Identity & Access
Controls
Identity and access controls are critical to ensuring that only authorized users, groups,
or applications can access internal resources. Your provider should give you access to
define, enforce, and audit user permissions across services, actions, and resources so
that the right people have access to the right resources under the right conditions.
AWS Single Sign-On
AWS Identity & Access Management
AWS Organizations
Amazon Cognito
Detective Controls
Your cloud provider should offer you the visibility you need to spot issues before they
impact the business, improve your security posture, and reduce the risk profile of your
environment.
AWS Security Hub
Amazon GuardDuty
AWS CloudTrail
Amazon Inspector
Infrastructure
Security Clouds
The right infrastructure security controls will enable you to reduce the surface area
you need to manage and increase privacy for and control of your overall cloud
infrastructure.
AWS Firewall Manager
AWS Network Firewall
AWS Systems Manager
AWS Web Application Firewall (WAF)
Data Protection
Controls
You should have access to automatic data encryption and management services,
including data management, data security, and encryption key storage.
Amazon Macie
AWS Key Management Service
AWS Certificate Manager
AWS Secrets Manager
AWS CloudHSM
Incident Response
Controls
Organizations implement mechanisms to respond to and mitigate the potential
impact of security incidents to return to a known good state.
Amazon Detective
AWS Elastic Disaster Recovery
Next Steps for Cloud Security Success
Security in the cloud is composed of these five areas with some recommended solutions that can help you design and migrate to
a cloud architecture with security in mind.
The paper provides in-depth, best-practice guidance for architecting secure workloads on AWS.
Learn more in the AWS Well-Architected Security Pillar ›
10
