AWS Security Services & Compliance: Comprehensive Curriculum Overview

This document provides a structured roadmap for mastering AWS Security services, specifically focusing on the Domain 2 and 3 requirements of the AWS Certified Cloud Practitioner (CLF-C02) exam. It covers perimeter protection, threat detection, and compliance management.

## Prerequisites

Before diving into specific security services, learners should have a solid foundation in the following areas:

• AWS Global Infrastructure: Understanding of Regions, Availability Zones, and Edge Locations (PoPs).
• Shared Responsibility Model: Clear distinction between "Security OF the Cloud" (AWS) and "Security IN the Cloud" (Customer).
• Core Networking: Basic knowledge of VPCs, Security Groups, and Network ACLs.
• Identity & Access Management (IAM): Understanding of users, roles, and the principle of least privilege.

## Module Breakdown

## Learning Objectives per Module

Module 1: Perimeter & Application Protection

• AWS WAF: Explain how to filter web traffic based on IP addresses, HTTP headers, and custom URI strings to prevent SQL injection and XSS.
• AWS Shield: Differentiate between Shield Standard (free, Layer 3/4) and Shield Advanced (paid, higher-level protection and cost protection).
• AWS Firewall Manager: Describe the ability to centrally manage rules across multiple accounts in an AWS Organization.

Module 2: Detection & Investigation

• Amazon GuardDuty: Understand how ML is used to monitor CloudTrail, VPC Flow Logs, and DNS logs for suspicious activity.
• Amazon Inspector: Identify how to perform automated vulnerability scans on EC2 instances, ECR images, and Lambda functions.
• Amazon Detective: Learn how to simplify the root cause analysis of security findings using graph-based visualizations.

Module 3: Compliance & Security Posture

• AWS Artifact: Identify this as the self-service portal for downloading AWS compliance reports (e.g., SOC 2, ISO, PCI DSS).
• AWS Security Hub: Explain its role as a "single pane of glass" that aggregates findings from GuardDuty, Inspector, and Macie.

## Visual Anchors

Perimeter Protection Logic

Threat Detection vs. Assessment

## Examples

[!TIP] Scenario 1: Web Attack Mitigation A company is experiencing a "SQL Injection" attack.

• Solution: Use AWS WAF to create a rule that inspects the body of HTTP requests for malicious SQL statements and blocks them before they reach the server.

[!IMPORTANT] Scenario 2: Regulatory Audit A healthcare company needs to prove to an auditor that AWS meets HIPAA compliance standards.

• Solution: The user navigates to AWS Artifact to download the HIPAA Business Associate Addendum (BAA) and relevant SOC reports.

[!NOTE] Scenario 3: Compromised Credentials An IAM User's access keys were leaked on GitHub and are being used to launch unauthorized EC2 instances in a different region.

• Solution: Amazon GuardDuty detects the unusual API calls and geographic location, triggering an alert for the security team.

## Success Metrics

To demonstrate mastery of this curriculum, the learner must be able to:

1. Differentiate Services: Correctly choose between Inspector (vulnerabilities in code/config) and GuardDuty (active threats in logs).
2. Define Scope: Explain that AWS Shield Standard is automatically enabled for all AWS customers at no extra cost.
3. Governance Knowledge: Identify AWS Firewall Manager as the primary tool for a Security Administrator to enforce WAF rules across 50+ AWS accounts simultaneously.
4. Resource Discovery: Know that third-party security software can be purchased through the AWS Marketplace to complement native services.

## Real-World Application

• Security Operations (SecOps): Using Security Hub and GuardDuty to build an automated incident response pipeline.
• Compliance Officer: Leveraging AWS Artifact to reduce the time spent on manual audit evidence collection from months to minutes.
• Cloud Architect: Implementing a "Defense in Depth" strategy by layering Shield, WAF, and Security Groups to protect sensitive data workloads.

$\text{Security Outcome} = \text{Visibility (Security Hub)} + \text{Protection (WAF/Shield)} + \text{Compliance (Artifact)}$