AWS Cloud Security: Cheat Sheet
AWS integrates security into the foundation of its cloud infrastructure and provides essential services to help organizations meet their specific security needs.. AWS provides a comprehensive suite of security-related services (AWS SRA) to protect cloud environments from threats, ensure compliance, and strengthen security posture. This cheat sheet will help you quickly understand and implement AWS security services effectively.
Identity and Access Management
AWS Identity and Access Management (IAM)
- Manage user access and permissions securely.
- Use IAM roles, policies, and groups to control access.
- Implement MFA (Multi-Factor Authentication) for extra security.
AWS Single Sign-On (SSO)
- Centralized user authentication across AWS accounts and apps.
- Enables integration with Microsoft Active Directory.
AWS Directory Service
- Managed Microsoft Active Directory, Simple AD, and AD Connector.
- Allows AWS resources to authenticate against an existing directory.
Network Security
AWS Security Groups & Network ACLs
- Security Groups: Stateful, instance-level firewalls.
- Network ACLs: Stateless, subnet-level firewalls.
AWS Web Application Firewall (AWS WAF)
- Protects web apps from common threats (SQL injection, XSS, etc.).
- Use managed rules for quick deployment.
AWS Shield
- DDoS protection for AWS services.
- Standard (free) and Advanced (paid) tiers.
AWS Firewall Manager
- Centralized management of WAF, Shield, and security policies.
- Helps enforce compliance across multiple AWS accounts.
Threat Detection & Monitoring
Amazon GuardDuty
- AI-driven threat detection for AWS workloads.
- Detects anomalies, compromised accounts, and malicious activities.
AWS Security Hub
- Unified security monitoring across AWS services.
- Aggregates findings from GuardDuty, IAM Access Analyzer, and more.
AWS Detective
- Investigates and visualizes security issues.
- Helps analyze logs from AWS CloudTrail, VPC Flow Logs, and GuardDuty.
Amazon Inspector
- Automates vulnerability assessments.
- Scans for software vulnerabilities and insecure configurations.
Data Protection & Compliance
AWS Key Management Service (KMS)
- Secure key management for encryption.
- Integrates with AWS services to encrypt data at rest and in transit.
AWS Certificate Manager (ACM)
- Manages SSL/TLS certificates for secure communications.
- Automates certificate provisioning and renewal.
AWS Macie
- Uses machine learning to detect sensitive data (PII, financial info, etc.).
- Helps with compliance requirements like GDPR and HIPAA.
AWS Audit Manager
- Automates compliance audits.
- Maps AWS usage data to compliance standards (SOC 2, ISO, NIST, etc.).
Logging & Incident Response
AWS CloudTrail
- Logs all AWS API activity.
- Essential for security auditing and forensic investigations.
AWS Config
- Tracks configuration changes in AWS resources.
- Enables automated compliance checks.
Amazon CloudWatch Logs
- Monitors and collects log data from AWS services.
- Integrates with SIEM tools for security analysis.
AWS Resilience Hub
- Helps measure and improve application resilience.
- Simulates security incidents for response testing.
Best Practices for AWS Security
- Follow the Principle of Least Privilege (PoLP) – Grant only the necessary permissions.
- Enable Multi-Factor Authentication (MFA) – Secure IAM users and roles.
- Use AWS Organizations & SCPs – Enforce security policies across accounts.
- Implement Encryption Everywhere – Use AWS KMS and ACM for data protection.
- Monitor & Respond to Threats – Set up GuardDuty, Security Hub, and CloudTrail alerts.
- Regularly Conduct Security Audits – Leverage AWS Audit Manager and Inspector.
| Use Case | AWS Service | Key Features |
|---|---|---|
| Identity & Access Management | AWS IAM | Role-based access control, policy management, MFA support |
| Single Sign-On (SSO) | AWS SSO | Centralized authentication across AWS accounts and applications |
| Active Directory Integration | AWS Directory Service | Managed Microsoft AD, Simple AD, AD Connector |
| Firewall & Network Security | AWS Security Groups & NACLs | Stateful and stateless network-level firewalls |
| Web Application Protection | AWS WAF | Protects against SQL injection, XSS, and other web threats |
| DDoS Protection | AWS Shield | Standard (free) and Advanced (paid) DDoS protection |
| Centralized Security Policy Management | AWS Firewall Manager | Enforces security rules across multiple AWS accounts |
| Threat Detection & Monitoring | Amazon GuardDuty | AI-driven threat detection and anomaly detection |
| Unified Security Monitoring | AWS Security Hub | Aggregates and prioritizes security findings from multiple services |
| Security Investigation & Analysis | AWS Detective | Analyzes CloudTrail logs, VPC Flow Logs, and GuardDuty alerts |
| Vulnerability Scanning | Amazon Inspector | Automated assessment of software vulnerabilities and security configurations |
| Encryption & Key Management | AWS Key Management Service (KMS) | Secure key storage, encryption for AWS services |
| SSL/TLS Certificate Management | AWS Certificate Manager (ACM) | Automates certificate provisioning and renewal |
| Sensitive Data Detection | AWS Macie | Machine learning-based detection of PII, financial data |
| Compliance & Audit Management | AWS Audit Manager | Automates compliance assessments for SOC 2, ISO, NIST |
| Activity Logging & API Monitoring | AWS CloudTrail | Records AWS API calls and user activity for auditing |
| Configuration & Compliance Tracking | AWS Config | Tracks and evaluates changes to AWS resources |
| Log Management & Monitoring | Amazon CloudWatch Logs | Collects and monitors logs for analysis and alerting |
| Resilience & Incident Simulation | AWS Resilience Hub | Assesses application resilience and simulates security incidents |
AWS Security Resources & Further Reading
For more details, check out these AWS security resources:
- AWS Security Documentation – https://docs.aws.amazon.com/security/
- AWS Identity and Access Management (IAM) – https://aws.amazon.com/iam/
- AWS Security Hub – https://aws.amazon.com/security-hub/
- Amazon GuardDuty – https://aws.amazon.com/guardduty/
- AWS Compliance Center – https://aws.amazon.com/compliance/
- AWS Well-Architected Framework – Security Pillar – https://aws.amazon.com/architecture/well-architected/
- AWS Security Blog – https://aws.amazon.com/blogs/security/
AWS provides powerful security tools, but proactive configuration and continuous monitoring are key to keeping cloud environments secure. Use this cheat sheet as a quick reference to strengthen your AWS security strategy.
Last Updated on March 6, 2025 by Lauryn Colatuno
