Designed specifically for students looking to gain a deep understanding of AWS security services, including the many different security mechanisms and techniques that AWS offers to secure your infrastructure and data from both internal and external threats and exposures. The AWS Certified Security - Specialty certification allows you to demonstrate and validate your AWS knowledge across security topics such as data protection and encryption, infrastructure security, incident response, identity and access management, monitoring and logging. With a blend of instructional courses, hands on labs, quizzes and a preparation exam, this Learning Path helps you prepare and master the AWS Certified Security - Specialty exam.
Benefits of achieving this certification
- Cloud Security is crucial to ALL use cases
- AWS certifications provide a reputable benchmark for AWS partners and practitioners
- Ensures team members are following security best practices
- Provides professional progression for team members
- Contributes to AWS partner certification requirements
This learning path is ideal for anyone interested in learning to recognize, explain, and implement solutions to enforce strict security controls across all levels of AWS infrastructure deployments.
This learning path will enable you to:
- Understand the differences between each of the security services offered by AWS and how they can be used within your environment
- Select the appropriate level of security based on your deployments and the sensitivity of your data using a variety of services
- Implement the correct security services and mechanisms to meet business objectives and requirements
- Understand how to select the most appropriate data protection techniques including encryption mechanisms
- Implement logging and monitoring solutions to detect and analyze security vulnerabilities and weaknesses within your infrastructure
This learning path has been designed to take you through the numerous security services along with the different security features that are available within other AWS services.
It begins with an introduction to the most common security service that is available, Identity & Access Management (IAM). During the first few courses and labs it looks at access management and identities, both internally and externally, covering different authentication and authorization methods.
Next it introduces a number of AWS security services related to auditing and compliance some of which are based on Machine Learning, such as Amazon GuardDuty and Amazon Macie.
Monitoring and logging is then covered, examining how you can use the different AWS services to monitor and track log data and use it to help you find vulnerabilities.
Next there are a number of courses and labs that look into encryption and data protection using different services and techniques. Different encryption mechanisms are covered here across a range of common AWS services.
Application and Network security is covered next, looking at different services and techniques that can be implemented to help protect your Web Apps along with your VPC infrastructure, again from both internal and external threats.
Finally there are a number of courses and labs covering security best practices, governance, and risk.
Over 31 hours of high definition video, 11 hands on labs, and a final preparation exam.
Prior to taking this Security Specialty certification you must have passed the AWS Practitioner certification or ANY of the AWS Associate level certifications
We welcome all feedback so if you are unsure about where to start or if would like help getting started please direct any comments or questions to us at firstname.lastname@example.org
07/06/18: Added Lab - Detecting EC2 Threats with Amazon GuardDuty
Added: How to implement & enable logging Across AWS Services (Part 1 of 2)
Added: How to implement & enable logging Across AWS Services (Part 2 of 2)
Added: Understanding S3 Encryption Mechanisms to secure your data
Learning Path Steps
This course looks at one of the key Security services within AWS, Identity & Access Management, commonly referred to IAM. This service manages identities and their permissions that are able to access your AWS resources and so understanding how this service ...
Learn how to create and manage IAM users, groups and policies to securely control access to AWS services and resources.
Learn how to manage our organization using IAM Users and Groups and IAM Roles
Knowledge Check: Overview of AWS Identity and Access Management (IAM)
Cloud Security is a huge topic, mainly because it has so many different areas of focus. This course focuses on three areas that are fundamental, AWS Authentication, Authorisation and Accounting. These three topics can all be linked together and having an u...
Authentication, Authorization & Accounting
Course Description: AWS Identity Federation is the concept of using external authorization sources to permit access to AWS Console and AWS Resources. Identity Federation comes is multiple levels that enables the use of existing directories or SAML to ensur...
Any information that helps to secure your Cloud infrastructure is of significant use to security engineers and architects, with AWS CloudTrail you have the ability to capture all AWS API calls made by users and/or services. Whenever an API request is made ...
AWS CloudTrail Intermediate
Learn how to configure and use AWS CloudTrail and CloudWatch in cooperation with each other to monitor AWS infrastructure and services. Whenever an Instance is stopped or terminated and alarm will trigger (using AWS SNS) and deliver an email notification to...
With the ever-changing nature of Cloud Computing in AWS, through the use of Auto Scaling, and self-healing architecture mechanisms, having visibility and awareness of your AWS resources is invaluable. It can be difficult to understand what your resources wi...
AWS Config Intermediate
Compliance check using AWS Config Rules: See how AWS Config can enhance your security and compliance with AWS managed rules and custom rules with AWS Lambda
With the ever increasing threats of attacks against the integrity, confidentiality, and availability of your data within your organization, the need to ensure strict security procedures and processes is paramount and learn how to use Amazon Inspector is key...
Course Description: Trying to ensure that your AWS infrastructure remains optimized at all times can be a daunting task. By the very nature of AWS, your infrastructure is likely to be very fluid with the different resources used across your entire AWS acc...
Follow best practices with AWS Trusted Advisor auditing your AWS environment and advising you on performance, and security improvements.
Course Description During AWS re:Invent 2017, AWS launched their 11th security service in the on-going drive to help its customers protect and secure their applications, environments, and accounts. This service was Amazon GuardDuty, a regionally based, int...
Learn how to use Amazon GuardDuty to automatically uncover malicious EC2 activity and configure threat lists to improve the security of your AWS environments.
Course Description Amazon Macie was launched in the summer of 2017, much to the delight of cloud security engineers. Amazon Macie is a powerful security and compliance service that provides an automatic method to detect, identify, and classify data within ...
Course Description: CloudWatch is a monitoring service for cloud resources in the applications you run on Amazon Web Services. CloudWatch can collect metrics, set and manage alarms, and automatically react to changes in your AWS resources. Amazon Web Servi...
Course Description This course is part 1 of a 2 part course series which focuses on a number of key AWS services and how they perform logging and monitoring across your environment. Being able to monitor data provides a number of key benefits to your or...
Course Description This course is part 2 of a 2 part course series which focuses on a number of key AWS services and how they perform logging and monitoring across your environment. Being able to monitor data provides a number of key benefits to your or...
Monitor Amazon CloudWatch Security Logs for failed SSH attempts
Learn how to use CloudWatch to monitor EC2 instance logs for failed SSH attempts
Modern AWS cloud deployments are increasingly distributed systems, comprising of many different components and services interacting with each other to deliver software. In order to ensure quality delivery, companies and DevOps teams need more sophisticated ...
Course Description Unencrypted data can be read and seen by anyone who has access to it, and data stored at-rest or sent between two locations, in-transit, is known as ‘plaintext’ or ‘cleartext’ data. The data is plain to see and can be seen and under...
AWS Key Management Service (KMS) Intermediate
Course Description We have all seen in the media numerous occurrences whereby large international organizations have had their data exposed and leaked that had been stored on S3. Any sensitive data stored in the cloud MUST be encrypted, and when stori...
In this lab, you'll learn about Amazon Key Management Service to encrypt S3 and EBS Data at an intermediate level. Get started today!
Course Description: AWS CloudHSM is the name of Amazon’s original encryption key solution. HSM stands for Hardware Security Module and in the solution provided by AWS is a Safenet Luna appliance hosted at AWS. The appliance is single tenant and exclusive t...
Resources mentioned throughout this course: Cloud Academy Courses: Amazon Web Services: Key Management Services (KMS) Working with Amazon Kinesis Getting started with AWS CloudHSM AWS Resources: Configuring HDFS Transparent Encryption in Amazon ...
Explore the 3 AWS services, designed to help protect your web applications from external malicious activity, with this course. Once getting started, this course will delve into depth on all three services, comprised of AWS Web Application Firewall Service (...
Description Creating and configuring a Virtual Private Cloud (VPC) within AWS can be a simple or difficult process. It all very much depends on the complexity of your requirements. For example, how many subnets and hosts will you require? will you be using...
Learn how to increment the network security creating a public and private subnet on VPC and filter traffic using network ACL
When implementing different AWS services and architecting them within your environments, whether it be production, test or dev, do you know your security responsibilities for these services? It is very likely that you are using services from three differen...
Using S3 Bucket Policies and Conditions to Restrict Specific Permissions
You will learn the steps to create and apply AWS S3 Bucket Policies with embedded conditions to restrict a user's ability to perform specific functions within S3 Buckets.
Use Amazon Athena to query encrypted data on S3 and encrypt the query results as well.
In the last decade the nature and complexity of security attacks have increased tremendously. From simple attacks, which focused on hacking exposed web pages; we have evolved to stealthy attacks, which focus on the hacker staying hidden for years on end ins...
Cloud Governance, Risk and Compliance Intermediate
Course Description: In this course we will discuss the fundamentals of Intrusion Detection and Prevention on Amazon Web Services. We will explore the difference between IDS and IPS, and the difference between host-based Intrusion Prevention, and Network ba...
Code Red: Repair an AWS Environment with a Linux Bastion Host
When running applications in the cloud, enterprises keep security a top priority. In this Laboratory you will be assessing your ability to troubleshoot AWS networking and security issues in a production-like environment. Putting your skills to the test, yo...
Preparation Exam: AWS Security Specialty Certification
Added the performance-based Lab assessment - Code Red: Repair an AWS Environment with a Linux Bastion Host
About the Author
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 50+ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.