Event 5

Summary Report: AWS Cloud Mastery Series #3 - AWS Well-Architected Security Pillar

Event Objectives

  • Provide a full-spectrum understanding of AWS security fundamentals and modern identity architecture.
  • Clarify the roles, differences, and practical use cases of IAM vs. IAM Identity Center.
  • Demonstrate how Single Sign-On improves operational efficiency and centralized access control.
  • Explain and apply advanced security mechanisms such as SCPs, permission boundaries, MFA, and IAM Access Analyzer.
  • Walk participants through realistic identity lifecycle operations with a hands-on onboarding and SSO configuration demo.

Speakers

  • Van Hoang Kha - AWS Community Builder
  • Cloud Club Captains from HCMUTE, HUFLIT & PTIT
  • Dinh Le Hoang Anh - Cloud Engineer Trainee, First Cloud AI Journey
  • Huynh Hoang Long - Cloud Engineer Trainee, First Cloud AI Journey

Key Highlights

  • Clear breakdown of IAM vs. IAM Identity Center, including when organizations should use each.
  • Practical explanation of SSO benefits and how centralized authentication strengthens security and governance.
  • Deep dive into SCPs and permission boundaries, showing how guardrails and delegated control work in multi-account environments.
  • Hands-on guidance for setting up IAM Access Analyzer, enabling MFA, and performing safe credential rotations.
  • Live demonstration of onboarding a new user into IAM Identity Center and configuring SSO via the AWS CLI.
  • Comprehensive tour of the AWS security lifecycle, covering identity, detection, infrastructure protection, data security, incident response, and application security.

Key Takeaways

  • Identity is the foundation of AWS security, and IAM Identity Center significantly simplifies access management at scale.
  • SCPs and permission boundaries serve different purposes but work together to enforce strong governance across accounts.
  • MFA, continuous access analysis, and proper credential hygiene remain essential for preventing unauthorized access.
  • Detection tools like GuardDuty, CloudTrail, and Security Hub are critical for real-time monitoring and threat visibility.
  • Effective security architecture requires layered defenses, encryption everywhere, and automated remediation workflows.
  • Secure application delivery demands strong CI/CD controls, secret management, and runtime protections.

Event Experience

  • The session delivered a complete walkthrough of AWS’s security model, moving from conceptual principles to hands-on configuration.
  • The security lifecycle overview tied everything together. Seeing how identity, detection, infrastructure protection, data security, and incident response interlock made the material feel coherent rather than a collection of standalone tools.
  • The live demonstration at the end offered a grounded perspective on actual workflows. The flow of theory, architecture, and real-world steps made the entire session feel concrete and applicable, especially for people preparing to manage multi-account environments and enterprise-scale identity structures.

Some event photos

Add your event photos here