Appendix: AWS security, identity, and compliance services
Influence the future of the AWS Security Reference Architecture (AWS SRA) by taking a short survey |
For an introduction or a refresher, see Security, Identity, and Compliance on
AWS
Data protection – AWS provides services that help you protect your data, accounts, and workloads from unauthorized access.
-
Amazon Macie
– Discover, classify, and protect sensitive data with machine learning-powered security features. -
AWS KMS
– Create and control the keys used to encrypt your data. -
AWS CloudHSM
– Manage your hardware security modules (HSMs) in the AWS Cloud. -
AWS Certificate Manager
– Provision, manage, and deploy SSL/TLS certificates for use with AWS services. -
AWS Secrets Manager
– Rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle.
Identity & access management – AWS identity services enable you to securely manage identities, resources, and permissions at scale.
-
IAM
– Securely control access to AWS services and resources. -
IAM Identity Center
– Centrally manage SSO access to multiple AWS accounts and business applications. -
Amazon Cognito
– Add user sign-up, sign-in, and access control to your web and mobile applications. -
AWS Directory Service
– Use managed Microsoft Active Directory in the AWS Cloud. -
AWS Resource Access Manager
– Share AWS resources simply and securely. -
AWS Organizations
– Implement policy-based management for multiple AWS accounts. -
Amazon Verified Permissions
– Manage scalable, fine-grained permissions and authorization in your custom applications.
Network & application protection – These categories of services enable you to enforce fine-grained security policy at network control points across your organization. AWS services help you inspect and filter traffic to help prevent unauthorized resource access at the host-level, network-level, and application-level boundaries.
-
AWS Shield
– Safeguard your web applications that run on AWS with managed DDoS protection. -
AWS WAF
– Protect your web applications from common web exploits, and ensure availability and security. -
AWS Firewall Manager
– Configure and manage AWS WAF rules across AWS accounts and applications from a central location. -
AWS Systems Manager
– Configure and manage Amazon EC2 and on-premises systems to apply OS patches, create secure system images, and configure secure operating systems. -
Amazon VPC
– Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define. -
AWS Network Firewall
– Deploy essential network protections for your VPCs. -
Amazon Route 53 DNS Firewall – Protect your outbound DNS requests from your VPCs.
-
AWS Verified Access
– Provide secure access to your applications without requiring virtual private networks (VPNs). -
Amazon VPC Lattice
– Simplify service-to-service connectivity, security, and monitoring.
Threat detection & continuous monitoring – AWS monitoring and detection services provide guidance to help identify potential security incidents within your AWS environment.
-
AWS Security Hub
– View and manage security alerts and automate compliance checks from a central location. -
Amazon GuardDuty
– Protect your AWS accounts and workloads with intelligent threat detection and continuous monitoring. -
Amazon Inspector
– Automate security assessments to help improve the security and compliance of your applications that are deployed on AWS. -
AWS Config
– Record and evaluate the configurations of your AWS resources to enable compliance auditing, resource change tracking, and security analysis. -
AWS Config Rules – Create rules that automatically take action in response to changes in your environment, such as isolating resources, enriching events with additional data, or restoring configuration to a known good state.
-
AWS CloudTrail
– Track user activity and API usage to enable governance and operational and risk auditing of your AWS account. -
Amazon Detective
– Analyze and visualize security data to rapidly get to the root cause of potential security issues. -
AWS Lambda
– Run code without provisioning or managing servers so you can scale your programmed, automated response to incidents.
Compliance & data privacy – AWS gives you a comprehensive view of your compliance status and continuously monitors your environment by using automated compliance checks based on the AWS best practices and industry standards your business follows.
-
AWS Artifact
– Use a no-cost, self-service portal to get on-demand access to AWS security and compliance reports and select online agreements. -
AWS Audit Manager
– Continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards.