Skip to content

Security

Supported AWS Security Services

  • aws-service AWS IAM Access Analyzer: Generates comprehensive findings that identify resources policies for public or cross-account accessibility, monitors and helps you refine permissions. Provides the highest levels of security assurance.
  • aws-service AWS Config: Tracks changes made to AWS resources over time, making possible to return to a previous state. Monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired compliance rule set. Adds accountability factor.
  • aws-service AWS Cloudtrail: Stores logs over all calls made to AWS APIs, coming from web console, command line or any other. Allowing us to monitor it via CW Dashboards and notifications.
  • aws-service AWS VPC Flow Logs: Enables us to examine individual Network Interfaces logs, to address network issues and also monitor suspicious behavior.
  • aws-service AWS Web Application Firewall: Optional but if not used, it is recommended that a similar service is used, such as Cloudflare. When paired to an Application Load Balancer or Cloudfront distribution, it checks incoming requests to detect and block OWASP Top10 attacks, such as SQL injection, XSS and others.
  • aws-service AWS Inspector: Is an automated security assessment service that helps improve the security and compliance of infrastructure and applications deployed on AWS.
  • aws-service AWS GuardDuty: Is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. Detects unusual API calls or potentially unauthorized deployments (possible account compromise) and potentially compromised instances or reconnaissance by attackers.
  • aws-service AWS Security Logs Other access logs from client-facing resources will be stored in the Security account.
  • aws-service AWS Firewall Manager Is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations. This service lets you build firewall rules, create security policies, and enforce them in a consistent, hierarchical manner across your entire infrastructure, from a central administrator account.