Overview
AWS Security Baseline is a set of controls that create a minimum foundation for projects to build securely on AWS without decreasing their agility. It integrates with existing accounts that host and maintain your project’s runtime platform workloads and services. These controls form the basis of your security posture and are focused on:
-
Security & Compliance: Establish a security baseline for each account.
-
Secure Defaults: All accounts are configured with safe baselines, including mandatory MFA, encrypted EBS by default, and secure S3 bucket policies.
-
AWS Security Audit: Enable Cloudwatch alerts for all AWS Cloudtrail monitored services, centralizing audit operations.
-
IAM Access Analyzer: Identifies shared resources and potential security risks.
-
VPC Flow Logs: Enabled for all accounts with a VPC.
-
AWS Security Compliance: Use AWS Config for inventory, configuration history, and compliance-as-code framework. Additionally, AWS Inspector provides automated security assessments.
-
AWS Security Monitoring: Amazon GuardDuty offers threat detection across all AWS accounts, while AWS Security Hub provides a comprehensive view of high-priority security alerts.
-
Encryption Keys: AWS KMS CMKs are created for services requiring encryption, ensuring lifecycle management and permission control.
Highlights
- While the AWS Security Baseline favors best practices aligned with CIS AWS Foundations Benchmark standards, SOC2 , HIPAA and ISO 27001 conformance rules, it won't strictly adhere to any specific compliance framework during this phase. It's recommended to review and audit for specific regulation conformance after workloads are operational.
- The design presented in this document is inspired by several official AWS official recommendations such as: Establishing your best practice AWS environment - Amazon Web Services, AWS Well-Architected - Build secure, efficient cloud applications, and The AWS Security Reference Architecture - AWS Prescriptive Guidance.
Details
Pricing
Custom pricing options
Legal
Content disclaimer
Resources
Vendor resources
Support
Vendor support
+1 786 2244551 info@binbash.co 8250 West Flagler St Miami, FL 33144, US