Skip to content

Latest commit

 

History

History
139 lines (119 loc) · 8.51 KB

aws-security-study-plan.md

File metadata and controls

139 lines (119 loc) · 8.51 KB
Raw

AWS Security Study Plan

I am making the study plan irrespective of job role under AWS Security category. It can be AWS Security Analyst, AWS Security Researcher or AWS Security Engineer or Cloud Security Operations Expert or Cloud Security Manager.

So, check how much you can cover and close the checkbox. The more you close, the better candidate you are for the job role. Also, I assume you have already checked and comfortable with Common Security Skills study plan.

AWS Security Skills Learning and Checklist

My only suggestion here is ask below 4 questions while learning each topic/concepts etc.

  1. What is this? (For example: What is security group)
  2. Why am I learning this?
  3. How I can implement this?
  4. How it will make secure or how to make it secure depending upon the topic or concept again?

AWS Fundamentals

I am listing only the topic name. How much you learn and comfortable with the concept or topic is upon you. And I will share the minimal link to make you up to the mark and you are free to learn anything more than this for better candidacy and experience.

IAM

One of the most important and must have skills for you. Try to understand IAM functionalities as much as possible.

  1. Understand IAM policy in 60 minutes: Youtube
  2. Understand IAM permissions
  3. Business Use Cases for IAM
  4. Security in IAM and STS
  5. IAM Access Analyzer
  6. User, Group, Roles and when to use when and don't forget to ask why this, why not that
  7. Custom policy vs AWS Managed Policy
  8. Cross-Account IAM policy to different roles, services, account
  9. Understand the IAM policy from security mindset. Why this, why not this?
  10. Service Control Policy
  11. Security Best Practices in IAM

Amazon S3

KMS

VPC

Lambda

AWS EKS and ECS

AMAZON RDS

For any AWS Service(s), please follow this strategy:

  1. What does this service does
  2. What problem it would solve for business
  3. Security Best Practices guide for AWS service. Ex: S3 security best practices, VPC security best practices.
  4. What permissions you should provide for each role to maintain the least privilege principle.
  5. How it is being used, can there be some security misconfiguration if not configured properly. If so, what are the security guideline to configure it.
  6. Is multi-tier, multi region required for this service
  7. How data at rest and data in transit can be achieved.
  8. Is logging required? If so, how are you going to log and what data and till what period
  9. Are we monitoring it? what's the reason for Yes or No
  10. Any specific security settings for that service like Bucket Policy for S3 bucket

AWS Native Security core skills

What I mean to say here is:

  1. AWS core services related security skills
  2. AWS Security services hands-on knowledge

What are these? These are the core services:

  1. IAM, super important
  2. EC2
  3. S3
  4. VPC, I feel it as the toughest one so far
  5. RDS
  6. API Gateway
  7. Lambda
  8. ECS and EKS

Below are AWS Core Security services that you should know and try hands-on as much as possible

  1. IAM Access Analyzer
  2. S3 Bucket Policy
  3. Security Group and NACL
  4. CloudTrail
  5. Config
  6. GuardDuty
  7. Inspector
  8. Macie
  9. Security Hub
  10. WAF and Shield (Optional, but if your job needs it; learn it)
  11. AWS KMS
  12. Secrets Manager
  13. Cognito

AWS Security Whitepapers

AWS has awesome lists of whitepapers related to AWS Security. We are adding few important one here. You can anytime check more for updated or new security whitepapers here

And don't forget to bookmark AWS Security bulletin for new vulnerabilities news from here

  1. AWS Overview - One of the important whitepaper to understand an overview of AWS
  2. Introduction to AWS Security Whitepaper
  3. AWS Well-Architected Security Pillar
  4. Introduction to Security By Design
  5. AWS Well Architected Framework
  6. AWS Risk And Compliance Whitepaper
  7. AWS Security Checklist
  8. AWS HIPAA Compliance Whitepaper
  9. AWS Cloud Adoption Framework
  10. AWS Auditing Security Checklist
  11. AWS CIS Foundation benchmark
  12. AWS Security Incident Response
  13. Overview of AWS Lambda Security
  14. AWS KMS Best Practices
  15. Encrypting File Data with Amazon Elastic File System
  16. Security of AWS CloudHSM backups
  17. Security overview of AWS Lambda
  18. NIST Cybersecurity Framework in the AWS cloud
  19. NIST 800-144 Security and Privacy in Public Cloud Computing
  20. Security at the Edge: Core Principles
  21. AWS KMS Best Practices
  22. Security Overview of AWS Fargate

Check your AWS Pentesting Skills

  1. Did you use pacu? if not, start using it
  2. Try out the scenarios in Cloud Goat
  3. Try AWS CTF from flaws.cloud. Here is solution on YouTube as well
  4. Next level is at flaws2.cloud
  5. Try Well Architected Framework: Security Labs
  6. AWS Security Workshops
  7. Check other good tools like Prowler and ScoutSuite as well.

Check your Knowledge against common security benchmark and frameworks.

  1. AWS CIS Benchmark
  2. CSA Cloud Matrix and STAR Framework
  3. NIST CSF for AWS
  4. ISO 27017

AWS Security Videos and Courses

Check Awesome AWS Security repo for more details on book, videos, courses etc.

AWS Security Interview Questions

I have a separate repo for skills roadmap and interview questions. I will keep it updated time to time. You can star it or fork it.

People to follow on twitter

  1. Abhay Bhargav
  2. Scott Piper
  3. Anant Srivastava
  4. Aakash Mahajan
  5. Sanjeev Jaiswal