Skip to content
@AWS-CSS-Portfolio

AWS-CSS-Portfolio

README.md

AWS Certified Security Specialty Portfolio

Welcome to my portfolio AWS Certified Security Specialty. Follow my lab hands-on journey preparation for the SCS-C02 exam.

Portfolio Overview

Repository Description
incident-response Automated incident response workflow in AWS using GuardDuty, EventBridge, Lambda and SNS.
logging-monitoring Centralized security monitoring with CloudTrail, CloudWatch, Athena & SNS for alerts and threat hunting.
infrastructure-security Zero Trust networking using VPC Security Groups, NACLs, ALB & WAF for layered defense-in-depth.
iam Secure cross-account access using IAM Roles with External IDs and guardrails enforced by SCPs.
data-protection End-to-end encryption with KMS, S3 and RDS; enforced key policies and TLS-only bucket access.
man-sec-governance AWS Config dashboard aggregating compliance status across accounts.
  • Click each repo name to view source code, documentation, diagrams and hands-on lab.

Topics Covered

  • Domain 1: Incident Response – Automating security responses; investigating and analyzing incidents & remediating compromised resources.
  • Domain 2: Logging and Monitoring – Built centralized monitoring with CloudTrail, CloudWatch and Athena. Enabled real-time alerts (SNS) and threat-hunting queries.
  • Domain 3: Infrastructure Security – Securing VPC, subnets and networking; Security group, NACL, firewall policies & Hybrid/cloud infrastructure security design.
  • Domain 4: Identity and Access Management – Built a cross-account IAM model where Dev users securely assume a role in the Security Account with External ID protection. Enforced organization-wide guardrails using Service Control Policies (SCPs) to block destructive actions and validated with AWS CLI testing of both allowed and denied operations.
  • Domain 5: Data Protection – Designed and validated encryption at rest & in transit using a KMS CMK, S3 default encryption + TLS-only policies and an RDS instance encrypted with the CMK. Verified compliance via CLI tests showing AccessDenied vs Success.
  • Domain 6: Management and Security Governance - Organization-wide governance enforced with Service Control Policies (SCPs). Prevented risky actions like S3 bucket deletions and ensured compliance across Dev/Prod accounts.

About Me

Built and maintained by Sebastian Silva C. Passionate about automation, defense-in-depth and real-world hands-on learning. CompTIA Security+, Network+, A+ and Azure AZ 900 certified.
Contact me on LinkedIn or sebastian@playbookvisualarts.com

Sebastian Silva C. - September 2025 - Berlin, Germany

Popular repositories Loading

  1. incident-response incident-response Public

    Automated Incident Response in AWS using GuardDuty, EventBridge, Lambda, and SNS to detect threats, quarantine compromised EC2 instances, and alert security teams. Built as part of AWS Certified Se…

  2. .github .github Public

  3. logging-monitoring logging-monitoring Public

    Centralized AWS security monitoring lab using CloudTrail, CloudWatch, and Athena to detect root account usage and unauthorized API calls. Includes saved queries, dashboards and threat-hunting examp…

  4. infrastructure-security infrastructure-security Public

    Zero Trust Networking with VPC Security + AWS WAF – AWS CSS (SCS-C02) Domain 3 Lab

  5. iam iam Public

    Secure cross-account access with IAM Roles + Service Control Policies (SCPs). Demonstrates Dev→Security account role assumption using External ID, enforced guardrails and proof of allowed/blocked a…

  6. data-protection data-protection Public

    AWS Certified Security Specialty (CSS) | Domain 5 – Data Protection lab: End-to-end encryption with KMS, S3 and RDS. Includes key policies, bucket policies, RDS config and CLI test proofs.

Repositories

Showing 7 of 7 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…