Key AWS services

The AWS service that is essential to security is AWS Identity and Access Management, which allows you to securely control access to AWS services and resources for your users. The following services and features support the four areas of security:

Identity and access management:

AWS Identity and Access Management: Control users' access to and usage of AWS. Create and manage users and groups and grant or deny access. Implement strong authorization and authentication.
AWS IAM Identity Center: Centrally manage workforce access to multiple AWS accounts and applications
AWS Directory Service: Set up and run directories in AWS or connect your AWS resources with an existing Active Directory.
Amazon Cognito: Implement secure, frictionless customer identity and access management that scales.

Detection:

Amazon CloudWatch Logs: Observe and monitor resources and applications on AWS, on-premises, and on other clouds.
Amazon Detective: Investigate and analyze potential security issues or suspicious activities in their AWS environments.
Amazon GuardDuty: Protect your AWS accounts with intelligent threat detection.
Amazon Inspector: Automated and continual vulnerability management at scale.
AWS CloudTrail: Track user activity and API usage.
AWS Config: Assess, audit, and evaluate configurations of your resources.
AWS Security Hub: Automate AWS security checks and centralize security alerts.

Infrastructure protection:

AWS Key Management Service: Create and control keys used to encrypt or digitally sign your data
AWS WAF: Protect your web applications from common exploits

Data protection:

Amazon Macie: Discover and protect your sensitive data at scale
Amazon CloudFront: Distribute web content, including dynamic, static, streaming, and interactive content, to users
Application Load Balancer: Distribute incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses
AWS Config: Assess, audit, and evaluate configurations of your resources
AWS Systems Firewall: Deploy network firewall security across your VPCs
AWS Virtual Private Network: Define and launch AWS resources in a logically isolated virtual network

Incident response:

AWS Lambda: Run code without thinking about servers or clusters
AWS Audit Manager Continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards.
AWS Compliance Center: Research cloud-related regulatory requirements

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

SCSEC14-BP01 Implement comprehensive code and dependency integrity validation

Resources