Appendix: AWS security, identity, and compliance services - AWS Prescriptive Guidance

Appendix: AWS security, identity, and compliance services

Influence the future of the AWS Security Reference Architecture (AWS SRA) by taking a short survey.

For an introduction or a refresher, see Security, Identity, and Compliance on AWS on the AWS website for a list of the AWS services that help you secure your workloads and applications in the cloud. These services are grouped into five categories: data protection, identity & access management, network & application protection, threat detection & continuous monitoring, and compliance & data privacy.

Data protection – AWS provides services that help you protect your data, accounts, and workloads from unauthorized access.

  • Amazon Macie – Discover, classify, and protect sensitive data with machine learning-powered security features.

  • AWS KMS – Create and control the keys used to encrypt your data.

  • AWS CloudHSM – Manage your hardware security modules (HSMs) in the AWS Cloud.

  • AWS Certificate Manager – Provision, manage, and deploy SSL/TLS certificates for use with AWS services.

  • AWS Secrets Manager – Rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle. 

Identity & access management – AWS identity services enable you to securely manage identities, resources, and permissions at scale.

Network & application protection – These categories of services enable you to enforce fine-grained security policy at network control points across your organization. AWS services help you inspect and filter traffic to help prevent unauthorized resource access at the host-level, network-level, and application-level boundaries.

  • AWS Shield – Safeguard your web applications that run on AWS with managed DDoS protection.

  • AWS WAF – Protect your web applications from common web exploits, and ensure availability and security.

  • AWS Firewall Manager – Configure and manage AWS WAF rules across AWS accounts and applications from a central location.

  • AWS Systems Manager – Configure and manage Amazon EC2 and on-premises systems to apply OS patches, create secure system images, and configure secure operating systems.

  • Amazon VPC – Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define.

  • AWS Network Firewall – Deploy essential network protections for your VPCs.

  • Amazon Route 53 DNS Firewall – Protect your outbound DNS requests from your VPCs. 

  • AWS Verified Access – Provide secure access to your applications without requiring virtual private networks (VPNs).

  • Amazon VPC Lattice – Simplify service-to-service connectivity, security, and monitoring.

Threat detection & continuous monitoring – AWS monitoring and detection services provide guidance to help identify potential security incidents within your AWS environment.

  • AWS Security Hub – View and manage security alerts and automate compliance checks from a central location.

  • Amazon GuardDuty – Protect your AWS accounts and workloads with intelligent threat detection and continuous monitoring.

  • Amazon Inspector – Automate security assessments to help improve the security and compliance of your applications that are deployed on AWS.

  • AWS Config – Record and evaluate the configurations of your AWS resources to enable compliance auditing, resource change tracking, and security analysis.

  • AWS Config Rules – Create rules that automatically take action in response to changes in your environment, such as isolating resources, enriching events with additional data, or restoring configuration to a known good state.

  • AWS CloudTrail – Track user activity and API usage to enable governance and operational and risk auditing of your AWS account.

  • Amazon Detective – Analyze and visualize security data to rapidly get to the root cause of potential security issues.

  • AWS Lambda – Run code without provisioning or managing servers so you can scale your programmed, automated response to incidents. 

Compliance & data privacy – AWS gives you a comprehensive view of your compliance status and continuously monitors your environment by using automated compliance checks based on the AWS best practices and industry standards your business follows. 

  • AWS Artifact – Use a no-cost, self-service portal to get on-demand access to AWS security and compliance reports and select online agreements.

  • AWS Audit Manager – Continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards.