AWS Cloud Security
Overview Security Services Compliance Offerings Data Protection  Learning  Resources  Partners 
Resources Security Bulletins Blog Customers
Data Protection Data Privacy Center
Shared Responsibility Model Cloud Audit Academy Provable Security Zero Trust
MSSP MSSP Competency Security Competency

Security, Identity, and Compliance on AWS

Secure your workloads and applications in the cloud
Data protection
Identity & access management
Network & application protection
AWS provides services that help you protect your data, accounts, and workloads from unauthorized access. AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects your accounts and workloads.
AWS Identity Services enable you to securely manage identities, resources, and permissions at scale. With AWS, you have identity services for your workforce and customer-facing applications to get started quickly and manage access to your workloads and applications.
Learn more »
Network and application protection services enable you to enforce fine-grained security policy at network control points across your organization. AWS services help you inspect and filter traffic to prevent unauthorized resource access at the host-, network-, and application-level boundaries.
Learn more »
Threat detection & continuous monitoring
Compliance & data privacy
AWS identifies threats by continuously monitoring the network activity and account behavior within your cloud environment.
AWS gives you a comprehensive view of your compliance status and continuously monitors your environment using automated compliance checks based on the AWS best practices and industry standards your organization follows.
Data protection
AWS provides services that help you protect your data, accounts, and workloads from unauthorized access. AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects your accounts and workloads.
Threat detection & continuous monitoring
AWS identifies threats by continuously monitoring the network activity and account behavior within your cloud environment.
Identity & access management
AWS Identity Services enable you to securely manage identities, resources, and permissions at scale. With AWS, you have identity services for your workforce and customer-facing applications to get started quickly and manage access to your workloads and applications.
Learn more »
Compliance & data privacy
AWS gives you a comprehensive view of your compliance status and continuously monitors your environment using automated compliance checks based on the AWS best practices and industry standards your organization follows.
Network and application protection
Network and application protection services enable you to enforce fine-grained security policy at network control points across your organization. AWS services help you inspect and filter traffic to prevent unauthorized resource access at the host-, network-, and application-level boundaries.
Learn more »

AWS Security, Identity, & Compliance services

Category
Use cases
AWS service
Identity & access management
Securely manage access to services and resources

AWS Identity & Access Management (IAM)

Securely manage access to services and resources.

AWS-Identity-and-Access-Management_Icon_32_Squid
AWS Identity & Access Management (IAM)
Cloud single-sign-on (SSO) service

AWS IAM Identity Center

Cloud single sign-on (SSO) service.

AWS-Single-Sign-On_Icon_32_Squid
AWS IAM Identity Center (successor to AWS SSO)
Identity management for your apps

Amazon Cognito

Identify management for your apps.

Amazon-Cognito_Icon_32_Squid
Amazon Cognito
Managed Microsoft Active Directory

AWS Directory Service

Host and manage active directory.

AWS-Directory-Service_Icon_32_Squid
AWS Directory Service
Simple, secure service to share AWS resources

AWS Resource Access Manager

Simple, secure service to share AWS resources.

AWS-Resources-Access-Manager_Icon_32_Squid
AWS Resource Access Manager
Central governance and management across AWS accounts

AWS Organizations

Central governance and management across AWS accounts.

AWS-Organizations_Icon_32_Squid
AWS Organizations
Detection
Automate AWS security checks and centralize security alerts

AWS Security Hub

Automate AWS security checks and centralize security alerts.

AWS-Security-Hub_Icon_32_Squid
AWS Security Hub
Protect AWS accounts with intelligent threat detection

Amazon GuardDuty

Protect AWS accounts with intelligent threat detection.

Amazon-GuardDuty_Icon_32_Squid
Amazon GuardDuty
Automate vulnerability management

Amazon Inspector

Automate vulnerability management.

Amazon-Inspector_Icon_32_Squid
Amazon Inspector
Record and evaluate configurations of your AWS resources

AWS Config

Record and evaluate configurations of your AWS resources.

AWS-Config_Icon_32_Squid
AWS Config
Track user activity and API usage

AWS CloudTrail

Track user activity and API usage.

AWS-Cloud-Trail_Icon_32_Squid
AWS CloudTrail
Security management for IoT devices

AWS IoT Device Defender

Security management for IoT devices.

AWS-IoT-Device-Defender_Icon_32_Squid
AWS IoT Device Defender
Network and application protection
Network security

AWS Network Firewall

Network security.

AWS-Network-Firewall_32
AWS Network Firewall
DDoS protection

AWS Shield

DDoS protection.

AWS-Shield_Icon_32_Squid
AWS Shield
Filter and control outbound DNS traffic for your VPCs

Amazon Route 53 Resolver DNS Firewall

Filter and control outbound DNS traffic for your VPCs.

route-53_dark-icon
Amazon Route 53 Resolver DNS Firewall
Filter malicious web traffic

AWS Web Application Firewall (WAF)

Filter malicious web traffic.

WAF icon
AWS Web Application Firewall (WAF)
Central management of firewall rules

AWS Firewall Manager

Central manangement of firewall rules.

AWS-Firewall-Manager_Icon_32_Squid
AWS Firewall Manager
Data protection
Discover and protect your sensitive data at scale

Amazon Macie

Discover and protect your sensitive data at scale

Amazon-Macie-Icon_32_Squid
Amazon Macie
Key storage and management

AWS Key Management Service (KMS)

Managed creation and control of encryption keys.

AWS-Key-Management-Services_Icon_32_Squid
AWS Key Management Service (KMS)
Hardware based key storage for regulatory compliance

AWS CloudHSM

Hardware-based key storage for regulatory compliance.

AWS-CloudHSM_Icon_32_Squid
AWS CloudHSM
Provision, manage, and deploy public and private SSL/TLS certificates

AWS Certificate Manager

Provision, manage, and deploy SSL/TLS certificates.

AWS-Certificate-Manager_Icon_32_Squid
AWS Certificate Manager
Rotate, manage, and retrieve secrets

AWS Secrets Manager

Rotate, manage, and retrieve secrets.

AWS-Secrets-Manager_Icon_32_Squid
AWS Secrets Manager
Incident response
Investigate potential security issues

Amazon Detective

Investigate potential security issues.

AWS-Detective_Icon_32_Squid
Amazon Detective
Scalable, cost-effective application recovery to AWS

 AWS Elastic Disaster Recovery

Scalable, cost-effective application recovery to AWS

AWS-CloudEndure-Disaster-Recovery_Icon_32_Squid
AWS Elastic Disaster Recovery
Compliance
No cost, self-service portal for on-demand access to AWS’ compliance reports

AWS Artifact

On-demand access to AWS' compliance reports.

AWS-Artifact_Icon_32_Squid
AWS Artifact
Continuously audit your AWS usage to simplify how you assess risk and compliance

AWS Audit Manager

Continuously audit your AWS usage.

AWS-Audit-Manager_32
AWS Audit Manager

AWS Security, Identity, & Compliance services

Category Use cases AWS service
Identity & access management Manage user access and encryption keys   AWS Identity & Access Management (IAM)
Cloud single-sign-on (SSO) service
 AWS IAM Identity Center (successor to SSO)
Identity management for your apps Amazon Cognito
Managed Microsoft Active Directory AWS Directory Service
Simple, secure service to share AWS resources AWS Resource Access Manager
Central governance and management across AWS accounts AWS Organizations
Detection
 Unified security and compliance center AWS Security Hub
Managed threat detection service Amazon GuardDuty
Analyze application security Amazon Inspector
Record and evaluate configurations of your AWS resources AWS Config
Track user activity and API usage AWS CloudTrail
Security management for IoT devices AWS IoT Device Defender
Infrastructure protection Network security AWS Network Firewall
DDoS protection AWS Shield
Filter malicious web traffic AWS Web Application Firewall (WAF)
Central management of firewall rules AWS Firewall Manager
Data protection Discover and protect your sensitive data at scale Amazon Macie
Key storage and management
 AWS Key Management Service (KMS)
Hardware based key storage for regulatory compliance
 AWS CloudHSM
Provision, manage, and deploy public and private SSL/TLS certificates AWS Certificate Manager
Rotate, manage and retrieve secrets AWS Secrets Manager
Incidence response Investigate potential security issues Amazon Detective
Fast, automated, cost- effective disaster recovery CloudEndure Disaster Recovery
Compliance No cost, self-service portal for on-demand access to AWS’ compliance reports AWS Artifact
Continuously audit your AWS usage to simplify how you assess risk and compliance AWS Audit Manager
Securing workloads on AWS
To make it easier for you to secure your workloads on AWS, we also provide the world’s most secure cloud platform.

What's new in Security, Identity, & Compliance?
View all >>

Customers

Snap logo

"We love it when we are able to simply provide extra security without any inconvenience."

- Roger Zou on Amazon GuardDuty
Snap Inc.

Thermo Fisher Scientific logo
Gett
robinhood logo
Delaware North logo
City of Chicago seal
Here logo
British Gas logo
Canary logo
University of Maryland logo
Expedia Group logo
Crop Trust logo
Soundcloud logo
Contact an AWS Business Representative
Have Questions? Connect with an AWS Business Representative
Exploring security roles?
Apply today »
Want AWS Security updates?
Follow us on Twitter »