AWS Security Blog

Update of AWS Security Reference Architecture is now available

We’re happy to announce that an updated version of the AWS Security Reference Architecture (AWS SRA) is now available. The AWS SRA is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. You can use it to help your organization to design, implement, and manage AWS security services so that they align with AWS best practices. The guidance is deeply informed by our collective experiences with AWS enterprise customers.

The AWS SRA update includes seven additional services and features, as well as updated guidance on all services in the AWS SRA with a special focus on service integrations. The AWS SRA update also includes new content about how your organization can use the AWS SRA to design, review, and assess your security architecture. We used direct customer feedback and our experience helping customers use the AWS SRA, as well as including new AWS service and feature releases, to make these updates.

At the core of the AWS SRA documentation is the AWS Security Reference Architecture, a one-page architecture diagram that includes all the security services in a multi-account environment, as shown in Figure 1.

Figure 1: AWS SRA one-page architecture diagram

Figure 1: AWS SRA one-page architecture diagram

In the AWS SRA, you’ll find additional documentation about the AWS SRA architecture diagram that dives deep into account structure, the reasoning behind why a specific security service is deployed in a particular account, and how the security services connect and relate to each other.

Update highlights

Based on direct customer feedback, new service and feature releases, and our experience helping customers use the AWS SRA, we’ve included the following changes in the AWS SRA update:

In addition to the architecture diagram and documented guidance, the AWS SRA code repository is regularly updated and has evolved considerably since its initial release. Highlights of the repository include a Quick Setup that uses a centralized AWS CloudFormation template, simplified deployment of the example solutions using nested stacks, updated documentation with diagrams and templates for all solutions, AWS Config management account solution, a Security Hub organization solution, an account alternate contacts solution, and more.

Getting started with the AWS SRA

There are different ways to use the AWS SRA, depending on where you are in your cloud adoption journey. The following are some recommendations to help you get the most value out of the AWS SRA:

  • Define the target state of your security architecture.
  • Review the designs and capabilities that you’ve already designed.
  • Bootstrap the implementation of your security architecture.
  • Learn more about AWS security services and features.
  • Start a discussion about organizational governance and responsibilities for security.

For more information and to get started, see the updated AWS Security Reference Architecture (AWS SRA) documentation. For example solutions that demonstrate how to implement patterns within the AWS Security Reference Architecture guide, see the aws-security-reference-architecture-examples GitHub repository.

We greatly value feedback and contributions from our community. To share your thoughts and insights about the AWS SRA guide, your experience using it, and what you want to see in future versions of the AWS SRA, complete the AWS Proscriptive Guidance feedback form online. If you have feedback about the example code in the GitHub repository, open a GitHub Issue.

If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.

Want more AWS Security news? Follow us on Twitter.

Balu Mathew

Balu Mathew

Balu Mathew is a Senior Security Consultant with expertise in DevOps, AppSec and Data Protection. His mission is to help customers understand solution best practices that can reduce the time and resources required for improving their company’s security and compliance outcomes.