Amazon Web Services – security best practice rules

Table of Contents

Amazon Web Services best practice rules

Design Principles


  • Implement a strong identity foundation
    • Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with your AWS resources.
  • Enable traceability
    • Monitor, alert, and audit actions and changes to your environment in real time. Integrate logs and metrics with systems to automatically respond and take action.
  • Apply security at all layers
    • Rather than just focusing on protection of a single outer layer, apply a defense-in-depth approach with other security controls.
  • Automate security best practice
    • Automated software-based security mechanisms improve your ability to securely scale more rapidly and cost effectively. Implement controls that are defined and managed as code in version-controlled templates.
  • Protect data in transit and at rest
    • Classify your data into sensitivity levels and where appropriate, use mechanisms like encryption and access control.

  • Enforce the principle of least privileg
    • Access to data should only be granted to the people who really need that access. Start with denying access to everything and grant access as needed.
  • Prepare for security event
    • Prepare for an incident by having an incident management process that aligns to your organizational requirements. Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.


AWS Security Tools

  • Cloudwatch
  • CloudTrail
  • Shield
  • Inspector
  • Trusted Advisor
  • KMS
  • IAM – Policy – (Explicit Deny Rights)
  • Artifacts
  • AIM logging
  • Well architect Best practice
  •  GuardDuty

Cloud Conformity covers the AWS services below according to these rules

Amazon FSx

AWS Exploits

Top Threats to Cloud Computing The Egregious 11

AWS Security Information



Leave a Reply