This brief offers baseline security guidance and best practices for securely setting up an AWS account for the first time. It includes how to communicate with AWS, how to manage and control user access within an account, and how to monitor and audit user activities. For more details »

This brief provides best practices and strategic guidance to help establish an initial set of controls using IAM. It explains how to secure an administrator account, create new IAM users, groups, and policies, and how to set a solid IAM foundation for your growing organization. For more details »

AWS provides many service-specific security and audit logs to help customers meet their compliance requirements. This brief provides a consolidated, high-level overview of the different AWS services, the security and audit log data they generate, and where this information is stored. For more details »


This brief provides OS-specific best practices, features, and recommendations for securing Amazon EC2 instances running Microsoft Windows. It includes considerations for user and API access, data encryption, change management, and other topics. For more details »

This brief provides OS-independent best practices and prescriptive advice for applying server-level controls to Amazon VPC virtual instances. It includes considerations for user and API access, data encryption, change management, and other topics. For more details »

AWS customers have complete control over their Amazon EC2 virtual instances, giving you the flexibility to choose the OS-level access controls that are right for your business. This brief includes best practices for controlling OS-level access and describes two prescriptive approaches for EC2 access management: emergency-only access or leveraging a centralized directory service. For more details »


In the event on a Distributed Denial of Service (DDoS) attack, AWS customers can leverage multiple capabilities to absorb and deflect unwanted traffic while working with AWS support to mitigate the issue. This brief provides general best practices for DDoS security, identifies key AWS services for mitigating DDoS attacks, and describes high-level attack mitigation approaches for common application patterns. For more details »

Configuring a web application firewall (WAF) strategy can be challenging for large and small organizations alike. This answer provides a prescriptive AWS solution that automatically deploys a set of AWS WAF rules designed to filter common web-based attacks. For more details »

Tell us what you think