What this book covers
Chapter 1, AWS Certified Security Specialty Exam Coverage, provides you with an understanding of the different assessment topics that will be covered throughout the exam across the five different domains, including incident response, logging and monitoring, infrastructure security, identity and access management, and data protection.
Chapter 2, AWS Shared Responsibility Model, looks at the different security models (infrastructure, container, and abstract) that define where your responsibility as a customer implementing, controlling, and managing security in AWS starts and ends, in addition to the responsibilities of AWS, which controls the security of the cloud.
Chapter 3, Access Management, outlines the core concepts of identity and access management through the use of users, groups, and roles, and the differences between them. It also dives into the different types of roles available and EC2 instance profiles, before finishing with an understanding of how to implement multi-factor authentication.
Chapter 4, Working with Access Policies, takes a deep look at the multitude of different access policies that exist across the AWS environment, and which policy type should be used in different circumstances.
You will also learn how to read JSON policies to evaluate their permissions and the steps involved to implement cross-account access.
Chapter 5, Federated and Mobile Access, provides you with a comprehensive understanding of different federated access methods, including enterprise identity and social identity federation to provide a single sign-on approach to your AWS environment. In addition, you will also be introduced to the Amazon Cognito service to understand access control through mobile applications and devices.
Chapter 6, Securing EC2 Instances, tackles the best approach to secure your instance infrastructure using a variety of techniques. These include performing vulnerability scans using Amazon Inspector, how to manage your EC2 key pairs, using AWS Systems Manager to effectively administer your fleet of EC2 instances, and also, should a security breach occur, how to isolate your EC2 instances for forensic investigation.
Chapter 7, Configuring Infrastructure Security, enables you to gain a full understanding and awareness of the range of Virtual Private Cloud (VPC) security features that AWS offers to effectively secure your VPC environments. By the end of the chapter, you will be able to confidently build a secure multi-subnet VPC using internet gateways, route tables, network access control lists, security groups, bastion hosts, NAT gateways, subnets, and virtual private gateways.
Chapter 8, Implementing Application Security, looks at how to minimize and mitigate threats against your application architecture using different AWS services to prevent them from being compromised. You will also be introduced to the configuration of securing your elastic load balancers using certificates and how to secure your APIs using AWS API Gateway.
Chapter 9, DDoS Protection, highlights how to utilize different AWS features and services to minimize threats against this very common attack to ensure that your infrastructure is not hindered or halted by the threat. You will gain an understanding of the different DDoS attack patterns and how AWS Shield can be used to provide added protection.
Chapter 10, Incident Response, explains the process and steps to manage a security incident and the best practices to help you reduce the blast radius of the attack. You will understand how to prepare for such incidents and the necessary response actions to isolate the issue using a forensic account.
Chapter 11, Securing Connections to Your AWS Environment, provides you with an understanding of the different methods of securely connecting your on-premise data centers to your AWS cloud environment using both a Virtual Private Network (VPN) and the AWS Direct Connect service.
Chapter 12, Implementing Logging Mechanisms, focuses on Amazon S3 server access logs, VPC flow logs, AWS CloudTrail logs, and the Amazon CloudWatch logging agent to enable you to track and record what is happening across your resources to allow you to monitor your environment for potential weaknesses or signs of attack indicating a security threat.
Chapter 13, Auditing and Governance, looks at the different methods and AWS services that can play key parts in helping you to maintain a level of governance and how to provide evidence during an audit. You will be introduced to AWS Artifact, the integrity controls of AWS CloudTrail, AWS Config, and how to maintain compliance with Amazon Macie.
Chapter 14, Automating Security Threat Detection and Remediation, provides you with an understanding of how to implement automation to quickly identify, record, and remediate security threats as and when they occur. It looks at Amazon CloudWatch, Amazon GuardDuty, and AWS Security Hub to help you detect and automatically resolve and block potential security incidents.
Chapter 15, Discovering Security Best Practices, covers a wide range of different methods of implementing security best practices when working with AWS in an effort to enhance your security posture. It highlights and reviews a number of common best practices that are easy to implement and could play a huge role in protecting your solutions and data.
Chapter 16, Managing Key Infrastructure, takes a deep dive look into the world of two data encryption services, the AWS Key Management Service (KMS) and CloudHSM. You will learn how to implement, manage, and secure your data through AWS encryption services and the best service to use to meet your business requirements.
Chapter 17, Managing Data Security, introduces you to a variety of different encryption features related to a range of different services covering both storage and database services, including Amazon Elastic Block Store (EBS), Amazon Elastic File System (EFS), Amazon Simple Storage Service (S3), Amazon Relational Database Service (RDS), and Amazon DynamoDB.
Chapter 18, Mock Tests, provides you with two mock exams. Each of them is 65 questions in length to review your understanding of the content covered throughout this book to help you assess your level of exam readiness.