There are a plethora of services AWS provides for security. They can be categorized into IAM, protect, detect, respond and audit categories. Below is a summary of these services and their purpose.
| Category | Service | Purpose |
|---|---|---|
| IAM | IAM | Manage AWS users, policies and roles. |
| IAM | IAM Identity Center | 1. Manage users and permissions across multiple AWS accounts within organization. 2. Easily integrates with external ID providers. 3. Simplifies user management |
| Detect | AWS Config | 1. Continuous recording of resource configuration changes. View the time-line of changes 2. Configure compliance rule checks. 3. Configure pre-defined remediations |
| Detect | GuardDuty | Threat detection and anomaly detection |
| Detect | Inspector | 1. Finds software vulnerabilities in EC2, ECR and lambda. 2. Finds network exposures (open ports). |
| Detect | CloudTrail | Actions taken by a user, role, or an AWS service are recorded. |
| Detect | Macie | Classification of sensitive data (such as credit card info) in S3. |
| Detect | Detective | Collects log data, visualizes and helps in faster security investigations |
| Detect | CloudWatch | Log data ingestion |
| Detect | SecurityHub | Comprehensive view of security state. Remediation. |
| Detect | CodeGuru | CodeSecurity |
| Protect | Firewall Manager | Centrally configure and manage firewall rules across multiple accounts and applications. |
| Protect | VPC security groups and ACLs | Virtual firewall type functionality |
| Protect | Network Firewall | Network level intrusion detection/prevention service |
| Protect | AWS Shield | DDOS protection service |
| Protect | Web app firewall | SQL injections, XSS etc web app protection |
| Protect | Key management service (KMS) | For data encryption |
| Protect | HSM | Hardware based security module (Except for regulatory compliance, this service has limited use) |
| Protect | Secrets Manager | Centrally manage secrets, password, API keys etc. |
| Audit | Audit Manager | Continuous audit of AWS usage. Automates evidence collection needed during audit. |
| Audit | Artifact | AWS security and compliance documents for download. |
Following table lists common cybersecurity threats and the AWS services one can use to protect.
| Threat | AWS Service |
|---|---|
|
Web application threats such as |
Web application Firewall |
| Malware detection Bit-coin mining DOS Intrusion |
Network Firewall |
| Port scanning detection (early stage attack or discovery) |
Network Firewall |
| Web servers (Apache, IIS, Tomcat etc) vulnerabilities | Network Firewall |
| Unusual API activity / unusual patterns | GuardDuty |
| Malware Scanning | GuardDuty |
| DDOS Attacks | AWS Shield |
| Recursive DNS Queries | Rouet 53 DNs Firewall |
| Source code Vulnerabilities | CodeGuru |