Popular with:
Cloud Engineer
Security Engineer
Cloud Security

AppSecEngineer's AWS Security Learning Roadmap

December 15, 2022
Written by
Abhay Bhargav
Rajesh Kanumuru
Table of Contents:
  1. What is AWS Security?
  2. Why is AWS Security important?
  3. Why should you study AWS Security Courses?
  4. Basic Level
  5. Intermediate Level
  6. Advanced Level
  7. How will AppSecEngineer Help you?
  8. Conclusion

Amazon Web Service is a cloud computing platform that offers scalable and cost-effective solutions. AWS is a widely used cloud platform that provides various on-demand services such as computational power, database storage, file sharing, etc. 

Amazon web services can help corporations scale up their operations by providing them with the resources they need to expand their businesses. However, many people don't know that Amazon also offers a wide variety of other services, like inventory management and data analysis, which can be extremely helpful for businesses of all sizes. Using AWS, companies can avoid the high upfront costs and operational complexities associated with traditional on-premises data centers.

What is AWS Security?

If you have security concerns about cloud-hosted data, then AWS Security protocols can be your ultimate savior. AWS offers services that can assist you in protecting your accounts, workloads, and data against unauthorized access. These services include encryption, key management, and threat detection that continuously monitor and protect your account. So you can rest a little easier knowing that AWS has your back.

Why is AWS Security important?

The importance of having strong AWS Security cannot be overstated. Just as cybersecurity is essential to protect organizations and customers from malicious cybercriminals, it is just as vital to have strong AWS security measures. With more valuable workloads and sensitive data being moved to the cloud, the need for solid security measures only increases. 

Additionally, reputational damage from an avoidable incident can be significant. Therefore, it is clear that strong AWS security measures are essential for any organization using the cloud platform.

Here is a complete roadmap for learning AWS Security

It is divided into three levels.

  • Basic
  • Intermediate
  • Advanced

We have covered most of the courses in each of these levels,  read ahead to learn more. 

Why should you study AWS Security courses?

Cloud computing has emerged as a new paradigm for providing hosted services over the internet, and Amazon Web Services have emerged as the largest cloud platform. Many prominent businesses like Netflix, Pinterest, General Electrics, Dropbox, Etsy, Zoopla, Instagram, IMDb, AirBnB, and organizations like NASA use its services.

Learning AWS security norms and procedures can have a far-reaching impact for your career. In the current IT scenario, data security issues have become commonplace and organization’s are constantly seeking qualified professionals. Learning and practicing through hands-on labs in AWS security will demonstrate your knowledge of the AWS platform and how to secure it.

If you want to work in the cloud security field, having in-depth knowledge about the various components of AWS security will help you land high-paying jobs.

A crucial business component, the demand curve for cloud computing services and its related security infrastructure continues to grow.

Additionally, the demand for AWS security skills is greater than the supply. Employers have a hard time finding someone with expertise in cloud security. Furthermore, about 60% of job advertisements for cloud computing positions call for AWS-related expertise.


The first level of the AWS Security Roadmap is the Basic Level. This level includes IAM Essentials, VM and Network Security Essentials, CloudWatch and CloudTrail, Secrets in AWS, and AWS Inspector.

These are cloud-friendly beginner topics that cover the fundamentals of AWS security, hence, it is referred to as “basic level”courses. Additionally, it requires no technical experience as a prerequisite. These basic-level courses cover the fundamentals of cloud security and prepare you for the intermediary and advanced courses. Suppose you’re just starting your career in cloud security. In that case, these courses are the way to go.

1. IAM Essentials

AWS Identity and Access Management (IAM) is like a bouncer for your AWS resources. It controls who gets in and who doesn't, ensuring that only the people who are supposed to have access to your AWS resources do. IAM ensures that the right people have access to the right resources at the right time. This limited and authorized access helps prevent data breaches and ramp up security measures.

2. VM and Network Security Essentials

It consists of three components: 

VPC: Amazon VPC creates a virtual network in the AWS cloud without the need for VPNs, hardware, or physical data centers. You can establish your network space and manage the Internet exposure of your network and the Amazon EC2 resources within it.

Flow Logs: VPC Flow Logs provide a front-row seat to your network's performance. You can use them to monitor your VPC network, diagnose issues, and understand traffic changes and growth for capacity forecasting.

VM Security: Virtual Machine Security refers to controlling network access to your instances, for example, through configuring your VPC, security groups, and NACLs. Using IAM roles to communicate with inhouse services like S3, DynamoDBB, RDS e.t.c instead of hardcoding Access Keys and Secret Access Keys. It also including updates and security patches to the guest operating system.

3. CloudWatch and CloudTrail

AWS CloudWatch is the perfect monitoring service for people who want to keep an eye on their AWS resources and applications. With Amazon CloudWatch, you can easily collect and track metrics, application log files, set alarms, and automatically react to changes in your AWS resources. 

AWS CloudTrail is like a security camera for your AWS account activity. It's always on, monitoring every move made in your account. And if something goes wrong, you can go back and check the logs to see what happened, who did it, and what services were used. 

CloudTrail makes it easy to answer essential questions about account activity so that you can take control of your AWS infrastructure.

4. Secrets in AWS

AWS Secrets Manager is a personal assistant for your top-secret data. It helps you protect access to your applications, services, and IT resources by rotating, managing, and retrieving database credentials, API keys, and other components necessary to maintain security. This service makes it easy for you to keep your secrets safe and organized so that you can focus on more important things.

5. Amazon Inspector

Amazon Inspector is the Automated Security Guard that continually scans AWS workloads for software vulnerabilities and unintended network exposure. It's like having a security assessment team working for you around the clock, automatically checking for exposure, vulnerabilities, and compliance issues.


The second level of the AWS Security Roadmap is the Intermediate Level. This level includes advanced features like AWS Serverless Security, Auditing AWS Environments, AWS GuardDuty, and AWS Threat Model, among others. These courses come after the basic level and require a standard knowledge of cloud security. After completing the basic level courses, if you want to expand your knowledge further, these courses will come in handy. 

Besides, intermediate-level AWS courses are also likely to get you higher-paying jobs across several industries. 

1. AWS Serverless Security

AWS Serverless is the cloud's native architecture, allowing you to delegate more of your operational tasks to Amazon, enhancing your agility and innovation. Users can focus more on the security of application code, the storage, and accessibility of sensitive data, tracking the activity of their applications through monitoring and logging, and identity and access management (IAM) to the corresponding service in the serverless approach.

2. Auditing AWS Environments

An audit is your chance to streamline and simplify your AWS environments. You can eliminate unused users, roles, groups, and policies and make sure that your users and software have only the permissions they need. It can save you time and money in the long run and help you avoid security problems down the road.

An audit can be performed in the following categories:

  • Identity and access management (IAM)
  • Storage
  • Logging and Monitoring
  • Networking

3. Amazon ECR Security Essentials

Amazon ECR is a fully managed container registry offering high-performance hosting, so you can reliably deploy application images and artifacts anywhere. Amazon ECR Security Essentials meet your image compliance security requirements using the tightly integrated Amazon Inspector vulnerability management service to automate vulnerability assessment scanning and remediation ticket routing.

4. AWS Security Hub

AWS Security Hub is a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation. Security Hub reduces effort to collect and prioritize findings. Security Hub aggregates your security alerts (i.e. findings) from various AWS services and partner products in a standardized format so that you can more easily take action on them. You can build automated incident response playbooks for the security findings generated in the security hub. 

5. Amazon GuardDuty

Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.  It gains insight of compromised credentials, unusual data access in Amazon S3, API calls from known malicious IP addresses, and more.

6. AWS IAM Roles Anywhere

AWS Identity and Access Management Roles Anywhere enable your servers, containers, and apps to receive temporary AWS credentials while operating outside of AWS. For accessing AWS resources, your workloads can utilize the same IAM policies and roles you use for native AWS applications.

7. IAM Analysis and Security Assessment

IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, shared with an external entity. This allows the detection of unauthorized access to resources and data, which poses a security concern.

8. AWS Threat Model

Risk exposure reduction is like a good housekeeping measure. It's like making your bed in the morning or doing the dishes at night. Taking care of the little things reduces the chances of something big going wrong. AWS Threat modeling is about identifying potential threats for your organization and in particular for each of your cloud workloads. It is a structured process with objectives such as identifying security requirements, pinpoint security threats and potential vulnerabilities, quantify threat and vulnerability criticality, and prioritize remediation methods.

9. Advanced AWS IAM Patterns

AWS has introduced an additional feature for IAM called permissions boundaries, which is used to limit the maximum permissions that can be provided to an IAM user or role via an identity-based policy.

For instance, if a permissions boundary is created on an IAM user, that user's effective permissions are always the intersection of the permissions boundary and the user's IAM policies.

10. AWS ECS and Fargate Security

Amazon Elastic Container Service (ECS) is the perfect way to quickly deploy containerized workloads on AWS. Amazon ECS's powerful simplicity means you can fast go from a single Docker container to managing your entire enterprise application portfolio. AWS Fargate is a game-changing solution for hosting containers without maintaining servers or clusters of Amazon EC2 instances. 

Fargate allows you to focus on operating your containers rather than installing, configuring, and scaling groups of virtual machines. Security measures such as scanning the deployed images for vulnerabilities and also scanning the application packages and libraries for vulnerabilities. Ensure running the container as a non-root user and also using a read-only root file system. Remove unnecessary Linux capabilities and also avoid containers with privileged access.

11. AWS Athena

Amazon Athena is an interactive query service that allows you to use conventional SQL to evaluate data directly in Amazon S3. Athena assists in analyzing data stored in Amazon S3 that is unstructured, semi-structured, or structured. For quick data visualization, Athena connects with Amazon QuickSight. Amazon Athena is the most convenient way to conduct ad hoc queries on data in Amazon S3 without having to set up or manage any servers.


The third level of the AWS Security Roadmap is the Advanced Level. This level includes advanced features like Advanced VPC Security- Mirroring, AWS Private Link, AWS Cognito, AWS EKS, AWS Organizations, and Advanced Monitoring.

The AWS advanced-level courses should only proceed once the other levels are completed. In fact, these are the highest level of AWS courses and are meant for those looking to become specialists in the field. These courses are technically niche and require prior knowledge of the AWS learning path. With expertise in advanced-level courses, one can secure the highest-paying job and become an expert in cloud security. 

1. Advanced VPC Security- Mirroring

VPC Traffic Mirroring is an AWS function that copies network traffic from an elastic network interface to a destination interface for monitoring. This enables AWS to support a wide range of network-based monitoring and analytics applications. Both AWS Nitro and non-Nitro compute instance types can use VPC Traffic Mirroring.

It provides a real-time perspective into communications between different entities in the infrastructure, thus, network and network security engineers regard traffic as the "source of truth." Network and security experts can employ VPC Traffic Mirroring to tackle four issues: network security, network performance monitoring, customer experience management, and network troubleshooting.

2. AWS PrivateLink

AWS PrivateLink is the perfect way to connect your VPCs, AWS services, and on-premises networks without exposing your data stream to the public internet. With AWS PrivateLink, you can easily connect services across different accounts and VPCs to simplify your network architecture significantly.

3. AWS Cognito

Amazon Cognito is the key to quickly adding user sign-up and authentication to your mobile and web apps. Using Amazon Cognito, one can authenticate users through an external identity provider, providing temporary security credentials to access the app's backend resources in AWS or any service behind Amazon API Gateway.


Amazon EKS allows you to run Kubernetes applications on Amazon EC2 and AWS Fargate. With Amazon EKS, you can utilize AWS infrastructure for performance, scale, reliability, and availability. Additionally, there are integrations with AWS networking and security services, such as ALBs for load distribution, IAM integration with RBAC, and VPC support for pod networking.

5. AWS Organizations

AWS Organizations is a tool that helps account managers keep track of their spending, security, and compliance needs in one place. It can be a huge help for businesses that are trying to stay within a budget and need to consolidate their billing.

It consists of 2 components.

AWS SSO: AWS SSO is a bit like your one-stop shop for all things related to logging into multiple AWS accounts and applications. It makes it super easy for users to sign in with their existing corporate credentials, giving them access to everything they need from one central location. No more having to remember a million different usernames and passwords!

Service-Authentication with OIDC: OpenID Connect is like a key that can open many doors. Like you might have a key for your home, car, and office, OpenID Connect can be used to log in to multiple providers. Amazon Cognito supports you in linking identities with OpenID Connect providers that you configure through AWS Identity and Access Management. This way, you can quickly and securely log in to the providers you use the most.

6. Advanced Monitoring

You must adopt a few best practices to monitor your AWS resources and data. These include using various tools and services to collect data, analyze it, and present insights.

It consists of 4 components.

Cloudwatch Expressions: Metric math is a valuable tool that allows you to query multiple CloudWatch metrics and use mathematical expressions to create new time series data based on those metrics. The results of your metric math queries may be seen in the CloudWatch console and added to dashboards for convenient access.

Cloudwatch Events and Triggers with Lambda: CloudWatch Events is a lot like having a butler who is always watching your AWS resources and keeping track of changes. You must set up a trigger if you want to respond quickly to changes or take corrective action. 

Triggers can be things like Lambda resources or resources in other services that you configure to invoke your function in response to events, requests, or on a schedule. Your function can have multiple triggers, and each will act as a client invoking your function independently.

Monitoring Pipelines: Monitoring your AWS CodePipeline ensures its reliability, availability, and performance. You should collect data from all aspects of your AWS solution to more easily debug a multi-point failure if one occurs. Doing so will help you identify and correct issues before they cause significant problems.

Threat hunting with Cloudwatch and Cloudtrail: Threat hunting aims to use data analysis to find abnormal behavior that could go undetected by security products. As the team's analytics become more sophisticated, they may begin developing a set of repeatable processes or "hunts." 

CloudTrail is a valuable tool for threat hunting in AWS because it logs nearly every API call made in an account. It allows auditing an AWS account for governance, compliance, operational, and risk purposes.

How will AppSecEngineer help you?

With the help of AppSecEngineer, you will learn how cloud security differs from traditional AppSec. You will understand the unique attack surfaces of cloud-native and serverless apps and how hackers exploit these weaknesses. You will also learn how AWS serverless architecture works and how to secure serverless apps. You will approach apps on various AWS services like S3, IAM, EC2, and more, with real hands-on experience working on Network security.


Cloud is the new way for applications to communicate with devices. And as more software becomes cloud-native, how they're exploited and attacked can change dramatically. That's where AppSecEngineer comes in to change the game.

If you're looking for a way to keep your cloud-based applications safe and secure, AWS is the way to go. AWS has everything you need to protect your apps and data with a robust suite of security services, protocols, and options. Most security vulnerabilities in AWS are due to user misconfigurations, but with AppSecEngineer's AWS Security courses, you can learn how to fix these problems. From Serverless apps to AWS S3 and Network Security to Secrets Management in the cloud, the Learning Path comprises comprehensive courses on securing your cloud-based applications.

Source for article
Abhay Bhargav

Abhay Bhargav

Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA. He loves golf (don't get him started).

Abhay Bhargav

Rajesh Kanumuru

Rajesh Kanumuru works at we45 as a Cloud Security Lead. Rajesh is a builder and breaker of Cloud applications. He has created some pioneering works in the area of Cloud Security. He is actively researching the effects of emerging technologies on cloud security. Since 2020, Rajesh has mostly been involved with research, development and building solutions around we45 and AppSecEngineer's training offerings. He consults with organizations to help them implement Cloud Security successfully. Rajesh has co-authored and trained a course on Purple Team AWS that was delivered by we45 at BlackHat USA. When AFK, he can be found on the cricket pitch.