Security - Specialty Certification Preparation for AWS

AVG Duration29h


Designed specifically for students looking to gain a deep understanding of AWS security services, including the many different security mechanisms and techniques that AWS offers to secure your infrastructure and data from both internal and external threats and exposures. The AWS Certified Security - Specialty certification allows you to demonstrate and validate your AWS knowledge across security topics such as data protection and encryption, infrastructure security, incident response, identity, and access management, monitoring, and logging. With a blend of instructional courses, hands-on labs, quizzes, and a preparation exam, this Learning Path helps you prepare and master the AWS Certified Security - Specialty exam.  

Benefits of Achieving this Certification

  • Cloud security is crucial to ALL use cases
  • AWS certifications provide a reputable benchmark for AWS partners and practitioners
  • Ensures team members are following security best practices
  • Provides professional progression for team members
  • Contributes to AWS partner certification requirements

Learning Path Agenda

This learning path has been designed to take you through the numerous security services along with the different security features that are available within other AWS services.

It begins with an introduction to the most common security service that is available, Identity & Access Management (IAM). During the first few courses and labs, it looks at access management and identities, both internally and externally, covering different authentication and authorization methods.

Next, it introduces a number of AWS security services related to auditing and compliance some of which are based on Machine Learning, such as Amazon GuardDuty and Amazon Macie. Monitoring and logging are then covered, examining how you can use the different AWS services to monitor and track log data and use it to help you find vulnerabilities.

Next, there are a number of courses and labs that look into encryption and data protection using different services and techniques. Different encryption mechanisms are covered here across a range of common AWS services. Application and Network security are covered next, looking at different services and techniques that can be implemented to help protect your Web Apps along with your VPC infrastructure, again from both internal and external threats.

Finally, there are a number of courses and labs covering security best practices, governance, and risk.

Intended Audience

This learning path is ideal for anyone interested in learning to recognize, explain, and implement solutions to enforce strict security controls across all levels of AWS infrastructure deployments.

Learning Objectives

This learning path will enable you to: 

  • Understand the differences between each of the security services offered by AWS and how they can be used within your environment
  • Select the appropriate level of security based on your deployments and the sensitivity of your data using a variety of services
  • Implement the correct security services and mechanisms to meet business objectives and requirements
  • Understand how to select the most appropriate data protection techniques including encryption mechanisms
  • Implement logging and monitoring solutions to detect and analyze security vulnerabilities and weaknesses within your infrastructure


Prior to taking this Security Specialty certification, you must have passed the AWS Cloud Practitioner certification or ANY of the AWS Associate level certifications.


We welcome all feedback so if you are unsure about where to start or if would like help getting started please direct any comments or questions to us at


07/06/18: Added Lab - Detecting EC2 Threats with Amazon GuardDuty


Added: How to implement & enable logging Across AWS Services (Part 1 of 2) 

Added: How to implement & enable logging Across AWS Services (Part 2 of 2)


Added: Understanding S3 Encryption Mechanisms to secure your data


Your certificate for this learning path

Training Content

Course - Intermediate - 17m
How AWS IAM is Used to Securely Manage Access
This course provides an overview of the AWS Identity & Access Management Service, commonly referred to as IAM, along with its core features.
Course - Intermediate - 25m
Managing User Identities with Long Term Credentials in AWS IAM
This course explains how to manage your user identities when using the AWS Identity and Access Management Service, commonly referred to as IAM.
Course - Intermediate - 35m
Managing Access using IAM User Groups & Roles
This course explores some of the security best practices when using user groups and roles and how these can help you secure access to your resources more effectively.
Course - Intermediate - 37m
Using IAM Policies to Define and Manage Permissions
This course covers how IAM Policies can be used to allow you to grant and restrict access to your resources within your AWS account, as well as the different types of policies and how to interpret a policy.
Hands-on Lab - Beginner - 1h
Introduction to IAM
Learn how to create and manage IAM users, groups and policies to securely control access to AWS services and resources.
Hands-on Lab - Intermediate - 1h 15m
Advanced Roles and Groups Management Using IAM
Learn how to manage our organization using IAM Users and Groups and IAM Roles 
Exam - 35m
Knowledge Check: Overview of AWS Identity and Access Management (IAM)
Knowledge Check: Overview of AWS Identity and Access Management (IAM)
Course - Intermediate - 9m
The Difference Between Authentication, Authorization, and Access Control in AWS
This course explores the differences between authentication, authorization, and access control in order to control access to your cloud resources effectively and with the appropriate level of security.
Course - Intermediate - 30m
Authorization Controls in AWS
This course looks at some of the different methods that AWS implements to authorize access within your AWS account.
Course - Intermediate - 25m
AWS Authentication Mechanisms
In this course, we shall be looking at how AWS provides many different means of authentication.
Course - Intermediate - 10m
Using AWS Identity Federation to Simplify Access at Scale
This course covers AWS Identity Federation including what it is, some of the AWS services that can be involved in federation, and also highlight some scenarios where you might want to implement it.
Course - Intermediate - 16m
AWS Incident Response: Isolating your EC2 instances
This course covers a few strategies for isolating your EC2 instances in response to a security event and explores the pros and cons of those strategies.
Hands-on Lab Challenge - Beginner - 1h
Amazon EC2 Instance Isolation Challenge
Put your Amazon Elastic Compute Cloud skills to the test in this hands-on challenge as you are tasked with isolating a compromised EC2 instance.
Course - Intermediate - 1h 9m
AWS CloudTrail: An Introduction
This course provides an introduction to the AWS CloudTrail service, looking at all its features and components.
Hands-on Lab - Beginner - 1h 15m
Monitoring AWS CloudTrail management events with Amazon CloudWatch Logs
Learn how to integrate AWS CloudTrail with Amazon CloudWatch Logs to monitor AWS management events in this hands-on lab.
Course - Intermediate - 1h 12m
AWS Config: An Introduction
In this course, you'll learn how AWS Config allows you to have visibility of your entire AWS infrastructure from a configuration perspective.
Hands-on Lab - Intermediate - 2h
Compliance Check Using AWS Config Rules (Managed & Custom)
Compliance check using AWS Config Rules: See how AWS Config can enhance your security and compliance with AWS managed rules and custom rules with AWS Lambda
Course - Intermediate - 54m
Amazon Inspector
In this course, you'll learn about Amazon Inspector and its components, as well as watch a demonstration on how to configure it.
Course - Intermediate - 29m
Using AWS Trusted Advisor to Follow and Implement Best Practices
This course looks at how to use AWS Trusted Advisor to implement some best practices and recommendations across your AWS environment with your organization.
Hands-on Lab - Beginner - 1h 10m
Follow Best Practices with AWS Trusted Advisor
Follow best practices with AWS Trusted Advisor auditing your AWS environment and advising you on performance, and security improvements.
Course - Intermediate - 1h 3m
Understanding Amazon GuardDuty
This course explains how to protect your AWS accounts by using the intelligent threat detection service, Amazon GuardDuty.
Hands-on Lab - Beginner - 50m
Detecting EC2 Threats with Amazon GuardDuty
Learn how to use Amazon GuardDuty to automatically uncover malicious EC2 activity and configure threat lists to improve the security of your AWS environments.
Course - Intermediate - 15m
How to Find PHI and Sensitive Data in Your S3 Buckets with Amazon Macie
This course explores the Amazon Macie service and how it helps you keep track of your S3 buckets and warns you about any sensitive data it might find.
Course - Intermediate - 16m
An Overview of Amazon CloudWatch
This course takes a high-level look at Amazon CloudWatch and some of its features and components.
Course - Intermediate - 12m
Building CloudWatch Dashboards
This course is geared towards helping you understand the value of building your own dashboards within CloudWatch, to give you unparalleled visibility into your architecture and dedicated systems.
Course - Advanced - 1h 4m
How to Implement & Enable Logging Across AWS Services (Part 1 of 2)
In this course, you'll learn how to implement logging and monitoring across AWS Services including Amazon CloudWatch, CloudWatch Monitoring Agent, AWS CloudTrail Logs, and Amazon S3 Access Logs.
Course - Advanced - 1h 4m
How to Implement & Enable Logging Across AWS Services (Part 2 of 2)
In this course, you'll learn how to implement logging and monitoring across AWS Services including Amazon CloudWatch, CloudWatch Monitoring Agent, AWS CloudTrail Logs, and Amazon S3 Access Logs.
Hands-on Lab - Beginner - 1h 30m
Monitor Amazon CloudWatch Security Logs for failed SSH attempts
Learn how to use CloudWatch to monitor EC2 instance logs for failed SSH attempts
Course - Intermediate - 1h 10m
How to Use KMS Key Encryption to Protect Your Data
In this course, you will learn the basics of KMS, what it will cost to implement, how to encrypt data, and more...
Course - Intermediate - 15m
How to Share KMS Keys Across Multiple Accounts Using AWS KMS
This course shows how to use the Key Management Service for encryption across multiple AWS accounts.
Course - Advanced - 12m
Understanding S3 Encryption Mechanisms to Secure your Data
In this course, you'll learn about the S3 encryption and decryption process for S3 Managed Keys, KMS Managed Keys, and Customer Provided Keys.
Hands-on Lab - Intermediate - 2h
Using Amazon Key Management Service to Encrypt S3 and EBS Data
In this lab, you'll learn about Amazon Key Management Service to encrypt S3 and EBS Data at an intermediate level. Get started today!
Hands-on Lab - Beginner - 1h
Configuring access to AWS KMS keys
Learn how to allow and restrict access to AWS KMS keys using key policies and grants in this hands-on lab.
Course - Intermediate - 13m
Sharing Secrets Between Multiple Accounts Using AWS Secrets Manager
This course explains how to share secrets between different AWS accounts through the use of resource-based policies and AWS Secrets Manager.
Course - Intermediate - 33m
Manage Your Own Encryption Keys Using AWS CloudHSM
This course gets you started with AWS CloudHSM by giving you an overview of the basics of the service, what it is, and its use cases.
Course - Intermediate - 55m
AWS Encryption for Data Analytics
This course looks at how to secure your big data within AWS by implementing different data encryption options.
Course - Beginner - 1h 17m
Protecting Web Apps with AWS WAF, Shield & Firewall Manager
This course takes an in-depth look at AWS Web Application Firewall Service (WAF), AWS Firewall Manager and AWS Shield.
Course - Advanced - 1h 19m
AWS Virtual Private Cloud: Subnets and Routing
This course looks at how to design your AWS Virtual Private Cloud through the use of different VPC Subnet and Routing configurations.
Hands-on Lab - Beginner - 2h 35m
Securing your VPC using Public and Private Subnets
Learn how to increment the network security creating a public and private subnet on VPC and filter traffic using network ACL
Course - Intermediate - 56m
AWS Security Best Practices: Abstract and Container Services
This course discusses the responsibility between AWS and the customer when architecting both abstract and container services
Hands-on Lab - Beginner - 1h
Using S3 Bucket Policies and Conditions to Restrict Specific Permissions
You will learn the steps to create and apply AWS S3 Bucket Policies with embedded conditions to restrict a user's ability to perform specific functions within S3 Buckets.  
Hands-on Lab - Beginner - 1h 20m
Query Encrypted Amazon S3 Data with Amazon Athena
Use Amazon Athena to query encrypted data on S3 and encrypt the query results in this hands-on real-environment lab.
Hands-on Lab Challenge - Advanced - 1h 15m
Code Red: Repair an AWS Environment with a Linux Bastion Host
In this lab, you will be assessing your ability to troubleshoot AWS networking and security issues in a production-like environment.
Exam - 2h
Cert Prep: AWS Security Specialty Certification
Cert Prep: AWS Security Specialty Certification
About the Author
Learning paths174

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.