Learn about IAM, KMS, WAF, Shield and other AWS security services.
12 posts
Learn how to centrally manage WAF, Shield Advanced, and Security Groups across multiple accounts with AWS Firewall Manager.
Learn how to configure SSO for multiple AWS accounts and business apps with AWS IAM Identity Center and centrally manage permissions.
Compare AWS Identity Federation methods including SAML 2.0, OIDC, and Cognito, and learn optimal selection criteria for each scenario.
Learn how to block web attacks with AWS WAF and defend against DDoS with Shield, including architecture design patterns.
Learn how to manage multi-account environments with AWS Organizations and set security guardrails with SCPs (Service Control Policies).
Learn how to issue free SSL/TLS certificates with AWS Certificate Manager and apply them to ALB and CloudFront. Essential concepts for SAA-C03 exam.
IAM roles use temporary credentials; IAM users use long-term credentials. Learn why roles are required for EC2 and Lambda accessing S3, and how to choose correctly for SAA-C03.
Learn the differences between KMS key types (Customer Managed, AWS Managed, AWS Owned), how to write key policies, and their relationship with IAM policies.
Compare AWS S3 server-side encryption options (SSE-S3, SSE-KMS, DSSE-KMS, SSE-C) and client-side encryption. Learn selection criteria for different scenarios.
Compare AWS Secrets Manager and Parameter Store differences, costs, and features. Learn selection criteria for this SAA-C03 exam must-know topic.
Master AWS IAM fundamentals - users, groups, roles, and policies. Learn the principle of least privilege and security best practices for SAA-C03 exam.
IAM policies are evaluated in order: Explicit Deny > Explicit Allow > Implicit Deny. Learn JSON policy writing, permissions boundaries, and SCP essentials for SAA-C03.