Best Practices for Security, Identity, & Compliance

Learn how to meet your security and compliance goals using AWS infrastructure and services. To learn current AWS recommendations and strategies to use when designing cloud architectures with security in mind, see the Security Pillar - AWS Well-Architected Framework. To browse AWS security documentation by category, see AWS Security Documentation.

Sign in and start building

Featured Content

Identity & Access Management

Self-guided learning materials to help you understand identity security.

Documentation: Security Best Practices in IAM
Blog: IAM Policy Types - How and When to Use Them
Video: AWS Identity - Choosing the Right Mix of AWS IAM Policies for Scale
Training: Introduction to AWS Identity and Access Management
Workshops: Identity

Detection

Information about monitoring services that can help you detect and eliminate suspicious activity.

Documentation: AWS Security Hub User Guide - AWS Foundational Security Best Practices Standard
Workshop: AWS Security Hub
Solution: Automated Security Response on AWS
Blog: New for Amazon GuardDuty – Malware Protection for Amazon EBS Volumes
Video: What's New with AWS Threat Detection Services

Infrastructure Protection

Holistic guidelines and trainings to help you prevent attacks and protect your business.

Whitepaper: AWS Best Practices for DDoS Resiliency
Solution: WAF Automation on AWS
Technical Guide: Guidelines for Implementing AWS WAF
Workshop: Vulnerability Management with Amazon Inspector
Technical Guide: AWS Security Reference Architecture

Data Protection & Privacy

Architectural guidance to help you keep sensitive data secure.

Blog: Three Common Cloud Encryption Questions and Their Answers on AWS
Guide: Using AWS in the Context of Common Privacy and Data Protection Considerations
Documentation: Introduction to the Cryptographic Details of AWS KMS
Video: Building Privacy Compliance on AWS
Video: To Europe and Beyond - Simplify Privacy Needs in New Markets

Compliance

How to make sure your architecture conforms to industry standards and regulatory requirements.

Whitepaper: Architecting for HIPAA Security and Compliance
Blog: How to Think About Cloud Security Governance
Whitepaper: AWS Risk and Compliance
Whitepaper: Navigating General Data Protection Regulation (GDPR) Compliance on AWS
Guide: Security & Compliance Quick Reference Guide

Incident Investigation & Response

Guidance to help you prepare for and successfully respond to security incidents.

Video: Cloud Incident Response Essentials - Plan Ahead to Improve Security
Technical Guide: AWS Security Incident Response Guide
Video: Running Effective Security Incident Response Simulations
Training: Basics of Amazon Detective
Workshop: Threat Detection and Response with Amazon GuardDuty

Cybersecurity Awareness Training

Help employees in your organization learn how to identify cybersecurity risks, including phishing, social engineering, and data privacy with this free, 15-minute training from Amazon. The training is offered in 11 languages, is compliant with the Web Content Accessibility Guidelines (WCAG) 2.1 AA, and includes completion certificates for compliance tracking. Deploy immediately from our website or implement our pre-packaged files in your organization’s LMS.

Learn more »

AWS re:Inforce 2023: Security in the Open

AWS re:Invent 2022: A day in the life of a billion requests

AWS re:Invent 2022: Protecting secrets, keys, and data - Cryptography for the long term

Most Popular

Well-Architected: Security Pillar
AWS Solutions: Customizations for AWS Control Tower
AWS Solutions: Centralized Logging

Related Resources

Filter by:

Clear all filters

No results found.
Please select different criteria, check your spelling, or try different keywords.

1 …

…

Security, Identity, & Compliance Blog Posts

No blog posts found that match the selected criteria.

More…

Was this page helpful?

Feedback