AWS Certified Solutions Architect Associate (SAA-C03): Securing and Monitoring Workloads
Field | Description / Template |
|---|---|
Purpose | This course equips learners with the knowledge and skills to secure, monitor, and govern AWS workloads effectively. It focuses on implementing security best practices, monitoring infrastructure and applications, ensuring compliance, and managing multi-account environments. The course prepares learners to design secure and observable systems while aligning with the SAA-C03 certification requirements. |
Audience | AWS certification aspirants, cloud engineers, security engineers, DevOps professionals, and system administrators responsible for securing and monitoring AWS environments. |
Role | Solutions Architect, Cloud Engineer, Security Engineer, DevOps Engineer, System Administrator. |
Domain | Cloud Computing, Cloud Security, Monitoring & Observability |
Skill Level | Intermediate |
Style | Hands-on, demo-driven learning with real-world security scenarios, monitoring setups, and governance practices. |
Duration | 15–22 hours |
Related Technologies | Amazon CloudWatch, AWS CloudTrail, AWS Config, AWS Organizations, AWS Control Tower, AWS KMS, AWS Secrets Manager, AWS Shield, AWS WAF, Amazon GuardDuty, Amazon Inspector, AWS Security Hub, AWS Cost Explorer |
Course Description
This course focuses on securing and monitoring AWS workloads using industry best practices and AWS-native tools. Learners will begin with monitoring services like Amazon CloudWatch, including logs, metrics, alarms, and insights for observability.
The course explores logging and monitoring solutions such as Amazon Managed Service for Prometheus and Amazon Managed Grafana. Learners will also understand multi-account management using AWS Organizations, Control Tower, and resource sharing mechanisms.
Security and governance are covered in depth, including auditing and compliance using AWS CloudTrail, AWS Config, and AWS Audit Manager. Learners will explore threat detection services like Amazon GuardDuty, Inspector, and Macie.
Additionally, the course covers infrastructure and application security using AWS KMS, Secrets Manager, and Certificate Manager. Network security concepts such as AWS Shield, WAF, and Firewall Manager are also included. Cost monitoring and governance tools are introduced to manage budgets and optimize spending.
Through hands-on demos and real-world scenarios, learners will gain the expertise needed to secure and monitor AWS environments while preparing for the AWS Certified Solutions Architect – Associate (SAA-C03) exam.
Who is this course for
AWS certification aspirants (Solutions Architect Associate)
Cloud and security engineers
DevOps engineers managing infrastructure security
System administrators responsible for monitoring and governance
Professionals implementing cloud security best practices
Course Objectives
By the end of this course, learners will be able to:
Monitor AWS workloads using CloudWatch metrics, logs, and alarms
Implement logging and observability solutions
Manage multi-account environments using AWS Organizations
Implement governance and compliance using CloudTrail and AWS Config
Secure infrastructure using KMS, Secrets Manager, and ACM
Protect applications using AWS WAF, Shield, and Firewall Manager
Detect threats using GuardDuty, Inspector, and Security Hub
Monitor and control costs using AWS budgeting tools
Apply security best practices for cloud architectures
Prepare effectively for the SAA-C03 certification exam
Prerequisites
Basic understanding of AWS core services (EC2, S3, VPC)
Familiarity with cloud security fundamentals
Completion of SAA-C03 foundational modules (recommended)
Basic knowledge of networking and system administration
Course outline
Section 1: Amazon CloudWatch
Amazon CloudWatch Overview
Amazon CloudWatch Logs
Custom Logging with the CloudWatch Logs Agent
Amazon CloudWatch Metrics
Demo: Capture Logs and Metrics in Amazon CloudWatch
Amazon CloudWatch Alarms
Demo: Trigger Actions Using Amazon CloudWatch Alarms
Amazon CloudWatch Insights
Module Summary and Exam Tips
Section 2: Miscellaneous Logging and Monitoring Services
Amazon Managed Service for Prometheus
Amazon Managed Grafana
Module Summary and Exam Tips
Section 3: AWS Organizations and Multi-account Architectures
Multi-account Architectures Introduction
AWS Organizations Overview
Important AWS Organizations Features
AWS Organizations Service Control Policies (SCPs)
Demo: Creating an Organization
AWS Control Tower Overview
AWS Resource Access Manager (RAM)
Demo: Sharing Organizational Resources with AWS RAM
Module Summary and Exam Tips
Section 4: Account Security and Governance
AWS CloudTrail Overview
CloudTrail Trails
Demo: Creating an AWS CloudTrail Trail
AWS Config Overview
AWS Config Rules and Remediations
Demo: Recording Resource Compliance with AWS Config
AWS Trusted Advisor
Amazon Inspector
Amazon GuardDuty
Amazon Macie
AWS Security Hub
AWS Audit Manager
AWS Artifact
Module Summary and Exam Tips
Section 5: Infrastructure and Application Security
AWS Certificate Manager (ACM) Overview
ACM Public TLS Certs
Demo: Issuing a Public TLS Cert with ACM
AWS Key Management Service (AWS KMS) Overview
AWS KMS Keys
AWS KMS Key Policies
AWS KMS Multi-region Keys
AWS CloudHSM
Demo: Encrypting Data with AWS KMS Keys
AWS Secrets Manager
Demo: Managing Secrets Using AWS Secrets Manager
Module Summary and Exam Tips
Section 6: Network Security
AWS Shield and Shield Advanced
AWS Web Application Firewall (WAF)
Demo: Protecting Resources with AWS WAF
AWS Network Firewall
AWS Firewall Manager
Module Summary and Exam Tips
Section 7: Cost and Budgeting Services
AWS Cost Explorer
AWS Budgets
Demo: Creating an AWS Budget
AWS Cost and Usage Reports (CUR)
AWS Cost Anomaly Detection
AWS License Manager
Module Summary and Exam Tips