* * *

[[_TOC_]]

* * *

**Identity Services**
---------------------

Define, enforce, and audit user permissions across AWS services, actions, and resources.

|   Service   |   Description   |
| --- | --- |
|   AWS Identity and Access Management (IAM)   |   Securely control access to AWS services and resources for your users     |
| AWS Secrets Manager | Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle |
|   AWS Organizations   |   Policy-based management for multiple AWS accounts     |
|   AWS Cognito   |   Add user sign-up/sign-in and access control to your web and mobile apps quickly and easily     |
|   AWS Directory Services   |   Managed Microsoft Active Directory in the AWS Cloud     |
|   AWS Single Sign-On (SSO)   |   Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications     |

**Detective Control Services**
------------------------------

Use these tools to gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment.

| Service |   Description   |
| --- | --- |
|   AWS CloudTrail   |   Track user activity and API usage     |
|   AWS Config   |   Record and evaluate configurations of your AWS resources     |
|   Amazon CloudWatch   |   A monitoring service for AWS cloud resources and the applications you run on AWS     |
|   Amazon GuardDuty   |   Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads     |
|   VPC Flow Logs   |   Enables you to capture information about the IP traffic going to and from network interfaces in your VPC     |
| ​AWS Security Hub (SecHub) | ​Centrally view and manage security alerts and automate compliance checks. |
| Amazon Detective  | Analyze and visualize security data to rapidly get to the root cause of potential security issues |

**Infrastructure Security Services**
------------------------------------

Reduce surface area to manage and increase privacy for and control of your overall infrastructure on AWS.

|   Service   |   Description   |
| --- | --- |
|   Amazon Systems Manager   |   Automate key management tasks to prevent configuration drift from your specified system policies     |
|   AWS Shield   |   Managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS     |
|   AWS Web Application Firewall (WAF)   |   Web application firewall that helps detect and block malicious web requests targeted at your web applications     |
| AWS Firewall Manager | AWS Firewall Manager is a security management service that makes it easier to centrally configure and manage AWS WAF rules across your accounts and applications |
|   Amazon Inspector   |   Automated security assessment service to help improve the security and compliance of applications deployed on AWS     |
|   Amazon Virtual Private Cloud (VPC)   |   Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define   |

**Data Protection Services**
----------------------------

In addition to our automatic data encryption and management services, employ more features for data protection (including data management, data security, and encryption key storage).

| Service |   Description   |
| --- | --- |
|   AWS Key Management Service (KMS)   |   Easily create and control the keys used to encrypt your data     |
|   AWS CloudHSM   |   Cost-effective managed hardware security module (HSM) on the AWS Cloud     |
|   Amazon Macie   |   A machine learning-powered security service to discover, classify, and protect sensitive data     |
|   AWS Certificate Manager   |   Easily provision, manage, and deploy SSL/TLS certificates for use with AWS services     |
|   Server Side Encryption   |   Seamless encryption with supported AWS services   |
| Client Side Encryption | Managed encryption library with AWS Encryption SDK and AWS services specific clients |

**Incident Response Services**
------------------------------

During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides the following tools to automate aspects of this best practice. 

| Service |   Description   |
| --- | --- |
|   AWS Config Rules   |   Record and evaluate configurations of your AWS resources     |
|   AWS Lambda   |   Execute code without servers in response to triggers such as changes in data, shifts in system state, or actions by users     |

 **Attachments:**