AWS Security 2021

1. Domain 3: Infrastructure Security (26%)

1.1. AWS VPN Tunnels

1.2. VPC Peering

1.3. VPC Endpoints

1.4. Gateway VPC Endpoint Access Control

1.5. Network ACL

1.6. Stateful vs Stateless Firewalls

1.7. IDS/IPS in AWS

1.8. EBS Architecture and Secure Data Wiping

1.9. Understanding CDN (ClourFront/Edge Locations

1.10. Understanding Origin Access Identity

1.11. Importance of SNI in TLS

1.12. Overview/Implementation of CloudFront signed URLS

1.13. AWS Shield

1.14. Mitigating DDOS Attacks

1.15. Introduction to API

1.15.1. Understanding the working of an API

1.15.2. Building a Lambda for the API

1.15.3. Building an API with API Gateway

1.16. Lambda & S3

1.17. EC2 Tenancy Attribute

1.18. AWS Artifact

1.19. Lambda@Edge

1.20. AWS SES

1.21. DNS Resolution in VPC

2. Domain 4: Identity and Access Management (20%)

2.1. Understanding AWS Organisations

2.2. IAM Policy Evaluation Logic

2.3. Identity and Resource based Policies

2.4. Understanding IAM Policies

2.5. AWS Security Token Service

3. Domain 5: Data Protection (22%)

4. Domain 1: Incident Response (12%)

4.1. AWS GuardDuty

4.2. Whitelisting Alerts in AWS GuardDuty

4.3. Dealing with Exposed Access Keys

5. Domain 2: Logging and Monitoring (20%)

5.1. Automated Vulnerability Scanners

5.2. Into to AWS Inspector

5.3. AWS Inspector Vulnerability Scans

5.4. AWS Security Hub

5.5. Overview of Layer 7 Firewalls

5.6. Understanding AWS WAF

5.7. Implementing AWS WAF with ALB

5.8. Overview of AWS Systems Manager

5.9. Configuring SSM Agent

5.10. Overview of Patch Manager

5.11. EC2 Systems Manager - Parameter Store

5.12. Undestanding CloudWatch Logs

5.13. Pushing Linux System Logs to CloudWatch

5.14. CloudWatch Log Policies

5.15. CloudWatch Events

5.16. AWS Athena

5.17. Overview of AWS CloudTrail

5.18. Overview of AWS Config

5.19. Overview of Trusted Advisor

5.20. Overview of AWS Macie

5.21. Overview of AWS SNS