Architecture diagrams in AWS Quest: Security

As I recently completed all 24 practice labs and DIY assignments from AWS Cloud Quest: Security, I wanted to save all architecture diagrams from the quest so I could refer to them along my cloud security journey.

INTRODUCTION:

As said on Amazon Web Services Training and Certification Credly page for this badge: "Earners of this badge have demonstrated efficient use of AWS security services to build solutions. Badge earners have acquired hands-on experience deploying solutions that respond to incidents, remediate quickly, detect vulnerabilities and prevent data loss".
 
There is available 7-day free trial for Skill Builder, making it ~4 Security Quest labs a day to finish everything during this trial period. Otherwise, monthly subscription was in my case $34.76 taxes included.
 
Related to obtaining this badge, Credly provides insights such as top job titles and top skills:
 

ARCHITECTURE DIAGRAMS:

01 Cloud Computing Essentials

Key services: Amazon S3

 
02 Cloud First Steps

Key services: Amazon EC2

 
03 Computing Solutions

Key services: Amazon EC2

 
04 Networking Concepts

Key services: Amazon EC2, Amazon VPC

 
05 Serverless Foundations

Key services: AWS Lambda

 
06 Connecting VPCs

Key services: Amazon VPC, Amazon EC2

 
07 Core Security Concepts

Key services: AWS Identity and Access Management (IAM), Amazon Relational Database Service (RDS), Amazon EC2

 
08 Identity and Access Management

Key services: Amazon EC2, AWS Identity and Access Management (IAM), Amazon S3

 
09 Security Policies

Key services: Amazon S3, Amazon EC2, AWS Identity and Access Management (IAM)

 
10 Lambda Security

Key services: AWS Lambda, Amazon VPC, AWS Secrets Manager

 
11 Compliance Enforcement

Key services: AWS Systems Manager, AWS Config

 
12 Securing APIs

Key services: Amazon Cognito, Amazon API Gateway, AWS Lambda, AWS Identity and Access Management

 
13 S3 Security

Key services: Amazon S3

 
14 Playing with Encryption

Key services: AWS Key Management Service (KMS), Amazon EC2

 
15 Incident Response

Key services: Amazon SNS, Amazon CloudWatch, AWS Systems Manager, AWS Lambda

 
16 Infrastructure as Code

Key services: Amazon EventBridge, Amazon CloudWatch, AWS Lambda, AWS CloudFormation

 
17 Securing Your Servers

Key services: Amazon EC2, Amazon DynamoDB, AWS Lambda, AWS Identity and Access Management (IAM), Amazon S3

 
18 Serverless Authentication

Key services: AWS Serverless Application Model (SAM), Amazon Cognito, Amazon DynamoDB, AWS Amplify, AWS Lambda

 
19 Secrets Management

Key services: AWS Secrets Manager, AWS Lambda, Amazon Relational Database Service (RDS)

 
20 Protecting Data at Rest

Key services: AWS Key Management Service (KMS), Amazon EC2

 
21 Application Logs

Key services: AWS Glue, Amazon Athena, Amazon Kinesis

 
22 Secure Self-Service Infrastructure

Key services: AWS Service Catalog, AWS CloudFormation

 
23 Securing a Three-Tiered Architecture

Key services: Amazon VPC, Amazon EC2 Auto Scaling, Amazon EC2, Amazon Relational Database Service (RDS)

 
24 Edge Protection

Key services: Amazon CloudFront, AWS WAF

 

CONCLUSION:

I would recommend going for this badge as a way to improve hands-on skills in a sandboxed environment and stay current with key AWS services. AWS Security Specialty certification is currently based on multiple-choice/multiple-response questions with no simulations or any other hands-on proficiency requirement. To my knowledge, so far only AWS Certified SysOps Administrator Associate exam has had labs, but as of March 28th 2023 that is stopped until further notice.
 
In an updated version of this Quest, or as an addition, it would be beneficial to see labs showcasing use of: Security Hub, Certificate Manager, CloudHSM, Inspector, Detective, GuardDuty, Identity Center, Control Tower, Trusted Advisor, IAM policy simulator, Third-party integrations e.g. firewall, Macie.
 
Until next post, thanks for reading!