• - Introduction
    • Security Challenges
    • Shared Responsibility
    • Security of the cloud
    • Security Services in AWS
    • AWS Security Frameworks
    • How to prioritize
    • Evolutive Path
  • 1. Quick Wins
    • Assign security contacts
    • Select the regions & block the rest
    • Evaluate Cloud Security Posture
    • Multi-Factor Authentication
    • Root Protection
    • Identity Federation
    • Cleanup unintended access
    • Detect Common Threats
    • Audit API calls
    • Billing alarms
    • Close risky open admin ports
    • Block Public Access
    • Analyze data security posture
    • Act on Critical Findings
    • WAF with managed rules
    • Evaluate Resilience
  • 2. Foundational
    • Sec & Regulatory requirements
    • Cloud Security Training Plan
    • Inventory & Config Monitoring
    • GuardRails - Org policies SCPs/RCPs
    • Use Temporary Credentials
    • IMDS v2
    • Advanced Threat Detection
    • Infrastructure vulnerabilities
    • Application Vulnerabilities
    • Limit Network Access
    • Secure EC2 Instances Management
    • Network segmentation (VPCs)
    • Multi-account management
    • Data Encryption at rest
    • Data Backups
    • Discover sensitive data
    • Security in Development
    • No secrets in code
    • Define incident response playbooks
    • Use multiple Availability Zones
  • 3. Efficient
    • Design your secure architecture
    • Use infrastructure as code
    • Tagging Strategy
    • Create your compliance reports
    • Least Privilege Review
    • CIAM: security of your customers
    • Custom Threat Detection - SIEM/Lake
    • Security Champions Program
    • DevSecOps: Security in the Pipeline
    • Golden Image Pipeline
    • Anti-Malware / EDR / RP
    • Outbound Traffic Control
    • Encryption in transit
    • Threat Modeling
    • Adv. WAF with Custom Rules
    • DDoS Mitigation (Layer 7)
    • Run TableTop exercises
    • Automate critical playbooks
    • Investigations - Root cause analysis
    • Disaster Recovery Plan
  • 4. Optimized
    • Sharing security tasks (RACI)
    • Automate evidence gathering
    • IAM Data Perimeters
    • IAM Pipeline
    • Temporary Elevated Access
    • Threat Intelligence
    • VPC Flow Logs Analysis
    • Vulnerability Management Team
    • Zero Trust Access
    • Using abstract services
    • GenAI Data protection
    • Red Team
    • Blue Team
    • Advanced Automations
    • Security Orchestration & Ticketing
    • Automate deviation correction
    • Disaster Recovery Automation
    • Chaos Engineering
  • -- Maturity Model
  • - Events calendar
  • - Webinars
  • - Assessment Tools
  • - Whitepapers, FAQ, others
    • Frequently Asked Questions
    • AWS Security Documentation
    • AWS Security Whitepapers
    • Free security services
  • - Contact
  • - Financial Services
    • Amazon Fraud Detector
    • PCI Compliance
    • Payment Cryptography
  • - Survey
  • Clear History

© 2024 Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Home > Foundational

2.- Foundational

In this section you will find controls and recommendations that may take some more effort to implement than QuickWins, but are very important.

Security governance Identify security and regulatory requirements Cloud Security Training Plan
Security assurance Inventory & Configuration monitoring
Identity and access management GuardRails: Organizational Policies with SCPs/RCPs Use Temporary Credentials Instance Metadata Service (IMDS) v2
Threat detection Advanced Threat Detection
Vulnerability management Manage infrastructure vulnerabilities Manage application vulnerabilities
Infrastructure protection Limit Network Access Secure EC2 Instances Management Network segmentation (VPCs) Multi-account management
Data protection Data Encryption at rest Backups Discover sensitive data
Application security Involve security teams in development No secrets in code
Incident response Define incident response playbooks
Resiliency Redundancy using multiple Availability Zones