AWS Training and Certification Blog
Safe and sound in the cloud: Your AWS security training guide
Organizations are accelerating their cloud adoption, and with this transformation comes the critical need to implement robust security measures. Cloud security is essential for organizations of all sizes, from startups to enterprises. This guide is organized according to five key security pillars that provide the foundational knowledge you need to protect your cloud deployments effectively. We’ll walk you through training resources specifically designed to help you:
- Learn core Amazon Web Services (AWS) security services and features
- Implement the AWS Security Reference Architecture (AWS SRA)
- Develop multi-account security strategies
- Build automated security operations
AWS learning platforms overview
AWS offers resources to support your security learning journey:
- AWS Skill Builder: Access free and subscription-based courses, including self-paced training, role-specific learning plans, hands-on labs, and certification prep. For security-focused subscribers, the platform offers AWS Cloud Quest for Security, an engaging 3D virtual environment where users tackle real-world security challenges through interactive missions, providing practical experience with AWS security services in an immersive, game-like setting.
- AWS Workshop Studio: Engage with self-paced technical labs (workshops) and instructor-led sessions (Immersion Days).
Let’s dive deep into AWS security services through AWS Skill Builder, AWS Workshop Studio, and AWS Certification resources that will help you understand and implement your part of the shared responsibility model for cloud security, whether you’re just starting out or looking to enhance your existing skills.
Pillars of security
Security in AWS is built on multiple layers of protection, working together to safeguard your cloud resources. As shown in the security services overview diagram, AWS organizes its security services into five fundamental pillars, each addressing specific aspects of cloud security:
- Identity and access management
- Network and application protection
- Data protection
- Detection and response
- Governance and compliance
Identity and access management
AWS Identity and Access Management (IAM), AWS IAM Identity Center, and Amazon Cognito form the foundation of AWS security, giving you control over who can access your resources and what actions they can perform. This access control system makes sure that the right people have the right access at the right time, following the principle of least privilege. Through these foundational courses and workshops, you’ll explore basic authentication and authorization, centralized multi-account access management, and application user management.
AWS Skill Builder trainings
- Introduction to AWS Identity and Access Management (IAM)
- AWS Identity and Access Management – Identity Center Getting Started
- AWS Identity and Access Management – Cognito Getting Started
AWS Workshops
- Using IAM Identity Center to achieve strong identity management
- Amazon Cognito Workshop
- IAM policy learning experience
- Least Privilege with IAM Access Analyzer
Network and application protection
You can create multiple layers of defense protecting your applications and infrastructure from network-based threats using AWS Firewall Manager, AWS Network Firewall, AWS Shield, and AWS WAF. These services provide centralized security policy management while defending against threats like distributed denial of service (DDoS) attacks and web application vulnerabilities. These courses and workshops teach you how to implement robust, centralized security policies and protect your web applications from sophisticated attacks. You’ll learn to use these services’ built-in features to create intelligent, self-defending network borders, balance security with user experience, and enforce consistent security policies across your AWS infrastructure.
AWS Skill Builder trainings
- AWS Security Best Practices: Network Infrastructure
- Protect Your Web-facing Workloads with AWS Security Services
- AWS Firewall Manager Getting Started
- AWS Network Firewall Getting Started
- AWS WAF Getting Started
AWS Workshops
- Strengthen your web application defenses with AWS WAF
- Approaches to layered security for Amazon VPC
- AWS Network Firewall Workshop
- AWS Firewall Manager Workshop
- Networking Immersion Day
Data protection
You can safeguard sensitive information to make sure data remains secure both at rest and in transit using Amazon Macie, AWS CloudHSM, AWS Certificate Manager, AWS Secrets Manager, and AWS Key Management Service (AWS KMS). These courses and workshops provide an overview of the AWS data protection and encryption services to understand how these services work together to secure your data throughout its lifecycle, from implementing encryption and managing certificates to discovering security risks and automating secrets rotation.
Skill Builder trainings
- AWS Security – Encryption Fundamentals
- Amazon Macie – Getting Started
- AWS Key Management Service Getting Started
- AWS Certificate Manager Getting Started
- AWS Secrets Manager Getting Started
AWS Workshops
- Store, retrieve, and manage sensitive credentials in AWS Secrets Manager
- Encryption on AWS
- Scaling your encryption at rest capabilities with AWS KMS
Detection and response
You can identify and address potential security threats quickly and maintain continual security visibility using AWS Config, Amazon Inspector, AWS Security Hub, AWS Security Lake, Amazon Detective, Amazon GuardDuty, and AWS CloudTrail. These services work together to provide automated threat detection, security posture management, and streamlined incident investigation. These courses and workshops will help you learn how these services work together to provide continual vulnerability scanning, threat detection, configuration monitoring, and centralized security data management, giving you the flexibility to effectively respond to and mitigate security incidents across your AWS environment.
AWS Skill Builder trainings
- AWS Security Incident Response Overview
- Getting started on services for detection and response:
AWS Workshops
Governance and compliance
AWS Organizations, AWS Control Tower, AWS Audit Manager, and AWS Artifact provide the foundation for scalable security governance, and with them you can enforce policies consistently across multiple accounts and Regions.
The following courses explore centralizing multi-account management, establishing secure landing zones, and automating compliance assessment and evidence collection. You’ll learn how these services work together to simplify account management, enforce security controls, and streamline audit processes across your AWS environment.
AWS Skill Builder trainings
- AWS Organizations Getting Started
- Getting Started with AWS Control Tower
- Getting Started with AWS Audit Manager
AWS Workshops
When implementing these security services, consider a phased approach that starts with fundamental controls and gradually expands to more advanced features based on your organization’s specific security requirements and risk profile. For self-paced digital training on security best practices, check out AWS Security Best Practices: Overview.
AWS Certification
When embarking on your cloud security journey, following a structured AWS Training and Certification path helps build a solid foundation. This approach not only enhances your technical capabilities but also positions you as a more valuable asset to any organization seeking to secure their cloud infrastructure.
The AWS Certified Cloud Practitioner serves as the essential starting point for both business and technical professionals beginning to work with AWS services. This foundational certification introduces crucial concepts such as the shared responsibility model and provides a comprehensive overview of core services. It also establishes basic architectural principles and security terminology, which teaches professionals to effectively communicate security requirements between technical and nontechnical stakeholders.
The AWS Certified Solutions Architect – Associate certification is a key milestone in your cloud security journey. It develops critical problem-solving skills and illustrates secure AWS service interactions, facilitating understanding of security integration points. With this knowledge, professionals can identify crucial security touchpoints, implement defense-in-depth strategies, and design compliant architectures. The certification teaches candidates to build a solid foundation for protecting workloads and data across AWS environments.
The AWS Certified Solutions Architect – Professional certification serves as a crucial step before pursuing the Security Specialty. It provides deep understanding of complex AWS architectures, service integrations, and enterprise-scale solutions essential for implementing robust security measures. The certification develops expertise in advanced networking, identity management, and data protection strategies while building critical skills for managing organizational security and compliance requirements.
The AWS Certified Security – Specialty certification represents the pinnacle of cloud security expertise, covering advanced topics in automation, incident response, threat detection, and compliance. It validates comprehensive knowledge of AWS security services and best practices, emphasizing real-world application in both small-scale and enterprise environments. This certification equips professionals to address complex security challenges, implement effective incident management strategies, and design robust, automated security architectures.
As you progress through your AWS security learning journey, remember that security is an ongoing process. Stay current with AWS services, regularly update your skills, and engage with the AWS security community.
Additional resources
Your AWS security learning journey extends beyond formal training and certifications. We’ve curated essential resources to help you continue building your expertise while implementing security best practices in your organization:
- The AWS Solutions Library showcases vetted security solutions you can deploy in your own environment.
- For those seeking deeper technical understanding, our security whitepapers provide detailed insights into AWS security services and best practices. Start with the AWS Security Pillar whitepaper, which outlines fundamental security principles and architectural considerations.
- The AWS Security Blog keeps you updated with the latest security features, implementation guides, and customer success stories.
- To find more resources regarding security best practices, visit Best Practices for Security, Identity, & Compliance.
About the authors
Srividhya Pallay is a solutions architect II at Amazon Web Services (AWS) based in Seattle, where she supports small and medium-sized businesses (SMBs) and specializes in generative AI and games with six AWS Certifications. Srividhya holds a Bachelor of Science in Computational Data Science from Michigan State University College of Engineering, with a minor in Computer Science and Entrepreneurship.
Carlos Cabello is a solutions architect at Amazon Web Services (AWS) based in Seattle, where he supports enterprise and large accounts. Carlos holds a Master of Science in Cybersecurity and Leadership and an Information Security Risk Management Graduate Certificate from University of Washington. He is also a current member of the U.S. Army Reserves.
Anthony Houston is a solutions architect at Amazon Web Services (AWS), where he supports independent software vendors (ISVs) and specializes in threat detection and incident response within the security and compliance community. Anthony holds a Bachelor of Science in Management Information Systems from University of Oklahoma and has the AWS Security Specialty and AWS Solutions Architect Professional certifications.