Security

The ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Design Principles

• Implement a strong identity foundation

• Enable traceability

• Apply security at every layer

• Automate security

• Protect data in transit and at rest

• Prepare for security events

Best Practices

Identity and Access Management

• Access Control

  • IAM

• Centrally Manage Accounts

  • AWS Organizations

• Identity Authentication

  • MFA Tokens

    • Hardware FOBs

    • Virtual MFA - Google Auth, DUO, etc.

• Limited Life Credentials

  • Temporary Security Credentials

  • Roles instead of credentials!

Detective Controls

• API Access Logs

  • CloudTrail

• Resource Inventory

  • AWS Config

• Logs Metric Filters

  • CloudWatch

• Threat Detection

  • Guard Duty

Infrastructure Protection

• Isolated Virtual Networks

  • VPC

• Vulnerability Detection

  • Amazon Inspector

• DDOS Mitigation

  • AWS Shield

• Application Firewall

  • AWS WAF

Data Protection

• Data Security Automation

  • Macie

• Object Encryption

  • Simple Storage Service (S3) Encryption

  • Key Management Service (KMS)

• Incident Response

  • Infrastructure as Code

    • CloudFormation

  • Response Team Authorization

    • IAM