Curriculum Overview: Securing AI Systems on AWS

This curriculum outline defines the topics and learning outcomes covered for Domain 5 of the AWS Certified AI Practitioner (AIF-C01) exam, focusing on identifying AWS services and features to secure AI systems.

Prerequisites

Before beginning this curriculum, learners must possess foundational knowledge of cloud computing and machine learning concepts. Specifically, you should have:

• Cloud Fundamentals: Familiarity with core AWS services, including Amazon EC2, Amazon S3, and AWS Lambda.
• Identity Basics: An understanding of standard AWS Identity and Access Management (IAM) principles (users, groups, roles, and policies).
• Shared Responsibility: A basic grasp of the standard AWS Shared Responsibility Model (understanding the difference between security of the cloud versus security in the cloud).
• AI/ML Exposure: Up to 6 months of exposure to AI/ML technologies on AWS (building models from scratch is not required).

Module Breakdown

This curriculum is divided into sequential modules designed to build a layered understanding of AI security on AWS.

Learning Objectives per Module

Module 1: The Shared Responsibility Model for AI

• Differentiate between AWS responsibilities (infrastructure, managed service backend) and customer responsibilities (data, access, encryption).
• Explain how this model applies to specific AI services like Amazon Bedrock and Amazon SageMaker.
• Recognize that services like Amazon Bedrock do not use customer prompts or completions to train base AWS models.

Module 2: Data Discovery and Protection

• Identify Amazon Macie as the primary ML-powered tool to discover and classify sensitive data (PII, PHI) in Amazon S3 before model training.
• Apply AWS Key Management Service (KMS) to manage encryption keys for protecting datasets at rest and in transit.
• Implement strategies for assessing data quality and maintaining data integrity throughout the ML lifecycle.

Module 3: Network and Infrastructure Security

• Design isolated network environments using Amazon VPC (subnets, security groups) to prevent public internet exposure of AI compute resources.
• Utilize AWS PrivateLink to establish private, secure connections to managed AI services (like Amazon Bedrock) without traversing the public internet.
• Deploy AWS Shield Advanced and AWS WAF to protect internet-facing AI applications from DDoS attacks and malicious web exploits.

Module 4: Identity, Access, and Zero Trust

• Configure IAM roles, policies, and permissions to enforce least privilege access to AI endpoints.
• Leverage Amazon SageMaker Role Manager to provision prebuilt IAM roles tailored for ML personas (e.g., Data Scientist, MLOps Engineer).
• Adopt Zero Trust architectures using AWS Verified Access and Amazon Verified Permissions for granular, identity-based authorization.

Success Metrics

How will you know you have mastered this curriculum? You should be able to successfully check off the following competencies:

• Architectural Validation: You can design a completely private pipeline for a Generative AI application that uses Amazon Bedrock without sending any traffic over the public internet.
• Threat Mitigation Mapping: Given an AI-specific vulnerability (e.g., data poisoning or prompt injection), you can prescribe the correct AWS security service to mitigate the risk.
• Exam Readiness: You consistently score $\ge 80\%$ on practice questions related to Domain 5 (Security, Compliance, and Governance) of the AIF-C01 exam.
• Role-Based Access Simulation: You can successfully map the exact IAM permissions required for a data scientist to access Amazon SageMaker while restricting access to underlying S3 buckets from other users.

[!IMPORTANT] Continuous Assessment Mastery is not just passing a quiz; it is the ability to adapt these security architectures as the Generative AI threat landscape (such as the MITRE ATLAS framework) continues to evolve.

Real-World Application

Securing AI systems is not merely a theoretical exercise—it is a critical business imperative. Here is why this curriculum matters in a career context:

• Protecting Patient and Financial Data: When preparing training datasets for custom models, exposing Personally Identifiable Information (PII) can lead to massive regulatory fines (e.g., GDPR, HIPAA). Using Amazon Macie to automate discovery prevents accidental data leaks.
• Defending Against Prompt Injection: As AI models are exposed to the public, malicious actors attempt to manipulate inputs to extract sensitive data or bypass safety guardrails. Layering AWS WAF and application-level security helps sanitize inputs.
• Enterprise Intellectual Property Protection: Companies are hesitant to use Generative AI if their proprietary data might be used to train public models. Understanding the AWS Shared Responsibility Model and services like AWS PrivateLink enables security engineers to confidently assure stakeholders that enterprise data remains completely private and siloed.
• Compliance Scaling: Using automated tools like AWS Config and AWS Audit Manager alongside your security infrastructure allows organizations to maintain continuous compliance without slowing down AI innovation.

▶Click to expand: The Generative AI Risk Formula

In risk management, the severity of a threat is often calculated conceptually as:

$\text{Risk} = \text{Probability of Threat} \times \text{Impact of Vulnerability}$

By implementing the AWS services covered in this curriculum (like KMS for encryption and PrivateLink for network isolation), you actively reduce the Probability of Threat vector, keeping the overall risk score within acceptable organizational thresholds.