Security Learning

Why AWS?

Security in the cloud is similar to security in your on-premises data centers — only without the costs of maintaining facilities and hardware. In the cloud, you don’t have to manage physical servers or storage devices. Instead, you use software-based security tools to monitor and protect the flow of information into and of out of your cloud resources. For this reason, cloud security is a Shared Responsibility between the customer and AWS, where customers are responsible for “security in the cloud” and AWS is responsible for “security of the cloud.”

The AWS cloud allows you to scale and innovate while maintaining a secure environment. As an AWS customer, you will benefit from data centers and network architecture designed to meet the requirements of the most security-sensitive organizations. AWS infrastructure is custom-built for the cloud and is monitored 24x7 to help protect the confidentiality, integrity, and availability of our customers’ data. Browse this page to learn more about key topics, areas of research, and training opportunities for cloud security on AWS.

Use Cases

Security Documentations

Security is a key component of your decision to use the cloud. This documentation can help your organization get in-depth information about both the built-in and the configurable security of AWS services. This information goes beyond “how-to” and can help developers — as well as Security, Risk Management, Compliance, and Product teams — assess a service prior to use, determine how to use a service securely, and get updated information as new features are released. To learn more about how customers use security documentation, read the AWS Security blog post.

Training

Organizations need individuals with deep security knowledge to help protect their business. AWS training courses enable you to build the skillset you need to meet your security and compliance objectives. With a variety of content and training materials curated by experts at AWS, you can stay up-to-date with evolving best practices and security trends in the industry — whether you’re new to the cloud or “all-in” on AWS.

Learn more about Training

Cloud Audit Academy

Cloud Audit Academy (CAA) is an AWS Security Auditing Learning Path designed for those that are in auditing, risk, and compliance roles and are involved in assessing regulated workloads in the cloud. The CAA curriculum dives into cloud-specific audit considerations and AWS best practices for security auditing aligned to global industry security and compliance frameworks.

Learn more about CAA
AWS Cloud Audit Academy

Other Suggested Training

Learning icon

Whitepapers, Technical Guides, and Reference Materials

AWS security specialists leverage their first-hand experience to craft technical content that helps expand your knowledge of cloud security. These whitepapers, guides, and reference materials cover best practices for leading trends in the industry, including incident response, compliance in the cloud, and privacy considerations. Peruse the technical content library below to find guidance on how to securely build your future on AWS. You can also visit the AWS Architecture Center to see more best practices for security, identity, and compliance.

Clear all filters
Content Type
55-63 (124)
Showing results: 55-63
Total results: 124
  • Date

  • This Is My Architecture

    GoDaddy: Empowering Agility with Zero-Trust Environment Best Practices

    Learn from GoDaddy's Director of Information Security on Best Practices to enable Agility in a Zero Trust Environment. Security is in GoDaddy's DNA and to enable it they practice the zero trust architecture. GoDaddy took approach that every org is separated and isolated. The Dev accounts are isolated by account boundary. Every account setup has it's own VPC with isolated subnet and private IPs. GoDaddy also does node rotation daily with updated Golden AMIs. GoDaddy rotates this from the EC2 instances to the whole EKS clusters. Because they update and rotate the Golden AMI images frequently, GoDaddy never have to patch. GoDaddy built an OSS tool that runs configuration scans, but also runs scans looking for GoDaddy standards. Another way to stop horizontal movement within the group is that they do not allow VPC peering. The Accounts would talk to each other via NAT Gateway. They can quickly isolate an Account to reduce the blast radius if that Account were to get compromised. GoDaddy governs the account creation through their Cloud Portal that performs Cloud Readiness Review. The process checks to see if the application follows best practices/standards. Once approved, the application team is onboard through the portal and baseline environment is created with security approved CloudFormation templates. This automation enables GoDaddy to make it easier to spin-up a new account with best practices in an isolated fashion with security built in.

    Check out more resources for architecting in the #AWS​​​ cloud:

    2022-06-21

  • This Is My Architecture

    Blackboard/Anthology: Building and Governing an AWS Environment with 120+ Accounts

    In this episode, learn how Blackboard, now part of Anthology, operates and governs its 120+ AWS accounts. You'll see how they use AWS Control Tower to build and govern a multi-account environment that follows best practices. Control Tower helps them leverage AWS Service Catalog to vend accounts into their AWS Organization, AWS Config to control and detect changes to AWS resources, AWS CloudTrail for centralized logging, and AWS Single Sign-on (SSO) for federated login and integration with their 3rd-party identity provider, Okta.

    Check out more resources for architecting in the #AWS​​​ cloud:

    2022-06-13

  • This Is My Architecture

    ArcBlock: Leveraging Amazon QLDB to Build a Decentralized Identity Solution

    Identity technology is evolving from the centralized identity solutions to the decentralized identity solutions. Decentralized identity is an emerging technology that gives back control of identity to the users, so they can decide what information is shared to 3rd parties. Join Don and Robert as they walk through ArcBlock's decentralized identity solution.

    Check out more resources for architecting in the #AWS​​​ cloud:

    2022-05-31

  • This Is My Architecture

    OutSystems: Decomposing a Data Monolith for Scale and Multi-Tenancy

    In this episode of This Is My Architecture, you'll learn how OutSystems has decomposed their "data monolith" to allow them to more easily scale, increase performance, and improve security. You'll see how they choose purpose-built AWS database and data storage services for different types of data within their solution. You'll also learn how they leverage AWS Secrets Manager and AWS KMS to securely store data in a multi-tenant environment.

    Check out more resources for architecting in the #AWS​​​ cloud:

    2022-05-17

  • This Is My Architecture

    Pictet: AWS Account Governance (French)

    Join as Pictet describes their account structure, the split between internal and external accounts, and how they are isolated to avoid any data exfiltration. In addition, we will also review the AWS security services used to protect these accounts and centralize all the security information in a unique dashboard. Finally, Pictet also illustrates their internal shared responsibility model and how provisioning automation enables an important agility to development teams while keeping a strong governance and control on AWS resources.

    Check out more resources for architecting in the #AWS​​​ cloud:

    2022-05-05

  • This Is My Architecture

    Roche: Enabling Enterprise-Wide Analytics and ML with Automated Compliance

    Roche allows their internal teams to create Analytics and ML environments to experiment with data, that is shared through a precisely controlled and audited catalog. They achieve this by leveraging AWS Service Catalog and AWS CloudFormation to automate the creation of such environments with built-in compliance.

    Check out more resources for architecting in the #AWS​​​ cloud:

    2022-04-20

  • Back to Basics

    Back to Basics: Mitigating Bad Bot Traffic at the AWS Edge

    It can be difficult to determine the different patterns between legitimate and unwanted traffic on your internet facing applications. By leveraging AWS WAF, you can control the traffic at the edge and secure your architecture. Join Ben as he walks you through how to mitigate this bot traffic.

    Additional Resources:

    Check out more resources for architecting in the #AWS cloud:

    2022-04-14

  • Whitepaper

    Navigating GDPR Compliance on AWS

    This document provides information about services and resources that Amazon Web Services (AWS) offers customers to help them align with the requirements of the General Data Protection Regulation (GDPR) that might apply to their activities. These include adherence to IT security standards, the AWS Cloud Computing Compliance Controls Catalog (C5) attestation, adherence to the Cloud Infrastructure Services Providers in Europe (CISPE) Code of Conduct, data access controls, monitoring and logging tools, encryption, and key management.

    HTML | PDF

    Security, Identity, & Compliance

    November 2023

  • This Is My Architecture

    Swiss Post Ltd: Security and Compliance of AWS Accounts at Scale (German)

    Learn how Swiss Post is ensuring security, compliance, and governance of their AWS Landing Zone. Michael Ullrich explains a serverless solution that leverages a custom policy language to manage AWS Security Hub and Amazon GuardDuty in over 100 AWS Accounts.

    Check out more resources for architecting in the #AWS​​​ cloud:

    2022-03-11
1
56789
14
Contact an AWS Business Representative
Have Questions? Connect with AWS Support
Exploring security roles?
Apply today »
Want AWS Security updates?
Follow us on Twitter »