Select Course🌐Language0PricingLogin
AWS Security Academy icon

AWS Security Academy

Prepare for the AWS Certified Security – Specialty (SCS-C02) exam — IAM, KMS, GuardDuty, VPC security, logging, data protection, and incident response across all six exam domains.

🤖 AI-Powered📚 30 courses👥 100,000+ learners⭐ 4.9 rating
Start Learning →Explore Curriculum ↓
Course Overview

Master AWS Security and Pass SCS-C02

Cloud security is one of the highest-paid, most in-demand skills in tech, and the AWS Certified Security – Specialty (SCS-C02) is the credential that proves it. This track teaches you how to secure real AWS environments — identity, encryption, network defense, logging, and incident response — and maps every topic to the six official exam domains. You start from the fundamentals and build to the scenario-style judgement the exam actually tests.

What You Will Learn

You will master Identity and Access Management end to end — users, roles, the policy evaluation logic, STS, permission boundaries, Organizations and SCPs, and federation. You will protect data with KMS envelope encryption and encryption at rest and in transit, harden networks with security groups, NACLs, WAF, Shield, and Network Firewall, and gain full visibility with CloudTrail, CloudWatch, VPC Flow Logs, Config, and Athena. Threat detection with GuardDuty, Security Hub, and Detective, automated remediation with EventBridge, and multi-account governance round out a complete, exam-ready picture.

The Learning Path

Thirty courses progress from A1 to B2. You begin with AWS Security Foundations and Threat Detection with Amazon GuardDuty, build core skill through Auditing API Activity with CloudTrail, Designing a Secure VPC, and Security Groups versus Network ACLs, then go deep on identity with IAM Policies and Evaluation Logic, Temporary Credentials with STS, and Boundaries, Organizations, and SCPs, and finish with Encryption Keys with AWS KMS and Exam Prep: Putting Security Together.

How It Works

Each course is broken into short, focused lessons with clear explanations, real AWS CLI and policy examples, and a quick quiz that mirrors the exam's scenario style. Service acronyms are defined the first time they appear, and an AI tutor is available whenever a concept needs another pass — so you build real judgement, not just memorized service names.

Start Learning →
Tools

Explore Course Tools

Supercharge your learning with AI-powered tools and features

💬
AI Chat
Chat with AI tutor
🧠
Ask Super QuestionPRO
Get expert-level answers
📝
Create LessonPRO
AI-powered lesson builder
🏆
Start Certification ExamPRO
Earn your certificate
🎯
Start Challenge
Test your skills

How You'll Learn

🎯
Interactive Lessons
Hands-on coding exercises with real-time feedback
🤖
AI Tutor
Get instant help from our AI when you're stuck
💻
Built-in Editor
Write and run code directly in your browser
🏆
Certificate
Earn a certificate when you complete the course
Curriculum

30 Courses

Every course in the AWS Security Academy learning path.

01

AWS Security Foundations

A14 lessons

Start your journey to the Security Specialty certification. Learn how AWS thinks about security and the core ideas that every other topic b…

  • What Cloud Security Means on AWS
  • The AWS Shared Responsibility Model
  • Security Pillars of the Well-Architected Framework
  • +1 more
02

Getting Around the AWS Console and CLI

A14 lessons

Build comfort with the everyday tools you will use to inspect and secure an account. No prior AWS experience required.

  • Navigating the AWS Management Console
  • Regions, Availability Zones, and Edge Locations
  • Reading AWS CLI Commands Conceptually
  • +1 more
03

Threat Detection with Amazon GuardDuty

A24 lessonsPRO

Discover how AWS spots malicious activity automatically. Learn what GuardDuty watches and how its findings drive a response.

  • What GuardDuty Detects and Why
  • GuardDuty Data Sources and Finding Types
  • Reading and Prioritizing GuardDuty Findings
  • +1 more
04

Centralizing Alerts with AWS Security Hub

A24 lessonsPRO

Pull every security signal into one place. Learn how Security Hub aggregates findings and measures your account against best practices.

  • What Security Hub Aggregates
  • Security Standards and Compliance Scores
  • The ASFF Finding Format
  • +1 more
05

Investigating with Amazon Detective

A24 lessonsPRO

Go from an alert to a root cause. Learn how Detective builds a visual map of activity to speed up security investigations.

  • How Detective Builds a Behavior Graph
  • Pivoting from a GuardDuty Finding
  • Analyzing Entities and Time Windows
  • +1 more
06

Incident Response Playbooks

A24 lessonsPRO

Be ready before an incident strikes. Learn how to plan, structure, and rehearse responses to security events on AWS.

  • The Incident Response Lifecycle on AWS
  • Building Runbooks for Common Events
  • Isolating a Resource for Forensics
  • +1 more
07

Responding to Compromised Credentials and Instances

A24 lessonsPRO

Act fast when something is breached. Learn to detect, contain, and recover from both leaked access keys and hacked EC2 workloads.

  • Signs of Leaked Access Keys
  • Revoking and Rotating Exposed Secrets
  • Quarantining a Compromised EC2 Instance
  • +1 more
08

Securing S3 and Discovering Sensitive Data

A24 lessonsPRO

Stop the most common cloud breach. Learn to lock down S3 buckets and use Macie to find sensitive data hiding in your storage.

  • Block Public Access and Bucket Policies
  • Access Points and Object Ownership
  • Finding Sensitive Data with Amazon Macie
  • +1 more
09

Automated Remediation with EventBridge

A24 lessonsPRO

Let the cloud respond for you. Learn how events trigger automatic actions to contain threats in seconds, not hours.

  • How EventBridge Routes Security Events
  • Matching Findings with Event Patterns
  • Triggering Lambda for Auto-Remediation
  • +1 more
10

Auditing API Activity with CloudTrail

A24 lessonsPRO

Know who did what, when, and from where. Learn how CloudTrail records every API call as your account's audit trail.

  • What CloudTrail Records
  • Management, Data, and Insight Events
  • Organization Trails Across Accounts
  • +1 more
11

Monitoring with CloudWatch Logs and Alarms

B14 lessonsPRO

Turn raw telemetry into alerts. Learn how CloudWatch collects logs and metrics and warns you when something looks wrong.

  • Collecting Logs into CloudWatch
  • Metric Filters for Security Events
  • Creating Alarms and Notifications
  • +1 more
12

Network Visibility with VPC Flow Logs

B14 lessonsPRO

See the traffic moving through your network. Learn how Flow Logs capture connections for security analysis and troubleshooting.

  • What VPC Flow Logs Capture
  • Reading Flow Log Records and Fields
  • Flow Logs at VPC, Subnet, and ENI Levels
  • +1 more
13

Tracking Configuration with AWS Config

B14 lessonsPRO

Watch how your resources change over time. Learn how Config records configuration history and flags drift from your rules.

  • How AWS Config Records Resource State
  • Viewing Configuration Timeline History
  • Managed and Custom Config Rules
  • +1 more
14

Analyzing Logs at Scale with Athena

B14 lessonsPRO

Query mountains of logs with plain queries. Learn how Athena turns CloudTrail and Flow Logs in S3 into searchable evidence.

  • Querying S3 Logs with Athena
  • Building Tables Over CloudTrail Data
  • Investigating Incidents with SQL Queries
  • +1 more
15

Protecting Log Integrity

B14 lessonsPRO

Make sure your evidence holds up. Learn how to keep logs tamper-proof so attackers cannot cover their tracks.

  • Why Log Tampering Is a Threat
  • CloudTrail Log File Validation
  • Locking Down Log Storage Buckets
  • +1 more
16

Designing a Secure VPC

B14 lessonsPRO

Lay a safe foundation for every workload. Learn how to segment a Virtual Private Cloud so traffic flows only where it should.

  • Public and Private Subnet Design
  • Internet, NAT, and Egress Gateways
  • Route Tables as Security Controls
  • +1 more
17

Security Groups versus Network ACLs

B14 lessonsPRO

Master the two firewalls inside a VPC. Learn exactly how security groups and NACLs differ and when to reach for each.

  • How Security Groups Filter Traffic
  • How Network ACLs Filter Subnets
  • Stateful versus Stateless Behavior
  • +1 more
18

Web Application Defense with AWS WAF

B14 lessonsPRO

Stop attacks before they reach your app. Learn how WAF inspects web requests and blocks the common threats targeting them.

  • How AWS WAF Inspects Requests
  • Rules, Rule Groups, and Web ACLs
  • Managed Rules and Rate Limiting
  • +1 more
19

DDoS Protection with AWS Shield

B14 lessonsPRO

Stay online under attack. Learn how Shield defends against denial-of-service floods at the network and application layers.

  • Understanding DDoS Attacks on AWS
  • Shield Standard versus Shield Advanced
  • The DDoS Response Team and Cost Protection
  • +1 more
20

Edge Security and Network Firewall

B14 lessonsPRO

Filter traffic deep and wide. Learn how AWS Network Firewall and edge defenses add inspection across your whole VPC.

  • What AWS Network Firewall Provides
  • Stateful Rule Groups and Suricata Rules
  • Domain Filtering and Egress Control
  • +1 more
21

Secure Administrative Access with SSM

B24 lessonsPRO

Retire risky bastion hosts. Learn how Systems Manager Session Manager grants shell access without open ports or SSH keys.

  • Why Bastion Hosts Add Risk
  • Session Manager Without Open Ports
  • Auditing and Logging Admin Sessions
  • +1 more
22

IAM Users, Groups, and Roles

B24 lessonsPRO

Master the heart of AWS access control. Learn the identities that act in your account and how roles enable secure delegation.

  • Comparing IAM Users and Groups
  • What an IAM Role Really Is
  • Trust Policies and Who Can Assume
  • +1 more
23

IAM Policies and Evaluation Logic

B24 lessonsPRO

Learn exactly how AWS decides yes or no. Master the policy types and the evaluation order that grants or denies every request.

  • Anatomy of an IAM Policy Document
  • Identity-Based versus Resource-Based Policies
  • The Policy Evaluation Decision Flow
  • +1 more
24

Temporary Credentials with STS

B24 lessonsPRO

Trade long-term keys for short-lived ones. Learn how STS issues temporary credentials through role assumption and federation.

  • How STS Issues Temporary Credentials
  • AssumeRole and the Session Lifetime
  • External ID and the Confused Deputy
  • +1 more
25

Boundaries, Organizations, and SCPs

B24 lessonsPRO

Set the ceiling on what any access can grant. Learn how permission boundaries and Service Control Policies cap permissions across one accou…

  • What a Permission Boundary Limits
  • Delegating Role Creation Safely
  • Organizations, OUs, and SCP Strategy
  • +1 more
26

Federation and Cross-Account Access

B24 lessonsPRO

Let the right people and accounts reach AWS safely. Learn how Identity Center, federation, and cross-account roles share access without sha…

  • Single Sign-On with IAM Identity Center
  • SAML, OIDC, and Web Identity Federation
  • Cross-Account Roles and Resource Policies
  • +1 more
27

Multi-Account Governance and Compliance

B24 lessonsPRO

Govern security at company scale. Learn how Control Tower, Config conformance packs, and Trusted Advisor keep many accounts compliant.

  • Landing Zones with AWS Control Tower
  • Conformance Packs of Config Rules
  • Trusted Advisor Security Checks
  • +1 more
28

Encryption Keys with AWS KMS

B24 lessonsPRO

Hold the keys to your data. Learn how the Key Management Service creates and controls the keys behind AWS encryption, and who is allowed to…

  • What KMS Keys Are and Do
  • Symmetric, Asymmetric, and Multi-Region Keys
  • Key Policies, Grants, and Conditions
  • +1 more
29

Encrypting Data at Rest and in Transit

B24 lessonsPRO

Protect data wherever it lives or travels. Learn how AWS storage encrypts at rest, how ACM secures connections, and how Secrets Manager gua…

  • Encrypting S3, EBS, and RDS at Rest
  • Enforcing Default Encryption Everywhere
  • TLS Certificates with AWS Certificate Manager
  • +1 more
30

Exam Prep: Putting Security Together

B24 lessonsPRO

Pull every domain into one confident strategy. Review the connections across the SCS-C02 exam and learn how to read its scenario questions.

  • Connecting the Six Exam Domains
  • Designing Layered Defense Scenarios
  • Decoding Tricky Scenario Questions
  • +1 more
FAQ

Frequently Asked Questions

Is the AWS Security Academy course free?

Yes. You can start the AWS Security Academy course for free and complete its interactive lessons at no cost. An optional PRO subscription unlocks advanced AI tools and a shareable certificate.

Do I need prior experience to learn ENGLISH?

No. The course begins with the fundamentals and gradually moves to more advanced topics, so you can start even with no prior ENGLISH experience.

How will I learn ENGLISH on CoddyKit?

You learn by doing. Short interactive lessons pair a clear explanation with a hands-on coding exercise that runs in real time, and a 24/7 AI tutor gives personalized help whenever you get stuck.

Do I get a certificate for completing AWS Security Academy?

Yes. PRO learners can take an exam and earn a shareable certificate of completion with a verifiable code for the AWS Security Academy course.

Can I learn ENGLISH on my phone?

Yes. CoddyKit is available on the web and as native iOS and Android apps, so you can learn ENGLISH on any device and your progress syncs across them.

Start AWS Security Academy Now

Join thousands of learners mastering programming with AI-powered lessons.

Get Started Free →Browse All Courses