# Resources
<a name="resources"></a>

## AWS documentation
<a name="resources-aws-documentation"></a>
+ [AWS Security Reference Architecture (AWS SRA)](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/)
+ [AWS CAF security perspective ](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/aws-caf-security-perspective.html)
+ [Best Practices for security, identity, and compliance](https://aws.amazon.com/architecture/security-identity-compliance/)
+ Automated Security Response on AWS (AWS Solution)
  + [Solution landing page](https://aws.amazon.com/solutions/implementations/automated-security-response-on-aws/)
  + [Implementation guide](https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/welcome.html)

## AWS blog posts
<a name="resources-aws-blog"></a>
+ [Identity Guide – Preventive controls with AWS Identity – SCPs](https://aws.amazon.com/blogs/mt/identity-guide-preventive-controls-with-aws-identity-scps)
+ [How to implement a read-only service control policy (SCP) for accounts in AWS Organizations](https://aws.amazon.com/blogs/mt/implement-read-only-service-control-policy-in-aws-organizations/)
+ [Best Practices for AWS Organizations Service Control Policies in a Multi-Account Environment](https://aws.amazon.com/blogs/industries/best-practices-for-aws-organizations-service-control-policies-in-a-multi-account-environment/)
+ [Maintain compliance using Service Control Policies and ensure they are always applied](https://aws.amazon.com/blogs/mt/maintain-compliance-using-service-control-policies-and-ensure-they-are-always-applied/)
+ [When and where to use IAM permissions boundaries](https://aws.amazon.com/blogs/security/when-and-where-to-use-iam-permissions-boundaries/)
+ [Proactively keep resources secure and compliant with AWS CloudFormation hooks](https://aws.amazon.com/blogs/mt/proactively-keep-resources-secure-and-compliant-with-aws-cloudformation-hooks/)

## Other resources
<a name="resources-other"></a>
+ [Cloud Controls Matrix (CCM)](https://cloudsecurityalliance.org/research/cloud-controls-matrix/) (Cloud Security Alliance)
+ [Example permissions boundaries](https://github.com/aws-samples/example-permissions-boundary) (GitHub)