Protecting networks
Users, both in your workforce and your customers, can be located anywhere. You need
to pivot from traditional models of trusting anyone and anything that has access to your
network. When you follow the principle of applying security at all layers, you employ a
Zero Trust
The careful planning and management of your network design forms the foundation of how you provide isolation and boundaries for resources within your workload. Because many resources in your workload operate in a VPC and inherit the security properties, it’s critical that the design is supported with inspection and protection mechanisms backed by automation. Likewise, for workloads that operate outside a VPC, using purely edge services and/or serverless, the best practices apply in a more simplified approach. Refer to the AWS Well-Architected Serverless Applications Lens for specific guidance on serverless security.