Enterprise Cloud Consultancy in The UK and Europe

AWS Security Pillar

The security pillar describes how to take advantage of AWS products, services and best practices to protect systems and assure the availability, integrity and confidentiality of data.

Design Principles

  • Implement a strong identity foundation: least privilege and enforce separation of duties
  • Enable traceability: Monitor, alert, and audit actions and changes
  • Apply security at all layers: defence in depth approach with multiple security controls
  • Automate security best practices: implement security controls as code in version-controlled templates.
  • Protect data in transit and at rest: classify your data and use encryption, tokenization, and access controls
  • Keep people away from data: reduce or eliminate direct access
  • Prepare for security events: create incident management and investigation policy and processes and run incident response simulations

Best Practices

  • Identify and prioritize risks using a threat model:
  • Identify and validate control objectives:
  • Keep up to date with security threats:
  • Keep up to date with security recommendations:
  • Evaluate and implement new security services and features regularly:
  • Automate testing and validation of security controls in pipelines:

Services

• AWS Identity & Access Management (IAM)
• AWS Artifact
• AWS Audit Manager
• Amazon Cognito
• Amazon Detective
• AWS Directory Service
• AWS Firewall Manager
• Amazon Cloud Directory
• Amazon GuardDuty
• Amazon Inspector
• Amazon Macie
• AWS Network Firewall
• AWS Resource Access Manager (AWS RAM)
• AWS Resource Groups
• AWS Secrets Manager
• AWS Security Hub
• AWS Shield
• AWS Single Sign-On
• Tag Editor
• AWS WAF
• AWS Cryptographic Services Overview
• AWS PKI Services Overview
• AWS CloudHSM
• AWS Key Management Service (AWS KMS)
• AWS Crypto Tools
• AWS Certificate Manager
• AWS Certificate Manager Private Certificate Authority
• AWS Signer