pro $24.99 per month
- access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
- choose one free eBook per month to keep
- exclusive 50% discount on all purchases
- renews monthly, pause or cancel renewal anytime
lite $19.99 per month
- access to all Manning books, including MEAPs!
team
5, 10 or 20 seats+ for your team - learn more
Look inside
QryptoTremolo, a startup that’s been developing a set of next-generation financial services, has already taken steps to provide visibility into its AWS accounts and set up AWS GuardDuty to detect intruders. But managers of the development teams have administrator access to these accounts, and despite being a dangerous anti-pattern, that’s not going to change anytime soon. Your task is to automate the configuration of organizational service control policies that restrict access of local administrators (and intruders) to any AWS Config and EventBridge resources located in the AWS accounts. You’ll write code to query the IAM (Identity and Access Management) policy simulator in order to gauge API calls’ ability to tamper with resources. You’ll also develop end-to-end tests that prove whether an SCP change will behave as expected, and build a pipeline to codify the change control process for the SCP.
This project is a part of the series AWS Security: Compliance and Observability.
This project is designed for learning purposes and is not a complete, production-ready application or solution.
prerequisites
This liveProject is for security engineers with intermediate experience in AWS and infrastructure as code. To begin these liveProjects you’ll need to be familiar with the following:
TOOLS- Python 3.7
- AWS CLI 1.18
- Bash 3
- Boto3 1.18
- pytest 6.2.0
- Git 2.24
- Basic knowledge of *nix/bash command shell
- Basic experience with CloudFormation
- Basic experience with the AWS CLI
- Intermediate knowledge of AWS accounts and AWS Organizations
- Intermediate knowledge of Python 3 programming including: lists, dicts, loops, comprehensions, functions, conditionals
- Basic knowledge of IAM and assuming cross-account IAM roles
- Basic understanding of cloud computing and the AWS platform
- Basic understanding of infrastructure as code
- Basic understanding of security concepts
Note: These exercises rely upon the AWS platform, which may carry usage costs.
features
- Self-paced
- You choose the schedule and decide how much time to invest as you build your project.
- Project roadmap
- Each project is divided into several achievable steps.
- Get Help
- While within the liveProject platform, get help from fellow participants and even more help with paid sessions with our expert mentors.
- Compare with others
- For each step, compare your deliverable to the solutions by the author and other participants.
- book resources
- Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.
related titles
related titles
choose your plan
pro
monthly
annual
$24.99
$249.99
only $20.83 per month
- access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
- choose another free product every time you renew
- choose twelve free products per year
- exclusive 50% discount on all purchases
- renews monthly, pause or cancel renewal anytime
- renews annually, pause or cancel renewal anytime
-
![]()
Service Control Policy project for free
Service Control Policy project for free
team
monthly
annual
$49.99
$499.99
only $41.67 per month
- five seats for your team
- access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
- choose another free product every time you renew
- choose twelve free products per year
- exclusive 50% discount on all purchases
- renews monthly, pause or cancel renewal anytime
- renews annually, pause or cancel renewal anytime
-
![]()
Service Control Policy project for free
