
This video will give you an overview about the course.
Know what the benefits of the AWS certification are.
• Understand benefits of any certification
• Know the benefits of this certification
• Know the benefits for your company as an AWS Partner
Understand the Shared Responsibility Module: split of responsibilities between AWS and their customers.
• Overview of the model
• Know about AWS responsibility
• Learn about customer responsibility
High level view of the AWS security.
• Learn AWS’s own security and compliance
• Look how can you use AWS Config and CloudTrail to gain visibility
• Explore the control over data with AWS KMS or CloudHSM
Learn what are the 3 steps you need to do in a newly created AWS account.
• Enable Multi-Factor Authentication
• Enable CloudTrail
• Use KMS users and roles onwards in their day to day operations
Know the security considerations when using EC2 keypairs.
• Understand why EC2 keypairs are important
• Create a new or import an existing keypair
• Delete a keypair and revoke the access
Know about the virtualization and isolation considerations in AWS EC2.
• Explore different types of hypervisors in EC2
• Learn isolation in EC2
• Know the difference between EC2 Dedicated Hosts and Dedicated Instances
Understand what you can do with the AWS Secrets Manager.
• Know what AWS Secrets Manager is
• Learn the ways of using AWS Secrets Manager
• Know the difference between AWS Secrets Manager and AWS Systems Manager Parameter Store
Simplify applications and daily operations by taking advantage of the AWS Systems Manager Parameter Store and Run Command features.
• Learn what AWS Systems Manager is
• Explore about the AWS Systems Manager Parameter Store
• Learn about the AWS Systems Manager Run Command
Learn about isolation and network protection instances and other resources.
• Understand what a VPC is
• Know about public and private subnets
• Explore the difference between NACLS and Security Groups
Explore different connectivity options for VPCs.
• Get an overview and summary of different options
• Know the difference between NAT Gateway and NAT Instance
• Explore the difference between VPN Gateway and Direct Connect
Be aware of the AWS Marketplace Security offering.
• Get a general introduction to AWS Marketplace security
• Know about IDS / Network Packet Inspection
• Learn about penetration test
Get an overview of logging options in AWS and how to put CloudWatch into use.
• Get an overview for different logging options in AWS
• Know what CloudWatch is
• Use CloudWatch for centralized logging
Audit AWS user activity and API usage using CloudTrail.
• Get an introduction to CloudTrail
• Know what information does CloudTrail provide
• Difference between CloudTrail and other AWS logging services
Explore Athena to make the most of your logs.
• Get a general introduction to Athena
• Know what can Athena be used with
• Use Athena to query logs
Use AWS Inspector to automate security assessments.
• Get introduced to AWS Inspector
• Know what information AWS Inspector provides
• Use AWS Inspector for security assessments
Enable threat detection features and capabilities on your AWS data.
• Introduce to AWS GuardDuty
• Know what AWS GuardDuty could help you with
• Know how to use AWS GuardDuty
Explore AWS Trusted Advisor.
• Get a general introduction to AWS Trusted Advisor
• Explore what can Trusted Advisor be used for
• Know how does Trusted Advisor work in practice
Use AWS Identity and Access Management.
• Introduce to AWS IAM
• Get a high-level view over different entities and policies
• Explore the concept of users and groups
Explore AWS IAM in-depth with the concept of roles and understanding the different policy types.
• Get an overview of AWS IAM entities and policies
• Explore what purpose are AWS IAM roles for
• Understand the different types of policies
Get a general introduction to AWS Organizations and Service Control Policies.
• Get a general introduction to AWS organizations
• Know what AWS Organizations can be used for
• Understand the concept of Service Control Policies
Enable MS Active Directory Federation with AWS.
• Introduce the concept of AD Federation and its advantages
• Explain the different components and terminology involved
• Get a high-level overview on how it works
Explore AWS Cognito and Web Identity Federation.
• Get a general introduction to AWS Cognito
• Understand Cognito User and Identity Pools
• Know how it works in practice
Introduction and security considerations of the AWS Key Management Service.
• Get introduced to AWS KMS
• Explore how to use KMS
• Understand how key rotation works
Get a hands-on demonstration about KMS.
• Explore KMS
• Create a customer-managed CMK
• Use the newly created CMK in AWS S3
Leverage the usage of AWS S3 Bucket Policies and Pre-signed URLs to restrict and share data.
• Know what AWS S3 Bucket Policies are
• Understand conflict between AWS S3 Bucket Policies and IAM Policies
• Explore how to use AWS S3 pre-signed URLs
Get a general introduction to AWS Glacier and the Vault Lock Policy feature.
• Know what AWS Glacier is
• Explore what the AWS Glacier Vault Lock Policies are
• Know how the Vault Lock Policies work
Explore AWS CloudFront and how to secure an S3 Origin.
• Introduce to AWS CloudFront
• Secure an S3 Origin in CloudFront
• Understand the TLS/SSL certificate options with CloudFront
Get a general introduction to AWS Certificate Manager.
• Introduce to AWS Certificate Manager
• Explore the Benefits and Limitations of using AWS Certificate Manager
• Know the ACM Certificate creation process
Understand the different security considerations and features of the AWS Elastic Load Balancers.
• Introduce to AWS Elastic Load Balancers
• Know about security policy of HTTPS Listeners
• Understand the TLS/SSL termination Options
Understand what a DDoS attack is and how to mitigate it using AWS services.
• Know what a DDoS attack is
• Learn how DDoS are mitigated
• Explore the AWS technologies that can help you mitigate a DDoS attack
Explore AWS WAF and Shield to protect against DDoS attacks.
• Explore what AWS WAF is
• Know what AWS Shield and Shield Advance is
• Know how WAF and Shield Works
Understand the throttling and caching features of API Gateway.
• Get an overview on AWS API Gateway
• Understand the API Gateway Throttling feature
• Understand the API Gateway Caching feature
Get a general introduction to AWS Macie and Artifact and their role in compliance management.
• Explore what AWS Macie is
• Know what AWS Artifact is
• Understand how Macie and Artifact helps with compliance
The AWS Certified Security – Specialty certification gives AWS architects not only essential know-how, but also a strong foundation on which to build security into AWS architectures at every level. This course will teach you to apply security at all AWS layers, including encrypting and protecting data at rest and in transit and how to prepare for (and respond to) security events.
In this course, you'll learn how to secure your data and your AWS services/resources at multiple levels using a defense-in-depth approach. You'll learn how to protect your AWS credentials and resources using Identity and Access Management. You'll capture and analyze logs using CloudTrail, CloudWatch, and Athena. Finally, you'll learn how to implement network and instance security, encrypt data at rest and in transit and set up data backup, replication, and recovery.
By the end of this course, you'll be ready to control access to your AWS resources granularly. You will develop the skills to ace the exam for the Security Solutions certification.
If you're a cloud professional wanting to ace the AWS Certified Security – Specialty certification, or a cloud professional looking to build security layers into every AWS deployment to protect data at rest and in transit, then this course will be your go-to resource to achieve success.
About the Author
Bruno Almeida is a Principal Architect & Technology Advisor. He is based in Helsinki (Finland) and works in areas such as cloud, security, DevOps, AI, and data engineering.
As a consultant, Bruno helps businesses of all sizes and in various industries unlock their potential using cloud technologies. Having worked in the cybersecurity industry himself for over 7 years, he knows well the value and importance of good security practices in DevOps and public clouds.
Throughout his career, he has worked in a wide range of positions from senior management to deeply technical roles. Bruno is passionate about culture and digital transformation and has been involved in several projects from both the human (leadership, coaching, mentoring) and technical (cloud, DevOps, AI) perspectives.