Skip to Content




AWS Security Services





AWS Security Services
IntroductionThreat Detection & Protection ServicesMonitoring & Auditing ServicesCompliance & Governance Services

Introduction

“Would you ever leave your house unlocked? Then why leave your cloud environment exposed?”

Security is at the heart of everything in the cloud. Without it, even the most powerful services lose their value. AWS approaches security through the Shared Responsibility Model, which makes it crystal clear who is responsible for what

  • AWS Responsibility (Security of the Cloud): AWS protects the physical infrastructure, such as data centers, hardware, networking, and the global infrastructure.

  • Customer Responsibility (Security in the Cloud): You, the customer, are responsible for managing access, securing data, configuring services, and compliance based on your use cases.


IAM Identity Center


 “Imagine one key card unlocking all doors in an office building.”

What it does: Provides a central place to manage workforce access across multiple AWS accounts and applications.

  • Users sign in once (Single Sign-On) → access AWS Management Console, AWS CLI, and business apps.

  • Admins assign permissions at the account, role, or group level.

  • Can connect to existing corporate directories (e.g., Microsoft Active Directory).

Why it matters: Simplifies user login, reduces password fatigue, and strengthens security with centralized control.

An office ID card that not only opens all doors but also determines which rooms you’re allowed to enter


AWS Secrets Manager


 “Would you write your ATM PIN on a sticky note?”

What it does: Stores and protects sensitive information such as passwords, API keys, and database credentials.

  • Automatically rotates secrets so they don’t go stale.

  • Provides fine-grained access control for apps and services.

  • Integrates with AWS services like RDS to update credentials seamlessly.

Why it matters: Eliminates risky practices like hardcoding secrets in code or sharing them in plaintext.

A digital vault that automatically refreshes the codes for maximum security.


AWS Systems Manager


“Think of it as a password notebook, but locked in a safe.”

What it does: Stores configuration values and lightweight secrets.

  • Useful for app settings (e.g., DB_NAME, APP_MODE).

  • Offers Standard (free) for simple parameters and Advanced (paid) for larger, encrypted ones.

  • Can integrate with IAM policies to restrict access.

Why it matters: Provides a cost-effective way to centralize configuration while keeping them secure.

A secure notepad inside a locked drawer, accessible only to those you trust.

Threat Detection & Protection Services

 Amazon Guard Duty


 “Like a security guard watching CCTV 24/7.”

What it does: Continuously monitors AWS accounts, workloads, and data for malicious or unauthorized activity using machine learning, threat intelligence, and anomaly detection.

  • Detects events like unusual API calls, attempts to escalate privileges, or data being exfiltrated.

  • Works with AWS CloudTrail, VPC Flow Logs, and DNS logs.

Why it matters: Identifies threats early before they cause damage, without requiring manual setup of complex detection rules.

Motion sensors around your home that alert you if someone is sneaking in.


AWS Security Hub


 “One dashboard that shows all your security cameras at once.”

What it does: Provides a centralized view of security findings from multiple AWS services (GuardDuty, Inspector, Macie) and third-party tools.

  • Assigns a security posture score based on compliance frameworks (CIS, PCI DSS, etc.).

  • Helps prioritize which issues to fix first.

Why it matters: Eliminates the need to check multiple tools separately and ensures nothing slips through the cracks.

A command center with all security camera feeds displayed together.


Amazon Inspector


“Would you drive a car without a safety inspection?”

What it does: Automatically scans AWS workloads (EC2, container images in ECR, and Lambda functions) for software vulnerabilities and unintended network exposure.

  • Continuously updates with the latest vulnerability database (CVE).

  • Generates prioritized findings for remediation.

Why it matters: Helps fix weak spots before attackers exploit them, making workloads safer.

A car inspection that checks brakes, engine, and airbags to ensure safety.


AWS Shield


“Think of a riot shield protecting against attackers.”

What it does: Provides protection against Distributed Denial of Service (DDoS) attacks.

  • Shield Standard: Free, automatically protects all AWS customers.
  • Shield Advanced: Paid, adds extra detection, mitigation, and 24/7 DDoS response team support.

Why it matters: Prevents attackers from overwhelming apps with traffic and taking them offline.

A guard with a shield blocks mass attacks before they reach the building.


Monitoring & Auditing Services


Amazon CloudWatch


“Like a fitness tracker for your cloud health.”

What it does: Monitors AWS resources and applications by collecting metrics, logs, and events.

  • You can set alarms to automatically notify or trigger actions (e.g., scale EC2 instances).

  • Provides dashboards for real-time visibility.

Why it matters: Helps maintain performance, detect anomalies, and ensure apps stay healthy.

A smartwatch tracking your heart rate, steps, and sleep patterns to keep you healthy.


AWS CloudTrail


 “Imagine CCTV recording every action in your house.”

What it does: Records all API calls and account activity across AWS services.

  • Logs details like who did what, from where, and when.

  • Supports governance, compliance, and forensic investigations.

Why it matters: Provides accountability and evidence for troubleshooting and audits.

CCTV footage that lets you review what happened if there’s an incident.


AWS Config


 “Wouldn’t you want to know if someone rearranged your furniture without asking?”

What it does: Continuously tracks AWS resource configurations and changes.

  • Compares resource states against compliance rules.

  • Example: Detects if an S3 bucket changes from private to public.

Why it matters: Ensures resources stay compliant and alerts you when something drifts from the desired setup.

A change-tracker in your home that alerts you when furniture is moved without permission.


Compliance & Governance Services


AWS Audit Manager

  • Hook: “Tired of collecting receipts during tax season? This automates it.”

  • What it does: Simplifies audits by automatically collecting evidence of compliance from AWS services.

    • Continuously gathers logs, configurations, and user activity.

    • Maps evidence against frameworks like PCI DSS, GDPR, HIPAA, and ISO.

  • Why it matters: Saves time, reduces human error, and ensures organizations are always “audit ready.”

  • Analogy: An automated accountant who keeps receipts and organizes them for tax filing.

AWS Artifact

“Like a library of compliance certificates at your fingertips.”

What it does: Provides on-demand access to AWS’s own compliance reports and security certifications.

  • Examples: SOC, ISO, PCI, HIPAA reports.

  • Let's customers review and download agreements.

Why it matters: Builds trust with regulators, auditors, and stakeholders by showing AWS meets global security standards.

A digital filing cabinet filled with certificates and compliance documents ready for inspection.


AWS Security — Drag & Drop Matching (10 items)

Prompts

Drag these services

Tip: drag a card onto any slot. You can re-drag to change your choice.
Covers: IAM Identity Center, Secrets Manager, Parameter Store, GuardDuty, Security Hub, Inspector, Shield, CloudWatch, CloudTrail, Audit Manager.