The Amazon Web Services (AWS) Security Reference Architecture (AWS SRA) is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. It can be used to help design, implement, and manage AWS security services so that they align with AWS best practices. The recommendations are built around a single-page architecture that includes AWS security services—how they help achieve security objectives, where they can be best deployed and managed in your AWS accounts, and how they interact with other security services.
Other content in this Stream
This document is intended to provide an introduction to AWS’s approach to security, including the controls in the AWS environment and some of the products and features.
Security will always be top of the agenda in any cloud conversation, but the way we talk about it is changing.
The focus of this paper is to provide guidance to help you apply best practices, current recommendations in the design, delivery, and maintenance of secure AWS workloads.
Amazon GuardDuty and AWS Security Hub in tandem provide continuous visibility, compliance, and detection of threats for AWS accounts and workloads.
CloudEndure Disaster Recovery minimizes downtime and data loss by providing fast, reliable recovery of physical, virtual, and cloud-based servers into AWS Cloud.
The AWS Security Hub Automated Response and Remediation solution helps you quickly react to address threats by providing predefined response and remediation actions.
This guide presents an overview of the fundamentals of responding to security incidents within a customer’s AWS Cloud environment.
In this tech talk, we'll answer questions, such as “How do I automate responses to threat findings? How do I set up master-member across regional account?"
In this post, we describe the AWS services that you can use to both detect and protect your data stored in Amazon Simple Storage Service (Amazon S3).
AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, shared with an external entity.
Earning customer trust is the foundation of our business at AWS and we know you trust us to protect your most critical and sensitive assets: your data.
You can further improve your DDoS resilience by using an AWS architecture with specific services and by implementing additional best practices.
This session walks you through how to get started with AWS Network Firewall, common use cases, architecture patterns, and rules creation.
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots.
The AWS network has been architected to permit you to select the level of security and resiliency appropriate for your workload.
This paper outlines the mechanisms that AWS has implemented to manage risk on the AWS side of the Shared Responsibility Model, and the tools that customers can leverage.
Learn more about our compliance offerings and why we serve our customers best.
AWS Backup Audit Manager is a new feature of AWS Backup that helps you monitor and evaluate the compliance status of your backups to meet business and regulatory requirements.
Panasonic Avionics needed a solution that could help it execute the transformation and keep the new cloud data infrastructure secure and compliant.
To simplify and centralize AWS account management and gain more flexible options when assigning user roles and permissions, Sophos implemented AWS Single Sign-On (AWS SSO).