Best Free Resources for Security Engineering on AWS (SCS-02)

• The 6 Pillars of the AWS Well-Architected Framework
• Shared responsibility model: Risk and Compliance
• Become an IAM Policy Master in 60 Minutes or Less by Brigid Johnson
• Security best practices with AWS IAM You can download the presentation here: https://d1.awsstatic.com/events/aws-reinforce-2022/IAM201_Security-best-practices-with-AWS-IAM.pdf
• Recommend you to go through few example IAM identity-based policies
• "An explicit deny in any policy overrides any allows." https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
• AWS Systems Manager Parameter Store
• AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other secrets throughout their lifecycles. Many AWS services store and use secrets in Secrets Manager.
• Move hardcoded secrets to AWS Secrets Manager
• Strengthen your web application defenses with AWS WAF
• Introduction to Amazon Inspector
• Amazon Inspector supports the configuration of inclusion rules to select which ECR repositories are scanned. Please see more information here - https://aws.amazon.com/inspector/faqs/
• Getting Started with Amazon GuardDuty
• AWS service integrations with GuardDuty
• Getting Started with AWS Security Hub
• Act on security findings using Security Hub’s automation capabilities
• Security Hub automation rules demo
• AWS Security Incident Response - Compromised IAM Credentials Use Case
• Exam Prep Official Practice Question Set : AWS Certified Security - Specialty (SCS-C02 - English)

Before you appear for the exam, practice, practice, and practice!

1. It is recommended to know NIST Domains: Identify, Detect, Respond, Recover. You need to know that we are protecting People, Applications, Network, and Devices. https://www.nist.gov/cyberframework https://aws.amazon.com/compliance/nist/
2. You need to know a one-liner for which AWS Service to use and for which domain: https://aws.amazon.com/products/security/- Overview of those services: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-services.html- Dive deep into every service, read the documentation, and then the FAQ.
3. Practice questions: Whenever you read a question, understand that it is more of a Situation Reaction Test - like if EC2 is compromised, what is the most immediate step you will take? You should be able to visualize which services will come into play and select your options accordingly :)

That's all, folks! Wishing you the very best :) Feel free to reach out to me if I can be of any help to you!