Required AWS Config resources for Security Hub control findings
AWS Security Hub generates control findings by performing security checks against controls. Some controls use AWS Config rules that evaluate compliance with specific resources. For Security Hub to generate findings for controls that have a change triggered schedule type, you must turn on recording for required resources in AWS Config. You don't need to record resources for most controls that have a periodic schedule type. However, some periodic controls require resource recording to detect changes in compliance.
This page provides a list of required resources across standards and a list of required resources divided by standard. The first table also lists which Security Hub controls use each resource.
If a finding is generated by a security check that is based on an AWS Config rule, the finding details include a Rules link to the associated AWS Config rule. To navigate to the AWS Config rule, your account must have AWS Identity and Access Management (IAM) permission to view AWS Config rules.
Security Hub controls can rely on managed AWS Config rules or custom Security Hub rules. Make sure there is no AWS Identity and Access Management (IAM) policy or policy managed in Organizations which prevents AWS Config from having permission to record your resources.
Security Hub control checks directly evaluate the configuration of a resource and don’t take Organizations policies into account. For more information about AWS Config recording, see List of AWS Config Managed Rules – Considerations in the AWS Config Developer Guide.
Note
In AWS Regions where a control isn't available, the corresponding resource isn't available in AWS Config. For a list of Regional limits on Security Hub controls, see Availability of controls by Region.
Required resources for all Security Hub controls
For Security Hub to generate findings for enabled Security Hub change triggered controls that use a AWS Config rule, you must record these resources in AWS Config. This table also indicates which controls require a particular resource. A control may require more than one resource.
Service | Required resource | Related controls |
---|---|---|
Amazon API Gateway | AWS::ApiGateway::Stage |
APIGateway.1 APIGateway.2 APIGateway.3 APIGateway.4 APIGateway.5 |
AWS::ApiGatewayV2::Stage |
APIGateway.1 APIGateway.9 |
|
AWS AppSync | AWS::AppSync::GraphQLApi
|
AppSync.2 AppSync.4 AppSync.5 |
AWS::AppSync::ApiCache
|
AppSync.1 AppSync.6 |
|
AWS Backup (AWS Backup) | AWS::Backup::BackupPlan
|
Backup.5 |
AWS::Backup::BackupVault
|
Backup.3 |
|
AWS::Backup::RecoveryPoint
|
Backup.1 Backup.2 |
|
AWS::Backup::ReportPlan
|
Backup.4 |
|
AWS Certificate Manager (ACM) | AWS::ACM::Certificate
|
ACM.1 ACM.2 ACM.3 |
Amazon Athena | AWS::Athena::DataCatalog |
Athena.2 |
AWS::Athena::WorkGroup |
Athena.3 Athena.4 |
|
AWS CloudFormation | AWS::CloudFormation::Stack |
CloudFormation.2 |
Amazon CloudFront | AWS::CloudFront::Distribution
|
CloudFront.1 CloudFront.3 CloudFront.4 CloudFront.5 CloudFront.6 CloudFront.7 CloudFront.8 CloudFront.9 CloudFront.10 CloudFront.13 CloudFront.14 |
AWS CloudTrail | AWS::CloudTrail::Trail
|
CloudTrail.9 |
Amazon CloudWatch | AWS::CloudWatch::Alarm
|
CloudWatch.15 CloudWatch.17 |
AWS CodeArtifact | AWS::CodeArtifact::Repository
|
CodeArtifact.1 |
AWS CodeBuild | AWS::CodeBuild::Project
|
CodeBuild.1 CodeBuild.2 CodeBuild.3 CodeBuild.4 |
AWS::CodeBuild::ReportGroup
|
CodeBuild.7 |
|
AWS DataSync | AWS::DataSync::Task |
DataSync.1 |
Amazon Detective | AWS::Detective::Graph |
Detective.1 |
AWS Database Migration Service (AWS DMS) | AWS::DMS::Certificate |
DMS.2 |
AWS::DMS::Endpoint
|
|
|
AWS::DMS::EventSubscription
|
DMS.3 | |
AWS::DMS::ReplicationInstance
|
DMS.4 DMS.6 |
|
AWS::DMS::ReplicationSubnetGroup
|
DMS.5 | |
AWS::DMS::ReplicationTask |
DMS.7 DMS.8 |
|
Amazon DynamoDB | AWS::DynamoDB::Table
|
DynamoDB.1 DynamoDB.2 DynamoDB.5 DynamoDB.6 |
Amazon Elastic Compute Cloud (EC2) | AWS::EC2::ClientVpnEndpoint |
EC2.51 |
AWS::EC2::CustomerGateway |
EC2.36 | |
AWS::EC2::EIP |
EC2.12 EC2.37 |
|
AWS::EC2::FlowLog |
EC2.48 | |
AWS::EC2::Instance |
EC2.4 EC2.8 EC2.9 EC2.17 EC2.24 EC2.38 EMR.1 SSM.1 |
|
AWS::EC2::InternetGateway |
EC2.39 |
|
AWS::EC2::LaunchTemplate |
EC2.25 EC2.170 |
|
AWS::EC2::NatGateway |
EC2.40 |
|
AWS::EC2::NetworkAcl |
EC2.16 EC2.21 EC2.41 |
|
AWS::EC2::NetworkInterface |
EC2.22 EC2.35 |
|
AWS::EC2::RouteTable |
EC2.42 | |
AWS::EC2::SecurityGroup |
EC2.2 EC2.13 EC2.14 EC2.18 EC2.19 EC2.43 |
|
AWS::EC2::Subnet |
EC2.15 EC2.44 ElastiCache.7 |
|
AWS::EC2::TransitGateway |
EC2.23 EC2.52 |
|
AWS::EC2::TransitGatewayAttachment |
EC2.33 | |
AWS::EC2::TransitGatewayRouteTable |
EC2.34 | |
AWS::EC2::Volume |
EC2.3 EC2.45 |
|
AWS::EC2::VPC |
EC2.6 EC2.46 |
|
AWS::EC2::VPCEndpointService |
EC2.47 | |
AWS::EC2::VPCPeeringConnection |
EC2.49 | |
AWS::EC2::VPNConnection |
EC2.20
EC2.171 |
|
AWS::EC2::VPNGateway |
EC2.50 | |
Amazon EC2 Auto Scaling | AWS::AutoScaling::AutoScalingGroup |
AutoScaling.1 AutoScaling.2 AutoScaling.6 AutoScaling.9 AutoScaling.10 |
AWS::AutoScaling::LaunchConfiguration |
AutoScaling.3 Autoscaling.5 |
|
Amazon EC2 Systems Manager (SSM) | AWS::SSM::AssociationCompliance |
SSM.3 |
AWS::SSM::ManagedInstanceInventory |
SSM.1 |
|
AWS::SSM::PatchCompliance |
SSM.2 |
|
Amazon Elastic Container Registry (Amazon ECR) | AWS::ECR::PublicRepository |
ECR.4 |
AWS::ECR::Repository |
ECR.2 ECR.3 |
|
Amazon Elastic Container Service (Amazon ECS) | AWS::ECS::Cluster |
ECS.12 ECS.14 |
AWS::ECS::Service |
ECS.2 ECS.10 ECS.13 |
|
AWS::ECS::TaskDefinition |
ECS.1 ECS.3 ECS.4 ECS.5 ECS.8 ECS.9 ECS.15 |
|
AWS::ECS::TaskSet |
ECS.16 |
|
Amazon Elastic File System (Amazon EFS) | AWS::EFS::AccessPoint
|
EFS.3 EFS.4 EFS.5 |
AWS::EFS::FileSystem
|
EFS.7 EFS.8 |
|
Amazon Elastic Kubernetes Service (Amazon EKS) | AWS::EKS::Cluster |
EKS.2 EKS.6 EKS.8 |
AWS::EKS::IdentityProviderConfig |
EKS.7 | |
AWS Elastic Beanstalk | AWS::ElasticBeanstalk::Environment
|
ElasticBeanstalk.1 ElasticBeanstalk.2 ElasticBeanstalk.3 |
Elastic Load Balancing | AWS::ElasticLoadBalancing::LoadBalancer |
ELB.2 ELB.3 ELB.5 ELB.7 ELB.8 ELB.9 ELB.10 ELB.14 |
AWS::ElasticLoadBalancingV2::LoadBalancer |
ELB.1 ELB.4 ELB.5 ELB.6 ELB.12 ELB.13 ELB.16 |
|
ElasticSearch | AWS::Elasticsearch::Domain |
ES.3 ES.4 ES.5 ES.6 ES.7 ES.8 ES.9 |
Amazon EventBridge | AWS::Events::EventBus |
EventBridge.2 EventBridge.3 |
AWS::Events::Endpoint |
EventBridge.4 |
|
AWS Global Accelerator |
AWS::GlobalAccelerator::Accelerator |
GlobalAccelerator.1 |
AWS Glue |
AWS::Glue::Job |
Glue.1 Glue.2 |
AWS::Glue::MLTransform |
Glue.3 |
|
Amazon GuardDuty |
AWS::GuardDuty::Detector |
GuardDuty.4 |
AWS::GuardDuty::Filter |
GuardDuty.2 |
|
AWS::GuardDuty::IPSet |
GuardDuty.3 |
|
AWS Identity and Access Management (IAM) | AWS::IAM::Group |
IAM.27 KMS.2 |
AWS::IAM::Policy |
IAM.1 IAM.21 KMS.1 |
|
AWS::IAM::Role |
IAM.24 IAM.27 KMS.2 |
|
AWS::IAM::User |
IAM.2 IAM.3 IAM.5 IAM.8 IAM.19 IAM.22 IAM.25 IAM.27 KMS.2 |
|
AWS Identity and Access Management Access Analyzer | AWS::AccessAnalyzer::Analyzer |
IAM.23 |
AWS IoT | AWS::IoT::Authorizer |
IoT.4 |
AWS::IoT::Dimension |
IoT.3 |
|
AWS::IoT::MitigationAction |
IoT.2 |
|
AWS::IoT::Policy |
IoT.6 |
|
AWS::IoT::RoleAlias |
IoT.5 |
|
AWS::IoT::SecurityProfile |
IoT.1 |
|
Amazon Kinesis | AWS::Kinesis::Stream |
Kinesis.1 Kinesis.2 Kinesis.3 |
AWS Key Management Service (AWS KMS) | AWS::KMS::Alias |
S3.17 |
AWS::KMS::Key |
KMS.3 KMS.5 S3.17 |
|
AWS Lambda | AWS::Lambda::Function |
Lambda.1 Lambda.2 Lambda.3 Lambda.5 Lambda.6 |
Amazon MSK | AWS::MSK::Cluster |
MSK.1 MSK.2 |
AWS::KafkaConnect::Connector |
MSK.3 |
|
Amazon MQ | AWS::AmazonMQ::Broker |
MQ.2 MQ.3 MQ.4 MQ.5 MQ.6 |
AWS Network Firewall | AWS::NetworkFirewall::Firewall |
NetworkFirewall.1 NetworkFirewall.7 NetworkFirewall.9 |
AWS::NetworkFirewall::FirewallPolicy |
NetworkFirewall.3 NetworkFirewall.4 NetworkFirewall.5 NetworkFirewall.8 |
|
AWS::NetworkFirewall::RuleGroup |
NetworkFirewall.6 |
|
Amazon OpenSearch Service | AWS::OpenSearch::Domain |
Opensearch.1 Opensearch.2 Opensearch.3 Opensearch.4 Opensearch.5 Opensearch.6 Opensearch.7 Opensearch.8 Opensearch.9 Opensearch.10 Opensearch.11 |
Amazon Relational Database Service (Amazon RDS) | AWS::RDS::DBCluster |
DocumentDB.1 DocumentDB.2 DocumentDB.4 DocumentDB.5 Neptune.1 Neptune.2 Neptune.4 Neptune.5 Neptune.7 Neptune.8 Neptune.9 RDS.7 RDS.12 RDS.14 RDS.15 RDS.16 RDS.24 RDS.27 RDS.28 RDS.34 RDS.35 RDS.37 |
AWS::RDS::DBClusterSnapshot |
DocumentDB.3 Neptune.3 Neptune.6 RDS.1 RDS.4 RDS.29 |
|
AWS::RDS::DBInstance |
RDS.2 RDS.3 RDS.5 RDS.6 RDS.8 RDS.9 RDS.10 RDS.11 RDS.13 RDS.17 RDS.18 RDS.23 RDS.25 RDS.30 RDS.36 |
|
AWS::RDS::DBSecurityGroup |
RDS.31 |
|
AWS::RDS::DBSnapshot |
RDS.1 RDS.4 RDS.32 |
|
AWS::RDS::DBSubnetGroup |
RDS.33 |
|
AWS::RDS::EventSubscription |
RDS.19 RDS.20 RDS.21 RDS.22 |
|
Amazon Redshift | AWS::Redshift::Cluster |
Redshift.1 Redshift.2 Redshift.3 Redshift.4 Redshift.6 Redshift.7 Redshift.8 Redshift.9 Redshift.10 Redshift.11 |
AWS::Redshift::ClusterParameterGroup |
Redshift.2 |
|
AWS::Redshift::ClusterSnapshot |
Redshift.13 |
|
AWS::Redshift::ClusterSubnetGroup |
Redshift.14 |
|
AWS::Redshift::EventSubscription |
Redshift.12 |
|
Amazon Route 53 | AWS::Route53::HostedZone |
Route53.2 |
AWS::Route53::HealthCheck |
Route53.1 |
|
Amazon Simple Storage Service (Amazon S3) | AWS::S3::AccessPoint |
S3.19 |
AWS::S3::AccountPublicAccessBlock |
S3.2 S3.3 |
|
AWS::S3::Bucket |
S3.2 S3.3 S3.5 S3.6 S3.7 S3.8 S3.9 S3.10 S3.11 S3.12 S3.13 S3.14 S3.15 S3.17 S3.20 |
|
AWS::S3::MultiRegionAccessPoint |
S3.24 |
|
AWS Secrets Manager | AWS::SecretsManager::Secret
|
SecretsManager.1 SecretsManager.2 SecretsManager.5 |
AWS Service Catalog | AWS::ServiceCatalog::Portfolio
|
ServiceCatalog.1 |
Amazon Simple Email Service (Amazon SES) | AWS::SES::ConfigurationSet
|
SES.2 |
AWS::SES::ContactList
|
SES.1 |
|
Amazon Simple Notification Service (Amazon SNS) | AWS::SNS::Topic
|
SNS.1 SNS.3 SNS.4 |
Amazon Simple Queue Service (Amazon SQS) | AWS::SQS::Queue
|
SQS.1 SQS.2 |
Amazon SageMaker | AWS::SageMaker::NotebookInstance
|
SageMaker.2 SageMaker.3 |
AWS Step Functions | AWS::StepFunctions::StateMachine
|
StepFunctions.1 |
AWS::StepFunctions::Activity
|
StepFunctions.2 |
|
AWS Transfer Family | AWS::Transfer::Workflow
|
Transfer.1 |
AWS WAF | AWS::WAF::Rule |
WAF.6 |
AWS::WAF::RuleGroup |
WAF.7 |
|
AWS::WAF::WebACL |
WAF.1 WAF.8 |
|
AWS::WAFRegional::Rule |
WAF.2 |
|
AWS::WAFRegional::RuleGroup |
WAF.3 |
|
AWS::WAFRegional::WebACL |
WAF.4 |
|
AWS::WAFv2::RuleGroup |
WAF.12 |
|
AWS::WAFv2::WebACL |
WAF.10 WAF.11 |
|
Amazon WorkSpaces | AWS::WorkSpaces::WorkSpace |
WorkSpaces.1 WorkSpaces.2 |
Required resources for FSBP standard
For Security Hub to accurately report findings for enabled AWS Foundational Security Best Practices v1.0.0 (FSBP) change triggered controls that use a AWS Config rule, you must record these resources in AWS Config. For more information about this standard, see AWS Foundational Security Best Practices v1.0.0 (FSBP) standard.
Service | Required resources |
---|---|
Amazon API Gateway |
|
AWS AppSync |
|
AWS Backup |
|
AWS Certificate Manager (ACM) |
|
AWS CloudFormation |
|
Amazon CloudFront |
|
AWS CodeBuild |
|
AWS DataSync |
|
AWS Database Migration Service (AWS DMS) |
|
Amazon DynamoDB |
|
Amazon EC2 Systems Manager (SSM) |
|
Amazon Elastic Compute Cloud (EC2) |
|
Amazon EC2 Auto Scaling |
|
Amazon Elastic Container Registry (Amazon ECR) |
|
Amazon Elastic Container Service (Amazon ECS) |
|
Amazon Elastic File System (Amazon EFS) |
|
Amazon EKS |
|
ElasticBeanstalk |
|
Elastic Load Balancing |
|
ElasticSearch |
|
AWS Glue |
|
AWS Identity and Access Management (IAM) |
|
Amazon Kinesis |
|
AWS Key Management Service (AWS KMS) |
|
AWS Lambda |
|
Amazon MSK |
|
AWS Network Firewall |
|
Amazon OpenSearch Service |
|
Amazon Relational Database Service (Amazon RDS) |
|
Amazon Redshift |
|
Amazon Route 53 |
|
Amazon Simple Storage Service (Amazon S3) |
|
Amazon Simple Notification Service (Amazon SNS) |
|
Amazon Simple Queue Service (Amazon SQS) |
|
Amazon SageMaker |
|
AWS Secrets Manager |
|
AWS Step Functions |
|
AWS WAF |
|
Amazon WorkSpaces |
|
Required resources for CIS AWS Foundations Benchmark
To run security checks for enabled controls that apply to the Center for Internet
Security (CIS) AWS Foundations Benchmark, Security Hub either runs through
the exact audit steps prescribed for the checks in Securing
Amazon Web Services
For more information about this standard, see CIS AWS Foundations Benchmark.
Required resources for CIS v3.0.0
For Security Hub to accurately report findings for enabled CIS v3.0.0 change triggered controls that use a AWS Config rule, you must record these resources in AWS Config.
Service | Required resources |
---|---|
Amazon Elastic Compute Cloud (Amazon EC2) |
|
AWS Identity and Access Management (IAM) |
|
Amazon Relational Database Service (Amazon RDS) |
|
Amazon Simple Storage Service (Amazon S3) |
|
Required resources for CIS v1.4.0
For Security Hub to accurately report findings for enabled CIS v1.4.0 change triggered controls that use a AWS Config rule, you must record these resources in AWS Config.
Service | Required resources |
---|---|
Amazon Elastic Compute Cloud (EC2) |
|
AWS Identity and Access Management (IAM) |
|
Amazon Relational Database Service (Amazon RDS) |
|
Amazon Simple Storage Service (Amazon S3) |
|
Required resources for CIS v1.2.0
For Security Hub to accurately report findings for enabled CIS v1.2.0 change triggered controls that use a AWS Config rule, you must record these resources in AWS Config.
Service | Required resources |
---|---|
Amazon Elastic Compute Cloud (EC2) |
|
AWS Identity and Access Management (IAM) |
|
Required resources for NIST SP 800-53 Rev. 5
For Security Hub to accurately report findings for enabled National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 change triggered controls that use a AWS Config rule, you must record these resources in AWS Config. You only have to record resources for controls that have a schedule type of change triggered. For more information about this standard, see NIST SP 800-53 Rev. 5 in Security Hub.
Service | Required resources |
---|---|
Amazon API Gateway |
|
AWS AppSync |
|
AWS Backup |
|
AWS Certificate Manager (ACM) |
|
AWS CloudFormation |
|
Amazon CloudFront |
|
Amazon CloudWatch |
|
AWS CodeBuild |
|
AWS Database Migration Service (AWS DMS) |
|
Amazon DynamoDB |
|
Amazon Elastic Compute Cloud (EC2) |
|
Amazon EC2 Auto Scaling |
|
Amazon Elastic Container Registry (Amazon ECR) |
|
Amazon Elastic Container Service (Amazon ECS) |
|
Amazon Elastic File System (Amazon EFS) |
|
Amazon EKS |
|
ElasticBeanstalk |
|
Elastic Load Balancing |
|
ElasticSearch |
|
Amazon EventBridge |
|
AWS Identity and Access Management (IAM) |
|
AWS Key Management Service (AWS KMS) |
|
Amazon Kinesis |
|
AWS Lambda |
|
Amazon MSK |
|
Amazon MQ |
|
AWS Network Firewall |
|
Amazon OpenSearch Service |
|
Amazon Relational Database Service (Amazon RDS) |
|
Amazon Redshift |
|
Amazon Route 53 |
|
Amazon Simple Storage Service (Amazon S3) |
|
AWS Service Catalog |
|
Amazon Simple Notification Service (Amazon SNS) |
|
Amazon Simple Queue Service (Amazon SQS) |
|
Amazon EC2 Systems Manager (SSM) |
|
Amazon SageMaker |
|
AWS Secrets Manager |
|
AWS WAF |
|
Required resources for PCI DSS v3.2.1
For Security Hub to accurately report findings for enabled Payment Card Industry Data Security Standard (PCI DSS) controls that use a AWS Config rule, you must record these resources in AWS Config. For more information about this standard, see PCI DSS v3.2.1 in Security Hub.
Service | Required resources |
---|---|
AWS CodeBuild |
|
Amazon Elastic Compute Cloud (EC2) |
|
Amazon EC2 Auto Scaling |
|
AWS Identity and Access Management (IAM) |
|
AWS Lambda |
|
Amazon OpenSearch Service |
|
Amazon Relational Database Service (Amazon RDS) |
|
Amazon Redshift |
|
Amazon Simple Storage Service (Amazon S3) |
|
Amazon EC2 Systems Manager (SSM) |
|
Required resources for AWS Resource Tagging Standard
All controls in the AWS Resource Tagging Standard are change triggered and use a AWS Config rule. For Security Hub to accurately report findings for these controls, you must record the following resources in AWS Config. You only have to record resources for controls that have a schedule type of change triggered. For more information about this standard, see AWS Resource Tagging Standard.
Service | Required resources |
---|---|
AWS AppSync |
|
Amazon Athena |
|
AWS Certificate Manager (ACM) |
|
AWS Backup (AWS Backup) |
|
AWS CloudFormation |
|
Amazon CloudFront |
|
AWS CloudTrail |
|
AWS CodeArtifact |
|
Amazon Detective |
|
AWS Database Migration Service (AWS DMS) |
|
Amazon DynamoDB |
|
Amazon Elastic Compute Cloud (EC2) |
|
Amazon EC2 Auto Scaling |
|
Amazon Elastic Container Registry (Amazon ECR) |
|
Amazon Elastic Container Service (Amazon ECS) |
|
Amazon Elastic File System (Amazon EFS) |
|
Amazon Elastic Kubernetes Service (Amazon EKS) |
|
AWS Elastic Beanstalk (Elastic Beanstalk) |
|
ElasticSearch |
|
Amazon EventBridge |
|
AWS Global Accelerator |
|
AWS Glue |
|
Amazon GuardDuty |
|
AWS Identity and Access Management (IAM) |
|
AWS Identity and Access Management Access Analyzer (IAM Access Analyzer) |
|
AWS IoT |
|
Amazon Kinesis |
|
AWS Lambda |
|
Amazon MQ |
|
AWS Network Firewall |
|
Amazon OpenSearch Service |
|
Amazon Relational Database Service |
|
Amazon Redshift |
|
Amazon Route 53 |
|
AWS Secrets Manager |
|
Amazon Simple Email Service (Amazon SES) |
|
Amazon Simple Notification Service (Amazon SNS) |
|
Amazon Simple Queue Service (Amazon SQS) |
|
AWS Step Functions |
|
AWS Transfer Family |
|
Required resources for Service-Managed Standard: AWS Control Tower
For Security Hub to accurately report findings for enabled Service-Managed Standard: AWS Control Tower change triggered controls that use a AWS Config rule, you must record the following resources in AWS Config. For more information about this standard, see Service-Managed Standard: AWS Control Tower.
Service | Required resources |
---|---|
Amazon API Gateway |
|
AWS Certificate Manager (ACM) |
|
AWS CodeBuild |
|
Amazon DynamoDB |
|
Amazon Elastic Compute Cloud (EC2) |
|
Amazon EC2 Auto Scaling |
|
Amazon Elastic Container Registry (Amazon ECR) |
|
Amazon Elastic Container Service (Amazon ECS) |
|
Amazon Elastic File System (Amazon EFS) |
|
Amazon EKS |
|
ElasticBeanstalk |
|
Elastic Load Balancing |
|
ElasticSearch |
|
AWS Identity and Access Management (IAM) |
|
AWS Key Management Service (AWS KMS) |
|
Amazon Kinesis |
|
AWS Lambda |
|
AWS Network Firewall |
|
Amazon OpenSearch Service |
|
Amazon Relational Database Service (Amazon RDS) |
|
Amazon Redshift |
|
Amazon Simple Storage Service (Amazon S3) |
|
Amazon Simple Notification Service (Amazon SNS) |
|
Amazon Simple Queue Service (Amazon SQS) |
|
Amazon EC2 Systems Manager (SSM) |
|
AWS Secrets Manager |
|
AWS WAF |
|