Week 5 Worklog

Week 5 Objectives:

  • Understand the Shared Responsibility Model and AWS security fundamentals.
  • Gain proficiency in identity services: IAM, AWS Identity Center, AWS Organizations, Cognito.
  • Learn and apply KMS, CloudTrail, and Athena for audit logging and security analytics.
  • Practice governance strategies: tagging, resource groups, restriction policies, automation.
  • Manage IAM Roles, Policies, Access Keys, Switch Roles, and conditional access based on IP / Time.
  • Enable and evaluate Security Hub for security posture assessment.

Tasks to be carried out this week:

DayTaskStart DateCompletion DateReference Material
1Study Module 05 – Security Fundamentals:
+ 05-01: Shared Responsibility Model
+ 05-02: IAM
+ 05-03: Cognito
+ 05-04: AWS Organization
+ 05-05: Identity Center		06/10/202506/10/2025AWS Study Group
2Study Module 05 Security Services:
+ 05-06: Key Management Service
+ 05-07: Security Hub
+ 05-08: Hands-on & research		07/10/202507/10/2025AWS Study Group
3Perform Security Hub – Lab18:
+ Enable Security Hub
+ Evaluate security scores
+ Cleanup

Perform Tag Automation – Lab22:
+ Create VPC, SG, EC2
+ Slack webhook
+ Lambda role + Start/Stop EC2 Functions
+ Tag-based automation
+ Cleanup		08/10/202508/10/2025AWS Study Group
4Perform Resource Governance – Lab27 + Lab30:
+ Create EC2 with tags
+ Manage tags via console & CLI
+ Filter resources by tag
+ Create Resource Group
+ Create restriction policy
+ Create limited IAM user & test limits
+ Cleanup		09/10/202509/10/2025AWS Study Group
5Advanced IAM & KMS Practice – Lab28, Lab33, Lab44, Lab48:
+ Lab28: IAM user, policy, role, switch role (Tokyo/Virginia), tag-based restrictions
+ Lab33: Create KMS key, CloudTrail logging, Athena for log analysis, S3 encryption
+ Lab44: IAM groups, admin role, IP/Time-based Switch Role restrictions, cleanup
+ Lab48: Access keys, IAM role usage with EC2/S3, cleanup		10/10/202510/10/2025AWS Study Group

Week 5 Achievements:

  • Mastered AWS security fundamentals and the Shared Responsibility Model.
  • Learned advanced IAM: user, groups, roles, policies, Switch Role, conditional access.
  • Applied tagging for governance, automation, filtering, and resource grouping.
  • Enabled Security Hub, evaluated findings, and understood improvement strategies.
  • Used KMS for encryption, CloudTrail for audit logs, Athena for querying security insights.
  • Implemented IP- and Time-based access controls using IAM conditions.
  • Completed an end-to-end workflow integrating IAM → Security Hub → KMS → CloudTrail → Athena → S3 Encryption → Governance.