The AWS Security Checklist
As companies continue to invest in cloud transformation, the attack surface and exposure to new threats and unexplored risks can highlight gaps in knowledge and erode the confidence in workloads running in production. This course highlights key areas of interest for security professionals, cloud engineers, and software developers, by providing a checklist of security best practices and personal recommendations, which can be leveraged to improve security posture while operating in the AWS cloud.
- Format
- Self-paced
- Lessons
- 4 lessons
- Updated
- 8 Apr 2025
Lessons
Introduction
This unofficial AWS course consists of a checklist of security controls and opinions on best practices, which you can put in place to reduce the risk of running production workloads in AWS.
Open lessonAccess to the root user account equates to the keys to the kingdom, the root user has unrestricted access to every service and resources within the AWS account.
Open lessonDo not use IAM Users
Unless there is an external dependency that relies on IAM Users and long lived credentials, do everything in your power to move away from their use.
Open lessonNo public S3 Buckets
It's important to understand how to keep your data secure when leveraging the Amazon S3 service, and one way to reduce the risk is to remove public access altogether for data stored in an S3 Bucket.
Open lesson