Security, Identity, and Compliance on AWS

Secure your workloads and applications in the cloud
Data protection
Infrastructure protection
AWS provides services that help you protect your data, accounts, and workloads from unauthorized access. AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects your accounts and workloads.
AWS protects web applications by filtering traffic based on rules that you create. For example, you can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, which allows you to block common attack patterns, such as SQL injection or cross-site scripting.
Threat detection & continuous monitoring
Compliance & data privacy
AWS identifies threats by continuously monitoring the network activity and account behavior within your cloud environment.
AWS gives you a comprehensive view of your compliance status and continuously monitors your environment using automated compliance checks based on the AWS best practices and industry standards your organization follows.
Data protection
AWS provides services that help you protect your data, accounts, and workloads from unauthorized access. AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects your accounts and workloads.
Threat detection & continuous monitoring
AWS identifies threats by continuously monitoring the network activity and account behavior within your cloud environment.
Identity & access management
AWS Identity Services enable you to securely manage identities, resources, and permissions at scale. With AWS, you have identity services for your workforce and customer-facing applications to get started quickly and manage access to your workloads and applications.
Compliance & data privacy
AWS gives you a comprehensive view of your compliance status and continuously monitors your environment using automated compliance checks based on the AWS best practices and industry standards your organization follows.
Infrastructure protection
AWS protects web applications by filtering traffic based on rules that you create. For example, you can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, which allows you to block common attack patterns, such as SQL injection or cross-site scripting.

AWS Security, Identity, & Compliance services

Category
Use cases
AWS service
Securely manage access to services and resources

AWS Identity & Access Management (IAM)

Securely manage access to services and resources.

Cloud single-sign-on (SSO) service

AWS Single Sign-On

Cloud single sign-on (SSO) service.

Identity management for your apps

Amazon Cognito

Identify management for your apps.

Managed Microsoft Active Directory

AWS Directory Service

Host and manage active directory.

Simple, secure service to share AWS resources

AWS Resource Access Manager

Simple, secure service to share AWS resources.

Central governance and management across AWS accounts

AWS Organizations

Central governance and management across AWS accounts.

Detection
Unified security and compliance center

AWS Security Hub

Unified security and compliance center.

Managed threat detection service

Amazon GuardDuty

Managed threat detection service.

Analyze application security

Amazon Inspector

Analyze application security.

Record and evaluate configurations of your AWS resources

AWS Config

Record and evaluate configurations of your AWS resources.

Track user activity and API usage

AWS CloudTrail

Track user activity and API usage.

Security management for IoT devices

AWS IoT Device Defender

Security management for IoT devices.

Infrastructure protection
DDoS protection

AWS Shield

DDoS protection.

Filter malicious web traffic

AWS Web Application Firewall (WAF)

Filter malicious web traffic.

Central management of firewall rules

AWS Firewall Manager

Central manangement of firewall rules.

Data protection
Discover and protect your sensitive data at scale

Amazon Macie

Discover and protect your sensitive data at scale

Key storage and management

AWS Key Management Service (KMS)

Managed creation and control of encryption keys.

Hardware based key storage for regulatory compliance

AWS CloudHSM

Hardware-based key storage for regulatory compliance.

Provision, manage, and deploy public and private SSL/TLS certificates

AWS Certificate Manager

Provision, manage, and deploy SSL/TLS certificates.

Rotate, manage, and retrieve secrets

AWS Secrets Manager

Rotate, manage, and retrieve secrets.

Incident response
Investigate potential security issues

Amazon Detective

Investigate potential security issues.

Fast, automated, cost- effective disaster recovery

CloudEndure Disaster Recovery

Fast, automated, cost-effective disaster recovery.

Compliance
No cost, self-service portal for on-demand access to AWS’ compliance reports

AWS Artifact

On-demand access to AWS' compliance reports.

AWS Security, Identity, & Compliance services

Category Use cases AWS service
Identity & access management Manage user access and encryption keys   AWS Identity & Access Management (IAM)
Cloud single-sign-on (SSO) service
AWS Single Sign-On
Identity management for your apps Amazon Cognito
Managed Microsoft Active Directory AWS Directory Service
Simple, secure service to share AWS resources AWS Resource Access Manager
Central governance and management across AWS accounts AWS Organizations
Detection
Unified security and compliance center AWS Security Hub
Managed threat detection service Amazon GuardDuty
Analyze application security Amazon Inspector
Record and evaluate configurations of your AWS resources AWS Config
Track user activity and API usage AWS CloudTrail
Security management for IoT devices AWS IoT Device Defender
Infrastructure protection DDoS protection AWS Shield
Filter malicious web traffic AWS Web Application Firewall (WAF)
Central management of firewall rules AWS Firewall Manager
Data protection Discover and protect your sensitive data at scale Amazon Macie
Key storage and management
AWS Key Management Service (KMS)
Hardware based key storage for regulatory compliance
AWS CloudHSM
Provision, manage, and deploy public and private SSL/TLS certificates AWS Certificate Manager
Rotate, manage and retrieve secrets AWS Secrets Manager
Incidence response Investigate potential security issues Amazon Detective
Fast, automated, cost- effective disaster recovery CloudEndure Disaster Recovery
Compliance No cost, self-service portal for on-demand access to AWS’ compliance reports AWS Artifact
Securing workloads on AWS
To make it easier for you to secure your workloads on AWS, we also provide the world’s most secure cloud platform.

Customers

Snap logo

"We love it when we are able to simply provide extra security without any inconvenience."

- Roger Zou on Amazon GuardDuty
Snap Inc.

Thermo Fisher Scientific logo
Gett
robinhood logo
Delaware North logo
Department of Defense logo
Here logo
British Gas logo
Canary logo
University of Maryland logo
Crop Trust logo
Soundcloud logo
Contact an AWS Business Representative
Have Questions? Connect with an AWS Business Representative
Exploring security roles?
Apply today »
Want AWS Security updates?
Follow us on Twitter »