Concepts review		 04/10/2025 04/10/2025 https://000048.awsstudygroup.com/
https://github.com/tuanvu250/AWS-FCJ/blob/main/module/module-06/note.md

Week 4 Achievements:

  • Security Proficiency: Clearly understood the shared responsibility model and secure IAM/Cognito configuration.
  • Database Mastery: Differentiated and selected the right DB service (SQL/NoSQL/In-memory) for specific use cases.
  • Encryption Lab: Successfully encrypted data with KMS and audited access via CloudTrail/Athena.
  • Threat Protection: Enabled and evaluated security scores with Security Hub, understood WAF/Shield mechanisms.
  • Granular Access: Granted precise access rights to applications and users via complex IAM conditions.