| Day | Task | Start Date | Completion Date | Reference Material |
|---|---|---|---|---|
| 2 | Shared Responsibility Model - Learn about the Shared Responsibility Model, in which AWS is responsible for security of the cloud (physical infrastructure, underlying software) and the customer is responsible for security in the cloud (configuration, data, applications). - Understand how security responsibilities change depending on the service type (infrastructure, combined management, or fully managed). AWS Identity and Access Management (IAM) - Learn about the Root Account, the account with absolute full permissions, and best practices to protect it (create an IAM Admin User for regular use, lock away root credentials). - Learn about IAM User, a principal used to interact with AWS, which has no permissions by default when created. - Understand the technique for efficient user management by grouping multiple IAM Users into an IAM Group. - Learn about IAM Policy, a JSON document that defines permissions, including 2 types: + Identity-based Policy: Attached directly to an IAM Principal (User, Group, Role). + Resource-based Policy: Attached directly to a resource (e.g., S3 Bucket Policy). - Understand the IAM permission evaluation technique, where an explicit deny always takes precedence, regardless of any other Allow policy. - Learn about the architecture of IAM Role, a set of permissions (policy) without permanent credentials (password/access key). - Understand the Assume Role technique: An IAM User (or Service) uses the AWS STS (Security Token Service) to temporarily “assume” the IAM Role’s permissions and receive temporary credentials. - Understand the practical application of IAM Role, e.g., granting an EC2 service permission to access S3 without storing access keys on the server. | 06/10/2025 | 06/10/2025 | Module 05 |
| 3 | Amazon Cognito - Learn about Amazon Cognito, a service for managing authentication (login, sign-up) and authorization for end-users of web and mobile applications (different from IAM Users, who are AWS administrators). - Learn about the two main components of Cognito: + User Pool: A user directory that manages users, supporting direct login or login via third-party providers (Facebook, Google). + Identity Pool: Grants application users access (usually temporary) to other AWS services. AWS Organizations - Learn about AWS Organizations, a service that helps centrally manage and govern multiple AWS accounts. - Understand the Consolidated Billing technique for all accounts. - Understand the technique of grouping accounts into OUs (Organization Units) and applying Service Control Policies (SCP) to limit the maximum permissions that IAM Users/Roles in that account can perform (including deny-based). AWS Identity Center (SSO) - Learn about AWS Identity Center (SSO), a service that helps centrally manage access (single sign-on) to all AWS accounts in an Organization and to external applications. - Understand the technique of using Permission Sets (a set of permissions stored in Identity Center) to assign to Users/Groups. When a user accesses an account, the Permission Set is granted as an IAM Role within that account. | 07/10/2025 | 07/10/2025 | Module 05 |
| 4 | AWS Key Management Service (KMS) - Learn about AWS KMS, a service to create and manage encryption keys to protect data at rest (Encryption at rest). - Learn about… CMK (Customer Managed Key) (the master key within KMS) and Data Key (the key used to encrypt/decrypt actual data, generated by the CMK). AWS Security Hub - Learn about AWS Security Hub, a service for continuous security checks, based on AWS best practices and industry standards (like PCIDSS). - Understand how Security Hub provides results as a score and identifies resources that need attention. Lab: 000002 - Getting Started with IAM and IAM Role - IAM Group and IAM User - Create IAM Role - Assume Role Lab: 000044 - IAM Role and Condition - Introduction to IAM - Create EC2 Admin User - Create RDS Admin User - Create Admin Group-Configure IAM Role Condition - Create IAM Role with Admin rights 5.2 Create IAM User 5.3 Configure Switch role 5.4 Restrict IP 5.5 Restrict by time. | 08/10/2025 | 08/10/2025 | Module 05 |
| 5 | Lab: 000048 - IAM Role and Application - Use access key - IAM Role on EC2 Lab: 000030 - IAM Permission Boundary - Introduction to IAM Permission Boundary - Create limiting Policy - Create IAM User with limited permissions - Test the limited User Lab: 000027 - Tags and Resource Groups - Use tags - Use tags via Console - Display tags - Add or remove tags - Tag a virtual machine - Filter resources by tag - Use tags via CLI - Resource Group Lab: 000028 - Manage EC2 via Resource Tag - Create IAM Policy - Create IAM Role - Test IAM Role | 09/10/2025 | 09/10/2025 | Module 05 |
| 6 | Lab: 000018 - Using AWS Security Hub - Security standards - Activate Security Hub - Score for each standard set Lab: 000012 - Using AWS SSO - Preparation steps - Create AWS Account in AWS Organizations - Set up Organization Unit - Set up AWS SSO - Verify Lab: 000033 - KMS Workshop - Set up environment - Getting started with AWS KMS - Encryption with AWS KMS - Key Policy and best practices - Monitoring AWS KMS usage. [Supplemental Research] - AWS Certified Security Specialty All-in-One-Exam Guide (Exam SCS-C01) - Study material for the Security Specialty certification exam | 10/10/2025 | 10/10/2025 | Module 05 Research Link |