- AWS›
- AWS Prescriptive Guidance›
- Security Reference Architecture
AWS Security Reference Architecture
Holistically design, implement, and manage AWS security services in an AWS multi-account environment following AWS recommended practices
About the AWS SRA library
The AWS Security Reference Architecture (AWS SRA) provides technical guidance, implementation code, and a validation tool that can help you build a multi-account security architecture on AWS. The library of technical guides provides architectural blueprints for designing and building security architectures on AWS. The guides consist of two complementary categories that cover the core architecture and deep dive architectures. The implementation code is available in AWS CloudFormation and HashiCorp Terraform, and it supports environments with or without AWS Control Tower. The validation tool is open sourced to help programmatically validate an existing environment against AWS SRA best practices.
Core architecture
The AWS SRA core architecture guide represents a foundation for the recommended AWS security architecture. It is the starting point that applies to all organizations, regardless of their industry, application type, or any other considerations. This foundation helps you build a strong and scalable architecture on AWS and helps create a strong AWS multi-account security baseline that securely scales as your business grows. The core architecture guide is complemented by additional publications that provide architectural patterns aligned to specific security capabilities, application types, and compliance or regulatory requirements. These patterns extend the core architecture and should be used in conjunction with the core architecture guide.
Security capabilities
Deep-dive architectural patterns for security capabilities
Application types
Deep-dive architectural patterns for specific application types
Compliance frameworks
Using the AWS SRA
Design
Follow the architectural patterns and recommendations in the AWS SRA guides to define your security architecture. Start with the foundational account structure and security services, and customize for your technology stack and requirements.
Validate
Use the SRA Verify security assessment tool to perform security checks across your AWS environment. The tool provides detailed findings and remediation guidance to help you comply with AWS security best practices.
Build
Use the templates and examples in the code library as a starting point to implement some of the patterns provided in the AWS SRA. The examples provide AWS CloudFormation and HashiCorp Terraform deployment options, and support both AWS Control Tower and non‒AWS Control Tower environments.
Working with AWS has been really liberating for us and our clients from a security perspective. The AWS Security Reference Architecture provides a roadmap that helps our clients maintain an edge in security.
Peter LaMontagne
CEO, SMXAWS event videos
Tell us what you think
We value your feedback on the AWS SRA and would appreciate your insights to help us improve this content series. Please take a few minutes to complete our brief survey and share your experience with the architecture guidance and implementation materials.