Edward's AWS Certified Security Specialty Course (SCS-C02)

Name: Edward's AWS Certified Security Specialty Course (SCS-C02)
Rating: 4.8 (24 reviews)

AWS Security Certification Course from someone with years of AWS experience. Covers CloudTrail, GuardDuty, ControlTower!

Created byEdward Viaene

Last updated 12/2024

English

What you'll learn

Learn about the security capabilities of AWS
AWS Threat Detection and Incident Response
AWS Security Logging and Monitoring
AWS Infrastructure Security
AWS Identity and Access Management
AWS Data Protection
AWS Management and Security Governance

Course content

8 sections • 60 lectures • 7h 37m total length

Course introduction2:20

Amazon GuardDuty12:28
Remediating Findings: Compromised EC2 Instance8:23
Remediating Findings: Compromised AWS IAM User Credentials4:57
Remediating Findings: Compromised AWS IAM Roles9:45
Remediating Findings: Compromised S3 Bucket12:32
Remediating Findings: Compromised S3 Object5:29
Remediating Findings: Compromised Containers (ECS, Docker on EC2, and EKS)11:36
Remediate compromised containers across ECS, Docker on EC2, and EKS by isolating tasks and updating images. Review Kubernetes config map, service accounts, and rotate access keys; redeploy with CI/CD.
AWS Config7:47
AWS Security Hub7:01
AWS Inspector6:48
AWS Detective5:22
IAM Access Analyzer9:29
AWS Systems Manager (SSM) Automations and Automatic EC2 Patching23:25

CloudWatch Alarms13:19
Learn to set up a CloudWatch alarm for low disk space using the CloudWatch agent and System Manager automation to safely halt batch processing when space runs low.
Introduction to CloudWatch Logs1:33
Discover how CloudWatch Logs organize data into log groups and streams, view storage size, and access log data, highlighting the centralized logging approach used by AWS services and applications.
CloudWatch Logs and IAM Permission Debugging12:03
VPC Flow Logs8:21
DNS Resolver Logs6:00
Explore dns resolver logs in Amazon Route 53, including resolver query logging and log destinations such as CloudWatch, s3, or kinesis, and how caching affects log records.
Querying CloudTrail with Amazon Athena14:31
CloudWatch Logs Insights6:42

Security Features on Edge Services (Introduction)6:38
Application Load Balancer12:52
Amazon CloudFront with Application Load Balancer7:15
Allowing only CloudFront traffic in the Application Load Balancer5:06
Block direct user access to the load balancer and permit only CloudFront by using a secret header in CloudFront origins and a routing rule with a default 403 response.
The AWS Web Application Firewall (WAF)7:34
WAF: Geographic Match Rules3:37
WAF Logging2:52
WAF Rate Limiting3:26
Learn to configure rate limiting in a web application firewall with a rate-based rule that caps requests at ten per minute by source ip or api key, with debugging logs.
AWS Network Firewall7:05
VPC Endpoints13:53
VPC Peering with the Transit Gateway8:02
Explore how to connect VPCs using a Transit Gateway, compare with VPC peering, and learn to attach VPCs, update route tables, and test cross-VPC connectivity at scale.
Transit Gateway testing using the VPC Reachability Analyzer16:59

AWS IAM Identity Center7:08
Introduction to Amazon Cognito4:20
Amazon Cognito setup with Web App9:54
Learn to set up an Amazon Cognito user pool for web app authentication, obtaining access and id tokens, and retrieving temporary AWS credentials.
Amazon Cognito With Identity Pool13:57
Introduction to IAM Roles3:09
IAM Trust Policies10:17
IAM Permissions (Policies)5:57
IAM Policy Simulator3:10
IAM Permission Boundaries6:45
Least Privilege Principle - IAM Access Advisor1:41
Identity vs Resource based policies3:41

S3 - Block Public Access1:35
Block public access in S3 to prevent public bucket access, protecting data from breaches. For new accounts, enable account-wide block; if public objects are needed, use an alternative method.
S3 - Force On The Wire Encryption1:56
S3 - At Rest Encryption11:48
RDS - Private RDS with encryption at rest6:02
RDS - Enforce on the wire encryption7:46
Learn to enforce TLS for Amazon RDS MySQL by using a CA bundle, installing the MySQL client, and configuring parameter groups to require secure transport and verify identity.
Port Forwarding RDS with the AWS SSM Session Manager6:08
EC2 EBS Volume at rest encryption9:30
Enable default EBS encryption for new EC2 volumes with a customer-managed KMS key to secure boot and data volumes, and understand data keys and decrypt workflows.
AWS KMS Key Policies6:24
TLS using the AWS Certificate Manager10:04

Introduction to multiple AWS Accounts (AWS Organizations)5:02
Adopt a multi-account strategy to separate production and staging, minimize blast radius, and control cross-account access with IAM across AWS Organizations.
Creating an AWS Organization4:50
Create an AWS organization with a management account, invite subaccounts, and implement IAM Identity Center for cross-account access and centralized account management.
AWS Control Tower: Introduction and initial setup8:10
Set up and govern an Atlas multi-account AWS environment with Control Tower, enforcing guardrails and CloudTrail across accounts. Configure landing zones, organizational units, account factory, and IAM Identity Center.
Service Control Policies (SCPs)4:29
Service control policies act as guardrails that limit permissions across member accounts, deny tampering with control tower resources, and enforce regional and service-level restrictions.
AWS Control Tower: Deep Dive15:15
Sharing Resources with the AWS Resource Access Manager (RAM)2:38

Requirements

AWS experience required: this is an advanced course
Basic IT Security concepts required
Ideally 1 or more associate certificates to have basic knowledge about the common AWS services

Description

If you're looking to prepare for the AWS Certified Security Specialty exam, look no further! I took the exam earlier and passed it without any preparation. This is because of my years of security experience and working with AWS since 2015.

In this course, I want to share my knowledge about security and AWS to help you understand how to manage security in AWS. I don't use slides with bullet points but rather try to explain the why, not only the how. This should make it easier for you to retain the knowledge and, with some extra studying, pass the exam! The course contains many demos showing me how to use AWS security services, and how they work together.

In the last 8 years, I have been publishing courses to Udemy in Cloud & DevOps technologies I'm very familiar with, using them on a day-to-day basis. This course is no different. Have a look at the preview lectures to see if you like my teaching style. Enroll in my course, and you can contact me through the Q&A or direct message. Up to now, I have personally answered every single question asked to me on Udemy!

See you in the course!

Who this course is for:

Anyone who wants to take the AWS Security Specialty exam
Any AWS practitioner who wants to learn more about security on AWS

Edward's AWS Certified Security Specialty Course (SCS-C02)

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 2min

Domain 1: Threat Detection and Incident Response13 lectures • 2hr 5min

Domain 2: Security Logging and Monitoring7 lectures • 1hr 2min

Domain 3: Infrastructure Security12 lectures • 1hr 35min

Domain 4: Identity and Access Management11 lectures • 1hr 10min

Domain 5: Data Protection9 lectures • 1hr 1min

Domain 6: Management And Security Governance6 lectures • 40min

The end!1 lecture • 1min

Requirements

Description

Who this course is for: