Percent of Exam 20%
Domain Focus Areas
- Design information security management systems and compliance controls
- Design security controls with the AWS shared responsibility model and global infrastructure
- Design identity and access management controls
- Design protection of Data at Rest controls
- Design protection of Data in Flight and Network Perimeter controls
AWS Services
- IAM
- STS
- Monitoring
- CloudHSM
- DDoS
- IDS and IPS on AWS
Online Training
- Amazon Web Services Security Fundamentals
- https://aws.amazon.com/training/course-descriptions/security-fundamentals/
AWS Documentation
- Introduction to AWS Security
- https://d0.awsstatic.com/whitepapers/Security/Intro_to_AWS_Security.pdf
- Overview of Security Processes
- https://d0.awsstatic.com/whitepapers/Security/AWS%20Security%20Whitepaper.pdf
- AWS Risk and Compliance
- https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf
- AWS DDoS Whitepaper
- https://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf
- Single Sign-On: Integrating AWS, OpenLDAP, and Shibboleth
- https://d0.awsstatic.com/whitepapers/aws-whitepaper-single-sign-on-integrating-aws-open-ldap-and-shibboleth.pdf
- Securing Data at Rest with Encryption
- https://d0.awsstatic.com/whitepapers/AWS_Securing_Data_at_Rest_with_Encryption.pdf
- Security at Scale: Logging in AWS
- https://d0.awsstatic.com/whitepapers/compliance/AWS_Security_at_Scale_Logging_in_AWS_Whitepaper.pdf
- Identity Providers and Federation
- http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers.html
- IAM FAQ
- https://aws.amazon.com/iam/faqs/
- CloudHSM FAQ
- https://aws.amazon.com/cloudhsm/faqs/
- KMS FAQ
- https://aws.amazon.com/kms/faqs/
- CloudWatch FAQ
- https://aws.amazon.com/cloudwatch/faqs/
- Config FAQ
- https://aws.amazon.com/config/faq/
AWS Presentations
- Understanding The AWS Security Model
- https://youtu.be/yVWHNJel7Qs
- Getting Started with AWS Identity and Access Management
- https://youtu.be/suOObEz_2Fc
- IAM Best Practices to Live By
- https://youtu.be/_wiGpBQGCjU
- How to Become an IAM Policy Ninja in 60 Minutes or Less
- https://youtu.be/Du478i9O_mc
- Mastering Access Control Policies
- https://youtu.be/0WI5sirOvco
- Security Best Practices
- https://youtu.be/rXPyGDWKHIo
- Advanced Security Best Practices Masterclass
- https://youtu.be/zU1x5SfKEzs
- Architecting for Greater Security on AWS
- https://youtu.be/DykPS2gvDeo
- Defending Against DDoS Attacks
- https://youtu.be/Ys0gG1koqJA
- Practical Steps to Hack-Proofing AWS
- https://youtu.be/NL3sDn92NuU
- Architecting for End-to-End Security in the Enterprise
- https://youtu.be/nqaL5zJqFuo
- Log, Monitor and Analyze your IT with Amazon CloudWatch
- https://youtu.be/ZaOR-ybLJF0
- Mobile Identity Management & Data Sync Using Amazon Cognito
- https://youtu.be/jX6pEWf344I
- Reliable Design and Deployment of Security and Compliance
- https://youtu.be/KtMANvC7_n8
- Strategies for Protecting Data Using Encryption in AWS
- https://youtu.be/On9NoUwj-Os
- Encryption and Key Management in AWS
- https://youtu.be/bqIYI3mDsd4
- Secure Applications with AWS Key Management Service
- https://youtu.be/0kWpm1FyG_Q
- Encryption Key Storage with AWS KMS at Okta
- https://youtu.be/pi4HTSrmzis
- Intrusion Detection in the Cloud
- https://youtu.be/WUQNeMhkaco
- Incident Response in the Cloud
- https://youtu.be/nzSrRvADh6g
3rd Party Docs
3rd Party Presentations
Next Amazon Web Services Certified Solutions Architect – Professional Study Guide section