- < All Training
- < aws
AWS Certified Security – Specialty Online Training
Bart Castle
- 3524124
- Course info
- Course resources
AWS Certified Security – Specialty Online Training
In this AWS Security training, Bart Castle covers the objectives in the SCS-C01 exam, which is the one exam required to earn the AWS Certified Security – Specialty certification.
AWS specialty certifications mark you as a true expert in your field. They’re the pinnacle of the AWS certification program, and validate expert knowledge in a narrow AWS topic area. By the end of this AWS training, you'll be ready to attempt the AWS security exam — and validate expert-level experience with data security, access management, security controls, compliance, and governance. That means you’ll be ready for anything malicious actors (or your users) throw at you.
For supervisors, this AWS Security training can be used for AWS Certified Security – Specialty SCS-C01 exam prep, on-boarding new security engineers, or even AWS migration training.
AWS Certified Security – Specialty: What You Need to Know
This AWS Certified Security training goes step-by-step through the AWS Certified Security – Specialty exam objectives, and covers topics such as:
- Configure authentication and authorization for resources and services
- Secure data at rest and in transit
- Manage risk, value, and cost
- Secure networks and hosts
- Use Amazon Inspector to run security scans
- Monitor with AWS CloudWatch
- Design, plan, and evaluate various security logging solutions
Who Should Take AWS Certified Security – Specialty Training?
This AWS Security training is considered specialist-level AWS training, which means it was designed for security engineers with at least five years of experience. This AWS Certified Security – Specialty course will validate the extensive experience most AWS security engineers have with access management, encryption, and edge security.
Experienced security engineers. Given the size of this AWS security course, it’s obvious AWS has plenty of tools to keep your AWS cloud safe. From IAM roles to S3 server-side encryption, this AWS security training covers all aspects of maintaining network security. With years of experience doing network security administration, you’ll be opening yourself up to positions in senior security management and administration.
Skills You'll Learn in this Course
Manage Access to AWS Resources
Learning Intent
Join Bart Castle as he teaches you how to design and configure basic access management solutions by using AWS authentication and authorization components. Learn how to delegate permissions by using IAM roles, how to implement dynamic security policy statements by using IAM conditions and variables, and how to work with managed and inline security policies in the management console. Gain an understanding of users, groups, roles, security policies, Amazon Resource Names (ARNs), and the three main resources you can use to administer AWS resources: the management console, command line, and system developer kit.Skill outline
- Authorization and Authentication at AWS7 min
- Management Interfaces at AWS7 min
- Permissions Delegation with Roles8 min
- Evaluating Permissions at AWS7 min
- Security Policy Types and Elements9 min
- Amazon Resource Names8 min
- Using Dynamic Security Policy Conditions and Variables8 min
- Managing Permissions with the Management Console8 min
- Managing Permissions on the Command Line9 min
Plan for Advanced Auth Patterns at AWS
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Demonstrating Multi-Factor Authentication4 min
- Identity Federation: Basics5 min
- Identity Federation: SSO7 min
- Identity Federation: Active Directory6 min
Work with IAM Security Policies
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Security Policy Types and Elements6 min
- IAM Policies: Managed vs. Inline Policies and Delegation6 min
- IAM Policies: Editing6 min
- IAM Policies: Creating7 min
- IAM Policies: Advanced Not Elements6 min
Plan for AWS Account Management
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Global Infrastructure7 min
- Multiple Accounts5 min
- Organizations5 min
- Shared Responsibilities7 min
- Trusted Advisor6 min
- Service Limits5 min
- APIs and Endpoints4 min
- CloudTrail API Logging6 min
- Demonstrating CloudTrail11 min
Plan for Governance Monitoring at AWS
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Cloud Governance: Change and Value6 min
- Cloud Governance: Resources6 min
- GuardDuty: Continuous Monitoring4 min
- GuardDuty: Setup8 min
Configuration and Audit Management
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Using Artifact for Compliance Reports5 min
- AWS Config: Overview6 min
- AWS Config: Setup7 min
- AWS Config: Rules6 min
- AWS Config: Configuring Rules Aggregation6 min
- Working with Resources: Management Console5 min
- Working with Resources: CLI7 min
- PCI DSS Quickstart8 min
Plan for Deployment Management
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Deployment Management: Overview4 min
- Deployment Management: EC25 min
- Deployment Management: CloudFormation6 min
- Deployment Management: OpsWorks6 min
- Deployment Management: Elastic Beanstalk5 min
Implement an AWS Service Catalog
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Abstraction and Integration7 min
- Service Catalog: Overview4 min
- Service Catalog: Authorization5 min
- Service Catalog: Configuring a Portfolio3 min
- Service Catalog: Configuring Products6 min
- Service Catalog: Demonstration6 min
Automate Cost Management
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Cost Management Options8 min
- Enabling IAM Billing Management4 min
- Configuring Consolidated Billing8 min
- Setting up a Billing Alert7 min
- Automating Budget Enforcement4 min
- Budget Alert Notification6 min
- Lambda Launch-Constraint Reaction7 min
- Testing the Constraint Control5 min
- Lambda Terminate Reaction4 min
- Testing the Terminate Control4 min
Work with Cost and Usage Reports
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Cost and Usage: Setting Up Reports7 min
- Cost and Usage: Deploying an Analysis Solution6 min
- Cost and Usage: Preparing the Report Data for Analysis5 min
- Cost and Usage Dashboard: Connecting Quicksight to Athena5 min
- Cost and Usage Dashboard: Configuring Widgets7 min
Plan for Data Storage Security at AWS
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- AWS Data Security5 min
- AWS Storage Services5 min
- DynamoDB: Data Security Overview4 min
- DynamoDB: Server-Side Encryption3 min
- DynamoDB: Server-Side Encryption Using the Command Line4 min
- RDS: Basic Security Settings4 min
- RDS: Advanced Security Settings5 min
- RDS: Final Settings and Launch4 min
Plan For Data-In-Transit Security at AWS
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Data in Transit: Network Paths4 min
- Data in Transit: Web Traffic3 min
- Data in Transit: Snowball6 min
- Data in Transit: Storage Gateway7 min
- Data in Transit: Database Migration Service3 min
- Data in Transit: Network File Transfer4 min
Plan for Data Encryption at AWS
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Data Encryption: Basics7 min
- Data Encryption: Resources5 min
- KMS Keys: Types6 min
- KMS Keys: Rotation4 min
- Hardware Security Modules3 min
- HSM Options6 min
- KMS Disable and Delete: Unlabeled Keys2 min
- KMS Disable and Delete: CloudTrail Logs6 min
Plan for EC2 Storage Security
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- EC2 Storage Security Overview6 min
- EBS Encryption: Operations4 min
- EBS Encryption: New Instance and Volume5 min
- EBS Encryption: New Instance and Volume CLI Preparation6 min
- EBS Encryption: New Instance and Volume CLI Launch Test4 min
- EBS Encryption: Snapshots5 min
Create Encrypted Root Volume AMI
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- EBS Encryption: Root Volume2 min
- Encrypted EBS Root Volume: Prereqs3 min
- Encrypted EBS Root Volume: Creating an Image4 min
- Encrypted EBS Root Volume: Encrypting the Image5 min
- Encrypted EBS Root Volume: Testing3 min
Create EC2 Encrypted Filesystem
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Automated Encrypted File System3 min
- Encrypted File System: Prereqs4 min
- Encrypted File System: Secret Password4 min
- Encrypted File System: User Data Script5 min
- Encrypted File System: Testing5 min
Plan for S3 Confidentiality Data Security
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- S3 Confidentiality5 min
- S3 Client-Side Encryption4 min
- S3 Server-Side Encryption: Client Key7 min
- S3 Server-Side Encryption: S3 Keys7 min
- S3 Server-Side Encryption: KMS Keys8 min
- S3 Public Access Account Restrictions6 min
Plan for S3 Integrity and Availability Data Security
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- S3 Integrity and Availability7 min
- S3 Lifecycle Policies4 min
- S3 Bucket Replication2 min
- S3 Replication: Destination Bucket6 min
- S3 Replication: Source Bucket7 min
- Glacier Vaults and Vault Lock Policies6 min
Deploy AWS Storage Gateway NFS Share
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Storage Gateway: Prereqs5 min
- Storage Gateway: Launching and Configuring a VM Appliance7 min
- Storage Gateway: Configuring the Gateway5 min
- Storage Gateway: New Client and Server Verification4 min
- Storage Gateway: Connecting to NFS Share4 min
Secure EC2 Workloads
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Secure Starting Point: AMIs and UserData5 min
- Secure Starting Point: Hardening your AMI5 min
- Generating EC2 Key Pairs7 min
- Extending EC2 Key Pairs to New Users5 min
- EC2 Key Pair Rotation and Maintenance6 min
Manage Systems with AWS Systems Manager
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Systems Manager: Understanding the Basics5 min
- Systems Manager: State and Inventory Manager4 min
- Systems Manager: Automation, Documents, and Parameters6 min
- Systems Manager: Getting Started5 min
- Systems Manager: Launching a new Managed Instance7 min
- Systems Manager: Run Command and Session Manager4 min
Plan for Protective Controls at AWS
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Protective Controls5 min
- Three-Tier Web Application3 min
- Security Group Rules: Three-Tier Web Application4 min
- Security Group Rules: Admin JumpBox4 min
- EC2-Based Network Security Tools3 min
- Single VPC Network Traffic Filtering4 min
- Multi-VPC and Multi-Account Traffic Filtering4 min
Plan for VPC Network Traffic
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Elastic Network Interface Concepts5 min
- Working with Elastic Network Interfaces5 min
- VPCs, SGs, and NACLs6 min
- Public and Private Subnets5 min
- Internet Access Checklist6 min
- Internal VPC Traffic Flow5 min
- VPC External Traffic Flows3 min
Network for a Public Web Server
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Public Web Server: Creating a VPC4 min
- Public Web Server: Internet Gateway and Subnet6 min
- Public Web Server: Routing6 min
- Public Web Server: Security Group and Rules4 min
- Public Web Server: Elastic Network Interface and IP Addresses6 min
- Public Web Server: Launching the Server5 min
Network for Management and Private Traffic
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Private Database: Private Subnet6 min
- Private Database: NAT Gateway Deployment7 min
- Private Database: Creating a Security Group6 min
- Management Network7 min
- Management Network: SSH JumpBox3 min
- Management Network: Bridge ENIs6 min
- Management Network: Testing ENI3 min
- Management Network: SSH Connection Test6 min
Plan for Transit Gateway Connectivity at AWS
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Introducing Transit Gateway4 min
- Configuring Transit Gateway4 min
- Sharing a Transit Gateway with an Organization6 min
- Attaching a Shared Transit Gateway4 min
- Testing Transit Gateway Connectivity7 min
Plan for Cross-VPC Network Traffic at AWS
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Transit Gateway vs. VPC Peering6 min
- VPC Endpoints and PrivateLink7 min
- VPN to Transit Gateway: Overview5 min
- VPN to Transit Gateway: Configuring VPN Attachment8 min
- VPN to Transit Gateway: Configuring Linux VPN Gateway8 min
- VPN to Transit Gateway: Routing Validation3 min
- VPN to Transit Gateway: Connectivity Test5 min
Deploy Juniper vSRX Firewall on AWS
Learning Intent
Join Bart Castle as he teaches you about common AWS services and how to deploy and configure a Juniper vSRX instance. Learn how to support an EC2-based software firewall deployment with public and private networks, how to create Elastic Network Interfaces, how to allocate public Elastic IPs, and how to use the management console to create a VPC, its subnets, and an internet gateway. Gain an understanding of routing tables, traffic filtering, security groups, and network address translation (NAT).Skill outline
- Why use a Software Firewall?3 min
- Understanding the Architecture Within6 min
- Creating the Network with a VPC, Subnets, and Internet Gateway5 min
- Creating Interfaces and Allocating IP Addresses6 min
- Creating Route Tables and Routes7 min
- Planning the Security Groups4 min
- Creating Security Groups and Rules12 min
- Deploying the vSRX Instance9 min
- Initial vSRX Management Configuration8 min
- Configuring vSRX Private Raptors Subnet5 min
- Configuring vSRX Private Stegos Subnet4 min
- Configuring NAT and Final Testing7 min
Plan for Denial-Of-Service (DoS) Security
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- Denial of Service Attacks and OSI Layers3 min
- DDoS Infrastructure Attacks5 min
- DDoS Application Attacks4 min
- AWS Shield Standard4 min
- AWS Shield Advanced5 min
- Reducing your Attack Vector7 min
- Scaling to Absorb7 min
- Understanding Normal Behavior and Anomalies8 min
Filter Traffic with AWS Web Application Firewall
Learning Intent
Join Bart Castle as he teaches you how to work with AWS!Skill outline
- AWS WAF: Understanding the Benefits6 min
- AWS WAF: Basics and Access Control Lists8 min
- AWS WAF: Rule Conditions7 min
- Firewall Manager Service: Initial Setup4 min
- Firewall Manager Service: Security Policies6 min
Plan for Monitoring at AWS
Learning Intent
Join Bart Castle as he teaches you about the various monitoring solutions at AWS and how to use them. Learn how to choose the best metric for monitoring AWS services, applications, user activity, and admin activity; how to plan and design for metric collection, response timing, thresholds, and alarm limits; and how to use the Simple Notification Service (SNS) and CloudWatch Event Rules to notify you when your root account is used. Gain the skills you need to use the Personal Health Dashboard, automate Landing Zone deployments with AWS Control Tower, create a Metric Filter by using CloudWatch and CloudTrail log shipping, and more.Skill outline
- Handling Monitoring7 min
- Choosing the Best Metrics for Monitoring5 min
- Metric Timing, Thresholds, and Storage5 min
- Working with Service Status Notifications8 min
- Privilege Escalation Gateway Model7 min
- Monitoring Root Account Use6 min
- Global Login Activity Notification8 min
- Monitoring Service Level Limits7 min
- Landing Zone and AWS Control Tower6 min
Monitor with AWS CloudWatch
Learning Intent
Join Bart Castle as he shows you how to use Amazon CloudWatch to collect and track various types of metrics, set alarms, create custom dashboards, and more. Learn how to use custom CloudWatch metrics, how to review key API calls that enable the publishing of custom metrics, and how to publish custom CloudWatch metrics using AWS CLI scripts and Linux cron jobs. Gain an understanding of the default CloudWatch dashboards, the dual modes of the CloudWatch management console, and the alarm states and actions of CloudWatch.Skill outline
- Monitoring with AWS CloudWatch5 min
- Working with CloudWatch Dashboards7 min
- Anatomy of a CloudWatch Metric6 min
- Working with CloudWatch Integrated Metrics7 min
- Choosing the Right Metric4 min
- Preparing to use a Custom Metric5 min
- Deploying a Custom Metrics Script8 min
- Working with CloudWatch Alarms8 min
Security Scanning with Amazon Inspector
Learning Intent
Join Bart Castle as he covers the main features of AWS Inspector and the different ways you can install the Inspector agent. Learn how to use Inspector to run assessments against specific agent-managed instances, how to create an assessment target group, and how to confirm agent connectivity for a target group. Gain an understanding of assessment findings reports and the types of rules and rule packages you can use with InspectorSkill outline
- Vulnerability Scanning with AWS Inspector4 min
- Installing the Inspector Agent6 min
- Creating Assessment Target Groups6 min
- AWS Inspector Rules and Rule Packages7 min
- Inspector Findings and Exclusions7 min
Plan for Logging at AWS
Learning Intent
Join Bart Castle as he teaches you how to design, plan, and evaluate various security logging solutions at AWS. Gain an understanding of operational log files, CloudWatch, CloudWatch Logs, and the six-step design for AWS logging: collection, transport, storage, taxonomy, analysis, and security. Learn how to access AWS log files that show VPC network traffic, application activity, and datastore actions; how to install the CloudWatch agent with the CLI and the Systems Manager integration; how to design a centralized logging solution; and how to create an ELK stack.Skill outline
- Key Areas of Logging Design6 min
- Planning the Scope of a Logging Solution4 min
- Key AWS Operational Log Files5 min
- Key AWS Networking, Application, and Datastore Logs7 min
- Installing CloudWatch Agent5 min
- Configuring the CloudWatch Agent8 min
- Working with Log Groups, Log Streams, and Events7 min
- Analyzing Log Group Data in the Management Console5 min
- AWS Centralized Logging Solution5 min
- Log Storage and Lifecycle3 min
- Processing and Visualizing Log Data6 min
Apply the AWS Well-Architected Framework
Learning Intent
Join Bart Castle as he covers the cloud-computing solutions and best practices of Amazon Web Services (AWS). Learn about the five pillars of the AWS Well-Architected Framework: operational excellence, security, reliability, performance efficiency, and cost optimization. Gain an understanding of the best practices included in each pillar and how to implement them.Skill outline
- Answering Tough Design Questions3 min
- Operational Excellence Best Practices5 min
- Applying Operational Excellence Design6 min
- Security Best Practices9 min
- Applying Security Design7 min
- Identifying Reliability Limits5 min
- Reliability Best Practices5 min
- Asking the Right Reliability Questions4 min
- Performance Efficiency Best Practices7 min
- Applying Performance Efficiency Design8 min
- Cost Optimization Best Practices7 min
- Applying Cost Optimization Design8 min
AWS Certified Security – Specialty Learning Resources
Our AWS Certified Security – Specialty training includes videos and in-video quizzes.
