AWS Cloud

I'd like information about Security in the Cloud »

Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.

The AWS cloud provides you with a platform to scale and innovate, while still maintaining a secure environment. You only pay for the services that you use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment.

My working assumption a year ago was that the cloud wasn’t as secure as a brick data center. Now, I’m convinced it’s more secure and there’s less risk. We definitely get that from AWS.
Adrian Heeson Operations Director
  Service   Product Type
  Description
AWS Artifact Compliance Reports The AWS Artifact portal provides on-demand access to AWS' security and compliance documents, also known as audit artifacts.
AWS Certificate Manager SSL/TLS Certificates AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.
Amazon Cloud Directory Directory Amazon Cloud Directory enables you to build flexible cloud-native directories for organizing hierarchies of data along multiple dimensions. 
AWS CloudHSM Key Storage & Management The AWS CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS cloud. 
Amazon Cognito User Sign Up & Sign In Amazon Cognito lets you add user sign-up/sign-in and access control to your web and mobile apps quickly and easily.
AWS Directory Service Directory AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as AWS Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud.
Amazon GuardDuty Threat Detection Amazon GuardDuty is a managed threat detection service that provides you with a more accurate and easy way to continuously monitor and protect your AWS accounts and workloads. 
AWS Identity and Access Management (IAM) Access Control Use AWS Identity and Access Management (IAM) to control users' access to AWS services. Create and manage users and groups, and grant or deny access.
Amazon Inspector
Security Assessment Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
AWS Key Management Service Key Storage & Management AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.
Amazon Macie Sensitive Data Classification Amazon Macie is a machine learning-powered security service to discover, classify, and protect sensitive data.
AWS Organizations Multiple Account Management AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts and then apply policies to those groups.
AWS Shield DDoS Protection AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS.
AWS Single Sign-On Single Sign-On (SSO) AWS Single Sign-On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications.
AWS WAF
Web Application Firewall
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

The AWS Artifact portal provides on-demand access to AWS’ security and compliance documents, also known as audit artifacts. Examples of audit artifacts include Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls.

You can demonstrate the security and compliance of your AWS infrastructure and services by downloading audit artifacts from AWS Artifact, and submitting them to your auditors or regulators.

You can access the AWS Artifact portal directly from the AWS Management Console »


AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet. AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. With AWS Certificate Manager, you can quickly request a certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let AWS Certificate Manager handle certificate renewals. SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.

For more information, visit the AWS Certificate Manager product page »


Amazon Cloud Directory enables you to build flexible cloud-native directories for organizing hierarchies of data along multiple dimensions. With Cloud Directory, you can create directories for a variety of use cases, such as organizational charts, course catalogs, and device registries. While traditional directory solutions, such as Active Directory Lightweight Directory Services (AD LDS) and other LDAP-based directories, limit you to a single hierarchy, Cloud Directory offers you the flexibility to create directories with hierarchies that span multiple dimensions. For example, you can create an organizational chart that can be navigated through separate hierarchies for reporting structure, location, and cost center.

Amazon Cloud Directory automatically scales to hundreds of millions of objects and provides an extensible schema that can be shared with multiple applications. As a fully-managed service, Cloud Directory eliminates time-consuming and expensive administrative tasks, such as scaling infrastructure and managing servers. You simply define the schema, create a directory, and then populate your directory by making calls to the Cloud Directory API.

For more information, visit the Amazon Cloud Directory product page »


The AWS CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS cloud. With CloudHSM, you control the encryption keys and cryptographic operations performed by the HSM.

For more information, visit the AWS CloudHSM product page »


Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Cognito scales to millions of users, and supports sign-in with social identity providers such as Facebook, Google, and Amazon. User can also sign-in with their enterprise identity providers via SAML 2.0.

For more information, visit the Amazon Cognito product page »


AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as AWS Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. The Microsoft AD service is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. You can use standard Active Directory administration tools and take advantage of built-in Active Directory features such as Group Policy, trusts, and single sign-on. With Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances to a domain, and use AWS Enterprise IT applications such as Amazon WorkSpaces with Active Directory users and groups.

For more information, visit the AWS Directory Service product page »


Amazon GuardDuty is a managed threat detection service that provides you with a more accurate and easy way to continuously monitor and protect your AWS accounts and workloads. With just a few clicks, GuardDuty immediately begins analyzing billions of events from multiple AWS log sources. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to detect threats more accurately. For example, GuardDuty can detect compromised EC2 instances serving malware or mining bitcoin. It can detect attackers probing your web servers for known application vulnerabilities, or accessing your AWS resources from unusual locations. It also checks your AWS accounts for signs of compromise, such as unauthorized infrastructure deployments or unusual API calls. When a threat is detected, GuardDuty sends you a detailed security alert so you can take steps to address the threat. With GuardDuty, you get intelligent threat detection and actionable alerts in an easy to use, pay as you go cloud security service.

For more information, visit the Amazon GuardDuty product page »


AWS Identity and Access Management (IAM) is an acesss management service for your AWS cloud resources. AWS IAM enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

For more information, visit the AWS IAM product page »


Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.

To help you get started quickly, Amazon Inspector includes a knowledge base of hundreds of rules mapped to common security best practices and vulnerability definitions. Examples of built-in rules include checking for remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers.

For more information, visit the Amazon Inspector product page »


AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

For more information, visit the AWS Key Management Service (KMS) product page »


Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks. Today, Amazon Macie is available to protect data stored in Amazon S3, with support for additional AWS data stores coming later this year.

For more information, visit the Amazon Macie product page »


AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts and then apply policies to those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.

Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. You can also use Organizations to help automate the creation of new accounts through APIs. Organizations helps simplify the billing for multiple accounts by enabling you to setup a single payment method for all the accounts in your organization through consolidated billing. AWS Organizations is available to all AWS customers at no additional charge.

For more information, visit the AWS Organizations product page »


AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced.

All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications.

For more information, visit the AWS Shield product page »


AWS Single Sign-On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications. It enables users to sign in to a user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place. With AWS SSO, you can easily manage SSO access and user permissions to all of your accounts in AWS Organizations centrally. Further, by using the AWS SSO application configuration wizard, you can create Security Assertion Markup Language (SAML) 2.0 integrations and extend SSO access to any of your SAML-enabled applications. AWS SSO also includes built-in SAML integrations to many business applications, such as Salesforce, Box, and Office 365. With just a few clicks, you can enable a highly available SSO service without the upfront investment and on-going maintenance costs of operating your own SSO infrastructure.

For more information, visit the AWS Single Sign-On product page »


AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.

For more information, visit the AWS WAF product page »


Organizations of all sizes are moving their workloads to AWS because of its agile, scalable and secure cloud infrastructure. These workloads often have unique security needs and that's what our security partners provide to AWS customers. Security on AWS is a shared responsibility, and one that applies differently for different customers. It requires that partners and AWS work with the customer to achieve desired outcomes.

The following featured security partners can help you deploy built-for-AWS, automated, and scalable security solutions designed to grow as your infrastructure grows. 

View featured APN Partners

feature_380x130_security-compliance
Learn More »