AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.
Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time consuming for security teams to continuously analyze event log data for potential threats.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.
Discover and protect your sensitive data at scale. Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
No cost, self-service portal for on-demand access to AWS’ compliance reports.AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.
AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud.
AWS Firewall Manager is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organization.
AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications.
AWS Resource Access Manager (RAM) is a service that enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization. You can share AWS Transit Gateways, Subnets, AWS License Manager configurations, and Amazon Route 53 Resolver rules resources with RAM.
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
AWS Security Hub gives you a comprehensive view of your high-priority security alerts and security posture across your AWS accounts. There are a range of powerful security tools at your disposal, from firewalls and endpoint protection to vulnerability and compliance scanners.
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection.
AWS Single Sign-On (SSO) makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place.
|Category||Use cases||AWS service|
|Identity & access management||Securely manage access to services and resources||AWS Identity & Access Management (IAM)|
|Cloud single-sign-on (SSO) service||AWS Single Sign-On|
|Identity management for your apps||Amazon Cognito|
|Managed Microsoft Active Directory||AWS Directory Service|
|ISimple, secure service to share AWS resources||AWS Resource Access Manager|
|Central governance and management across AWS accounts||AWS Organizations|
|Detection||Unified security and compliance center||AWS Security Hub|
|Managed threat detection service||Amazon GuardDuty|
|Analyze application security||Amazon Inspector|
|Record and evaluate configurations of your AWS resources||AWS Config|
|Track user activity and API usage||AWS CloudTrail|
|Security management for IoT devices||AWS IoT Device Defender|
|Infrastructure protection||DDoS protection||AWS Shield|
|Filter malicious web traffic||AWS Web Application Firewall (WAF)|
|Central management of firewall rules||AWS Firewall Manager|
|Data protection||Discover and protect your sensitive data at scale||Amazon Macie|
|Key storage and management||AWS Key Management Service (KMS)|
|Hardware based key storage for regulatory compliance||AWS CloudHSM|
|Provision, manage, and deploy public and private SSL/TLS certificates||AWS Certificate Manager|
|Rotate, manage, and retrieve secrets||AWS Secrets Manager|
|Incident response||Investigate potential security issues||Amazon Detective|
|Fast, automated, cost- effective disaster recovery||CloudEndure Disaster Recovery|
|Compliance||No cost, self-service portal for on-demand access to AWS’ compliance reports||AWS Artifact|
AWS is designed to help you build secure, high-performing, resilient, and efficient infrastructure for your applications. World-class security experts who monitor our infrastructure also build and maintain our broad selection of innovative security services, which can help you simplify meeting your own security and regulatory requirements. Our security services and solutions are focused on delivering the following key strategic benefits critical to helping you implement your organization’s optimal security posture:
Define user permissions and identities, infrastructure protection and data protection measures for a smooth and planned AWS adoption strategy.
Gain visibility into your organization’s security posture with logging and monitoring services. Ingest this information into a scalable platform for event management, testing, and auditing.
Automated incident response and recovery to help shift the primary focus of security teams from response to analyzing root cause.
Leverage event driven automation to quickly remediate and secure your AWS environment in near real-time.
Secure your workloads and applications in the cloud
AWS provides services that help you protect your data, accounts, and workloads from unauthorized access. AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects your accounts and workloads.
AWS Identity Services enable you to securely manage identities, resources, and permissions at scale. With AWS, you have identity services for your workforce and customer-facing applications to get started quickly and manage access to your workloads and applications.
AWS protects web applications by filtering traffic based on rules that you create. For example, you can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, which allows you to block common attack patterns, such as SQL injection or cross-site scripting.
AWS gives you a comprehensive view of your compliance status and continuously monitors your environment using automated compliance checks based on the AWS best practices and industry standards your organization follows.
AWS identifies threats by continuously monitoring the network activity and account behavior within your cloud environment.