https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf
- Protecting AWS credentials
- IAM (groups, users), AWS STS (keys), MFA
- Fine-grained authorizationcredentials
- IAM (roles, policies)
- Capture and analyze logs
- CloudTrail, CloudWatch Logs, GuardDuty, VPC Flow Logs, DNS logs, AWS Config, S3 & Glacier, Athena
- Integrate auditing controls with notification and workflow
- CloudWatch Events, AWS Config Rules, CloudWatch & CloudWatch Logs, CloudWatch API & AWS SDKs, Inspector
- Protecting network and host-level boundaries
- VPC, VPC Security Groups, Shield (DDoS protection), WAF (firewall), Firewall Manager, Direct Connect
- System security configuration and maintenance
- Systems Manager, Inspector (vulnerabilities), CloudFormation
- Enforcing service-level protection
- IAM (policies), AWS KMS, S3 (bucket policies), SNS
- Data classification
- resource tagging, AWS KMS
- Encryption/tokenization
- AWS KMS, CloudHSM (hardware security module), DynamoDB (for storage)
- Protecting data at rest
- AWS KMS --> S3, EBS, Glacier
- Protecting data in transit
- ACM (AWS Certificate Manager), ELB, CloudFront
- Data backup/replication/recovery
- S3 (Cross-Region Replication, Lifecycle Policies and Versioning), EBS snapshot, RDS snapshots
- IAM -- grant appropriate authorization to incident response teams in advance
- CloudFormation -- automate the creation of trusted environments for conducting deeper investigations
- CloudTrail -- history of AWS API calls
- CloudWatch Events -- trigger different automated actions
- Step Functions -- coordinate a sequence if steps to automate an incident response