Protecting compute

Compute resources include EC2 instances, containers, AWS Lambda functions, database services, IoT devices, and more. Each of these compute resource types require different approaches to secure them. However, they do share common strategies that you need to consider: defense in depth, vulnerability management, reduction in attack surface, automation of configuration and operation, and performing actions at a distance. In this section, you will find general guidance for protecting your compute resources for key services. For each AWS service used, it’s important for you to check the specific security recommendations in the service documentation.

Best practices

SEC06-BP01 Perform vulnerability management
SEC06-BP02 Reduce attack surface
SEC06-BP03 Implement managed services
SEC06-BP04 Automate compute protection
SEC06-BP05 Enable people to perform actions at a distance
SEC06-BP06 Validate software integrity

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

SEC05-BP04 Implement inspection and protection

SEC06-BP01 Perform vulnerability management