AWS Security Pillar

Last Updated : 20-Dec-2020

The security pillar describes how to take advantage of AWS products, services and best practices to protect systems and assure the availability, integrity and confidentiality of data.

Design Principles

  • Implement a strong identity foundation: least privilege and enforce separation of duties
  • Enable traceability: Monitor, alert, and audit actions and changes
  • Apply security at all layers: defence in depth approach with multiple security controls
  • Automate security best practices: implement security controls as code in version-controlled templates.
  • Protect data in transit and at rest: classify your data and use encryption, tokenization, and access controls
  • Keep people away from data: reduce or eliminate direct access
  • Prepare for security events: create incident management and investigation policy and processes and run incident response simulations

Best Practices

  • Identify and prioritize risks using a threat model:
  • Identify and validate control objectives:
  • Keep up to date with security threats:
  • Keep up to date with security recommendations:
  • Evaluate and implement new security services and features regularly:
  • Automate testing and validation of security controls in pipelines:


• AWS Identity & Access Management (IAM)
• AWS Artifact
• AWS Audit Manager
• Amazon Cognito
• Amazon Detective
• AWS Directory Service
• AWS Firewall Manager
• Amazon Cloud Directory
• Amazon GuardDuty
• Amazon Inspector
• Amazon Macie
• AWS Network Firewall
• AWS Resource Access Manager (AWS RAM)
• AWS Resource Groups
• AWS Secrets Manager
• AWS Security Hub
• AWS Shield
• AWS Single Sign-On
• Tag Editor
• AWS Cryptographic Services Overview
• AWS PKI Services Overview
• AWS CloudHSM
• AWS Key Management Service (AWS KMS)
• AWS Crypto Tools
• AWS Certificate Manager
• AWS Certificate Manager Private Certificate Authority
• AWS Signer

Using Template: Template Post
magnifier linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram