Securely manage identities and access to AWS services and resources.
AWS Identity and Access Management (IAM)
centralizes identity and access management across AWS accounts and applications.
AWS IAM Identity Center
implement single sign-on
system that allows users to access multiple applications, services, or domains using a single set of credentials.
Federated identity management
provides a secure way to manage, rotate, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. This helps keep your applications, services, and IT resources safe.
Secrets Manager
provides a centralized view of nodes across your organization’s accounts and Regions and multi-cloud and hybrid environments.
AWS Systems Manager
designed to automatically protect AWS customers from the most common, frequently occurring types of DDoS attacks at no cost. It uses a variety of analysis techniques to detect and mitigate incoming malicious network traffic in real time.
AWS Shield
web application firewall that monitors network requests that come into your web applications.
AWS WAF
checks the IP address against a web access control list (web ACL)
create and manage cryptographic keys
AWS Key Management Service (AWS KMS)
encrypt and decrypt your data
monitor your sensitive data at rest to make sure it’s safe
Amazon Macie
management of your SSL/TLS certificates that provide data encryption in transit. It can be used to protect various AWS services and your connected on-premises resources.
AWS Certificate Manager (ACM)
SSL/TLS certificates
helps improve the security and compliance of applications by running automated security assessments for **Amazon EC2 instances, containers, and Lambda functions. It checks applications for security vulnerabilities** and deviations from security best practices, such as open access to EC2 instances and installations of vulnerable software versions.
Amazon Inspector
provides intelligent threat detection across your infrastructure and resources. GuardDuty identifies threats by continuously monitoring streams of your account metadata and network activity in your environment.
Amazon GuardDuty
After a threat has been detected, you can further investigate the root cause.
Amazon Detective
specifically designed for the aggregation of security findings across multiple AWS services.
AWS Security Hub
firewalls that you can use to deny traffic on the VPC subnet level.
Network ACLs
are firewalls that you can use on the resource level inside of a VPC subnet. You can use security groups to control inbound and outbound traffic to a resource.
Security Groups
