Back to roadmap
AWS cloud security

AWS Security Study Plan

A role-agnostic AWS security roadmap for AWS Security Analysts, Researchers, Engineers, Cloud Security Operations experts, and Cloud Security Managers.

Use this after Common Security Skills. Cover as much as possible, close each checklist item, and strengthen both job readiness and interview readiness.

Total duration

10-14 weeks

Depends on depth and lab time.

AWS FundamentalsAWS Native Security Core SkillsAWS Security WhitepapersCheck Your AWS Pentesting SkillsCheck Your Knowledge Against Security Benchmarks and FrameworksAWS Security Videos and CoursesAWS Security Interview QuestionsPeople to Follow on Twitter

Section 1

AWS Fundamentals

2-3 weeks

Learn IAM deeply first, then study core AWS services with a security mindset: purpose, least privilege, logging, monitoring, encryption, and misconfiguration risk.

Week 1: IAM Deep Dive

IAM is one of the most important AWS security skills. Understand functionality, policies, permission design, and why each access pattern exists.

Understand IAM policy in 60 minutesYouTubeUnderstand IAM permissionsBusiness Use Cases for IAMSecurity in IAM and STSIAM Access Analyzer
User, group, roles, when to use each, and why this over that.
Custom policy vs AWS managed policy.
Cross-account IAM policy across roles, services, and accounts.
Read IAM policy with a security mindset: why this, why not this.
Service Control PolicySecurity Best Practices in IAM

Week 2-3: Core Services

For each AWS service, learn business purpose, security best practices, least privilege, misconfiguration risk, multi-tier or multi-region needs, encryption, logging, monitoring, and service-specific controls.

Amazon S3
AWS KMS
VPC
Lambda
AWS EKS and ECS
Amazon RDS

Section 2

AWS Native Security Core Skills

4-6 weeks

Build AWS core service security skill plus hands-on knowledge of native AWS security services.

Week 4-6: Core Services Security

IAM, super important.
EC2
S3
VPC, often one of the hardest areas.
RDS
API Gateway
Lambda
ECS and EKS

Week 7-9: Security Services Hands-on

IAM Access Analyzer
S3 Bucket Policy
Security Group and NACL
CloudTrail
Config
GuardDuty
Inspector
Macie
Security Hub
WAF and ShieldOptional unless job needs it
AWS KMS
Secrets Manager
Cognito

Section 3

AWS Security Whitepapers

2 weeks

Read key AWS security whitepapers and analyze how each paper maps to architecture, compliance, incident response, and service-level security.

Week 10-11: Reading and Analysis

AWS Security Learning whitepapers indexAWS OverviewImportant overviewIntroduction to AWS Security WhitepaperAWS Well-Architected Security PillarIntroduction to Security By DesignAWS Well-Architected FrameworkAWS Risk And Compliance WhitepaperAWS Security ChecklistAWS HIPAA Compliance WhitepaperAWS Cloud Adoption FrameworkAWS Auditing Security ChecklistAWS CIS Foundation BenchmarkAWS Security Incident ResponseOverview of AWS Lambda SecurityAWS KMS Best PracticesEncrypting File Data with Amazon Elastic File SystemSecurity of AWS CloudHSM backupsSecurity overview of AWS LambdaNIST Cybersecurity Framework in the AWS cloudNIST 800-144 Security and Privacy in Public Cloud ComputingSecurity at the Edge: Core PrinciplesAWS KMS Best PracticesSecurity Overview of AWS Fargate

Section 5

Check Your Knowledge Against Security Benchmarks and Frameworks

Validate AWS security knowledge against common benchmarks and frameworks.

AWS CIS Benchmark
CSA Cloud Controls Matrix and STAR Framework
NIST CSF for AWS
ISO 27017

Section 6

AWS Security Videos and Courses

Use curated AWS security resources for deeper books, videos, courses, and tooling references.

Awesome AWS Security