Compliance
AWS Artifact
Certifications reviews and audit reports
Customer Compliance Center
Identify regulatory requirements
Browse country/region specific requirements
AWS answers to key compliance questions
Auditing and security checklist
Discover how other companies solve compliance and regulatory challenges
AWS Audit Manager
Continuous collects data to prepare for audits
Ensure compliance with regulatory standards
Readily to build audit reports
AWS Config
Tracks and reports changes to AWS Resources.
Auditing and recording compliance of AWS resources and records configurations changes over time.
Preventive
AWS Web Application Firewall (WAF)
Monitors http requests (sql injects, xss, etc)
Supports Web ACL
AWS Shield
Detects and mitigates DDOS attacks.
AWS Network Firewall
Protects traffic in and out the VPC (stateful)
Detection
AWS Inspector
Inspects workloads (EC2, ECR, Lambda,..) for vulnerabilities and network exposure
Amazon GuardDuty
Monitors abnormal activity and detects threats;
Performs anormally detection, can use third party tools.
Amazon Detective
Uses machine learning and statistical analysis to create advance visualization.
Integrates with GuardDuty, Macie and Security Hub
Ingest data from VPC flow, Could Trails, etc
AWS Security Hub
Uses Amazon Inspector and Amazon GuardDuty.
Automates security checks and brings security alerts into a central location.
Can perform validation against AWS security best practices.
Amazon Security Lake
Aggregates logs in a central location
Efficient queries using parquet format
Open Cybersecurity Schema Framework (OCSF)
AWS Macie
Works in S3 buckets
Uses pattern matching and machine learning to automatically discover sensitive data.
Generates an report of S3 buckets and scans for objects that can contain sensitive data.
Management
Amazon Firewall Manager
Manages AWS Shield, AWS WAF and AWS Network Firewall
Manages rules across applications, accounts and organizations
AWS Resource Access Manager
Enables sharing resources across multiple accounts
AWS Cognito
Implement customer identity and access management
AWS Identity and Access Management (IAM)
Manages access to AWS resources
AWS IAM Identity Center
Manages multiple accounts, sign-in and security
AWS Secrets Manager
Storage and manage credentials, can configure secret rotation.
Application dynamically pull the secrets from service API’s.
AWS Certificate Manager (ACM)
Manages SSL certificates (create, store, renew)
AWS Private Certificate Authority
Private CA (cloud/on-premises) managed by AWS
AWS Key Management Service (KMS)
Handles keys, key rotation, permits granularity control
AWS CloudHSM
Cloud Hardware Security Model (HSM)
Store keys and performs crypto operations