In this section we will cover functionalities or configurations that are simple to carry out or enable, and that add a lot of value to strengthen security. The “Quick Wins” or “Low hanging fruits”. All of these recommendations can be implemented in less than a week and will achieve many improvements in your security posture.
| Security governance | Assign Security contacts Select the region(s) |
| Security assurance | Automate alignment with best practices using AWS Security Hub |
| Identity and access management | Multi-Factor Authentication Avoid using Root and audit it Access and role analysis with IAM Access Analyzer |
| Threat detection | Threat Detection with Amazon GuardDuty Audit API calls with AWS CloudTrail Remediate security findings found by AWS Trusted Advisor Billing alarms for anomaly detection |
| Vulnerability management | |
| Infrastructure protection | Limit access using Security Groups |
| Data protection | Amazon S3 Block Public Access Analyze data security posture with Amazon Macie |
| Application security | AWS WAF with managed rules |
| Incident response | Act on Amazon GuardDuty findings |