The KMS, Secrets Manager, Cognito, WAF, Shield, GuardDuty, Inspector, Macie, Detective, and Security Hub we covered this week are each independent services, but in real SAA exam questions and in production, two or more almost always collaborate inside a single architecture. Take a requirement that looks simple — "a mobile app user uploads an image to S3." Behind it, a Cognito User Pool (user authentication) + Identity Pool (STS Role) + S3 SSE-KMS (encryption at rest) + Macie (post-upload PII scan) + WAF (blocking malicious traffic) + GuardDuty (detecting abnormal access) all run at once.
In this article we'll work through every tool from this week by combining them at the scenario level