AWS Certified Security – Specialty (SCS-C01)


AWS Certified Security – Specialty (SCS-C01)

Authors: Paolo Cruschelli, Danny Jessee, Saravanan Dhandapani, Miguel Saavedra, Michael Brown

This path demonstrates how to efficiently use AWS security services to stay secure in the AWS Cloud. The courses focus on the recommended best practices for securing your data and... Read more

What you will learn

  • Assess the security of your application environment
  • Create controls to restrict access to EC2 instances
  • Apply different methods of securing EC2 instance operating systems
  • Design and implement security monitoring and alerting systems on AWS
  • Understand the options for vulnerability assessments and penetration testing on AWS
  • Apply security best practices to Amazon Virtual Private Cloud (VPC)
  • Understand how to respond to a compromised instance via network isolation
  • Implement an Elastic Load Balancing (ELB) device as a point of protection
  • Protect data in transit using public and private certificates
  • Securely access AWS resources in multiple VPCs and AWS accounts
  • Connect to other AWS services without traversing the Internet
  • Use the different security features provided by Amazon CloudFront
  • Understand common threats pertaining to Denial of Service (DoS)​
  • Understand the different DDoS mitigation strategies on AWS
  • Navigate the logistics of the examination process
  • Understand the exam structure and question types
  • Determine how questions relate to AWS security best practices


The AWS Certified Security – Specialty is intended for individuals who perform a security role with at least two years of hands-on experience securing AWS workloads. The AWS Solutions Architect – Associate exam is recommended before taking the The AWS Certified Security – Specialty exam.

Identity and Access Management

TO NAVIGATE THIS PATH: Our paths follow the same pattern as reading a book in English. Start at the top from the left. Work your way left to right as you work down the page. Left to right and top to bottom. You'll find mixed content modalities with written guides, video content, and practice labs. Some of our certification courses also have a Practice Exam located at the right column of this page. Now let's jump in! Just click on the title of the first learning resource in the top left of the list.

This section will cover how to manage and monitor access on AWS.

Managing and Monitoring Access on AWS

by Paolo Cruschelli

Jun 23, 2020 / 1h 26m

1h 26m

Start Course

Explore the tools and best practices to securely administer access to AWS resources. In this course, Managing and Monitoring Access on AWS, you’ll learn to properly manage AAA (Authentication, Authorization, Accounting) for your AWS environment. You'll take a deep dive into AWS IAM (Identity and Access Management). First, you’ll explore how to securely manage user access to AWS User Interfaces (namely the Dashboard/CLI/API). Next, you’ll discover how to grant users authenticated access to resources by implementing the RBAC strategy. Then, you’ll follow a scenario where external (web or mobile) users need access to AWS resources and you’ll learn how to implement this scenario by means of AWS COGNITO framework. Finally, you’ll learn how to track the activity performed by users on an AWS account for accounting purposes. When you’re finished with this course, you’ll have a thorough theoretical and practical knowledge on AWS IAM tools to properly manage identity and access to AWS resources under a wide number of real-world scenarios.

Table of contents
  1. Course Overview
  2. Securing Access to AWS Accounts
  3. Managing Access to AWS Resources
  4. Managing Authentication and Authorization for External Applications with AWS Cognito
  5. Monitoring Access to AWS Resources

Data Protection

This section will cover how to secure your data and protect your information on AWS.

Securing Data and Secrets on AWS

by Danny Jessee

Jun 5, 2020 / 1h 19m

1h 19m

Start Course

AWS provides several different services that work together to help you protect your sensitive information. In this course, Securing Data and Secrets on AWS, you’ll learn how to leverage these services to implement secure architectures for applications and data storage on AWS. First, you’ll explore best practices for encryption and key management. Next, you’ll discover how to properly secure secrets such as parameters in your application’s source code. Finally, you’ll learn how to protect sensitive data using techniques such as cross-region replication and proactively monitor your data for security issues using Amazon Macie. When you’re finished with this course, you’ll have the skills and knowledge of a security engineer needed to answer questions from the “Data Protection” domain of the AWS Certified Security – Specialty exam.

Table of contents
  1. Course Overview
  2. Encryption and Key Management in AWS
  3. Secure Parameter Storage Using AWS
  4. Data Replication Using AWS Services
  5. Data Protection with Amazon Macie

Infrastructure Security and Monitoring

This section will cover how to secure your application environment and infrastructure. You'll also learn to closely monitor your AWS workloads.

Securing and Monitoring AWS Workloads

by Saravanan Dhandapani

Jun 12, 2020 / 1h 58m

1h 58m

Start Course

AWS has a plethora of services that caters to securing, monitoring, and alerting your environment and infrastructure. In this course, Securing and Monitoring AWS Workloads, you’ll learn to choose the right AWS services for the problem at hand and explore how to monitor and alert security violations and network compliance issues. First, you’ll explore the concept of hardening an AMI and the benefits of using hardened AMI, while launching an EC2 instance, perform security assessments on a hardened AMI using Amazon Inspector. Next, you’ll discover the importance of EC2 key pairs, the do’s and don’ts in managing the key pair, and how to use AWS Systems Manager to maintain a large number of EC2 instances effectively. Then, you will explore AWS Trusted Advisor, the services that are reserved for enterprise customers, and the services that are offered to all customers, and how to find security violations and implement solutions recommended by AWS. Finally, you’ll learn about AWS inspector and AWS Config, the default config rules provided by AWS, build custom rules, build an assessment template and run a security assessment, and check the findings. When you’re finished with this course, you’ll have the skills and knowledge of securing your EC2 instances, your environment, and the infrastructure that it is a part of setup monitoring and alerting solutions needed to build a highly secured AWS cloud application. You will also be prepared to clear your AWS advanced security specialty certification exam.

Table of contents
  1. Course Overview
  2. Securing EC2 Instances Using Hardened AMI
  3. Access Control to EC2 Instances
  4. Application Environment Security
  5. Security Monitoring and Alerting in AWS
  6. Penetration Testing and Security Vulnerability Assessment

Networking and Incident Response

In this section you'll focus primarily on networks and the security issues you need to plan for.

Advanced Network Security on AWS

by Miguel Saavedra

Apr 29, 2020 / 1h 34m

1h 34m

Start Course

There are many different layers where you can introduce network security on AWS. In this course, Advanced Network Security on AWS, you’ll learn the best practices of setting up a secure network on AWS. First, you’ll explore the VPC and the necessary features used and skills required to set up a more secure network. Next, you’ll discover the Elastic Load Balancer’s different security features and how it can be used as a point of protection. Finally, you’ll see how to configure a CloudFront distribution and implement restrictive security controls on CloudFront. When you’re finished with this course, you’ll have the skills and knowledge of AWS services and features needed to implement network security on AWS.

Table of contents
  1. Course Overview
  2. Amazon VPC Security Best Practices
  3. Examples of Amazon VPC Implementations
  4. Implementing Security and Incident Response with the ELB
  5. Using CloudFront Security Features

Demystifying the AWS Certified Security Specialty Exam

by Michael Brown

Jun 24, 2020 / 1h 15m

1h 15m

Start Course

AWS is one of the biggest providers of cloud services today. Most AWS projects include monitoring and logging for security purposes, as well as protecting data stored in AWS with encryption. So, mastering these topics is vital for anyone working in the cloud security field. This course, Demystifying the AWS Certified Security Specialty Exam, looks at the AWS Security Specialty exam and some of the key topics you will need to master before attempting the certification. First, you will navigate the exam booking process and see a breakdown of the exam. Then, you will learn some tips on time management and the best way to approach the exam questions. Finally, you will explore encryption in AWS as well as security logging and monitoring. By the end of this course, you will have detailed knowledge of the AWS certification process, and and understanding of the key areas you need to study before attempting the AWS Security Specialty certification.

Table of contents
  1. Course Overview
  2. Navigating the AWS Certified Specialty Exam
  3. Understanding AWS Certification Exam Structure and Strategies
  4. Understanding Exam Technologies: Encryption and Security Protocols
  5. Understanding Exam Technologies: Monitoring, Logging, and Troubleshooting