Content Domain 2: Security

Task 1: Implement authentication and/or authorization for applications and AWS services

Skill 2.1.1: Use an identity provider to implement federated access (for example, Amazon Cognito, IAM)
Skill 2.1.2: Secure applications by using bearer tokens
Skill 2.1.3: Configure programmatic access to AWS
Skill 2.1.4: Make authenticated calls to AWS services
Skill 2.1.5: Assume an IAM role
Skill 2.1.6: Define permissions for IAM principals
Skill 2.1.7: Implement application-level authorization for fine-grained access control
Skill 2.1.8: Handle cross-service authentication in microservice architectures

Skill 2.2.1: Define encryption at rest and in transit
Skill 2.2.2: Describe certificate management (for example, AWS Private CA)
Skill 2.2.3: Describe differences between client-side encryption and server-side encryption
Skill 2.2.4: Use encryption keys to encrypt or decrypt data
Skill 2.2.5: Generate certificates and SSH keys for development purposes
Skill 2.2.6: Use encryption across account boundaries
Skill 2.2.7: Enable and disable key rotation

Skill 2.3.1: Describe data classification (for example, personally identifiable information [PII], protected health information [PHI])
Skill 2.3.2: Encrypt environment variables that contain sensitive data
Skill 2.3.3: Use secret management services to secure sensitive data
Skill 2.3.4: Sanitize sensitive data
Skill 2.3.5: Implement application-level data masking and sanitization
Skill 2.3.6: Implement data access patterns for multi-tenant applications

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Content Domain 1: Development with AWS Services

Content Domain 3: Deployment