Security

When you build systems on AWS infrastructure, security responsibilities are shared between you and AWS. This shared model reduces your operational burden because AWS operates, manages, and controls the components including the host operating system, the virtualization layer, and the physical security of the facilities in which the services operate. For more information about AWS security, visit the AWS Cloud Security.

API Gateway Security Policy

If you choose to enable the solution’s Web User Interface, an API Gateway REST API is deployed alongside the Admin CloudFormation stack which serves as the backend for all operations in the Web UI. The REST API deployed by the solution uses the default TLS security policy for API Gateway, which is TLS-1-0 for regional APIs.

However, after deploying the Admin CloudFormation stack you may choose to customize the solution’s REST API by adding a more restrictive TLS security policy. For example, you can choose the TLS_1_2 security policy to restrict for traffic using TLSv1.2 or TLSv1.3. You can find the solution’s REST API in the API Gateway console under the name AutomatedSecurityResponseApi.

In order to choose a security policy for the solution’s REST API, you must first configure a custom domain name. For more information, see Custom domain name for public REST APIs in API Gateway.

For more information on adding a security policy to your REST API, see Choose a security policy for your REST API custom domain in API Gateway in the API Gateway guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Cost

IAM roles