Quest: Protect Data at Rest


  • Ben Potter, Security Lead, Well-Architected

About this Guide

This guide will help you improve your security in the AWS Well-Architected area of Data Protection. The skills you learn will help you secure your workloads in alignment with the AWS Well-Architected Framework.


  • An AWS account that you are able to use for testing, that is not used for production or other purposes. NOTE: You will be billed for any applicable AWS resources used if you complete this lab that are not covered in the AWS Free Tier.

Create a Data Bunker Account


In this lab we will create a secure data bunker. A data bunker is a secure account which will hold important security data in a secure location. Ensure that only members of your security team have access to this account. In this lab we will create a new security account, create a secure S3 bucket in that account and then turn on CloudTrail for our organisation tp send these logs to th bucket in the secure data account. You may want to also think about what other data you need in there such as secure backups.

Start the Lab!

Further Learning


Licensed under the Apache 2.0 and MITnoAttr License.

Copyright 2019, Inc. or its affiliates. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at

or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.