Resources

AWS documentation

• AWS Security Reference Architecture (AWS SRA)

• AWS CAF security perspective

• Best Practices for security, identity, and compliance

• Automated Security Response on AWS (AWS Solution)

  • Solution landing page

  • Implementation guide

AWS blog posts

• Identity Guide – Preventive controls with AWS Identity – SCPs

• How to implement a read-only service control policy (SCP) for accounts in AWS Organizations

• Best Practices for AWS Organizations Service Control Policies in a Multi-Account Environment

• Maintain compliance using Service Control Policies and ensure they are always applied

• When and where to use IAM permissions boundaries

• Proactively keep resources secure and compliant with AWS CloudFormation hooks

Other resources

• Cloud Controls Matrix (CCM) (Cloud Security Alliance)

• Example permissions boundaries (GitHub)