====AWS Security Services Available====
<WRAP TODO>
===Major Document History===
^ Date       ^ Comment                                             ^ Who    ^
| 12/11/2019  | Initial Doc  | Tharp  |
</WRAP>

----
====AWS CIS Foundations v1.2.0====


{{ :security:cis_amazon_web_services_foundations_benchmark_v1.2.0.pdf |CIS Docs v1.2.0}}

----
====AWS Services Used (in bold)====
^Category^Use cases^AWS service^
^Identity & access management|Identity management for your apps| Amazon Cognito|
|"|Managed Microsoft Active Directory| AWS Directory Service|
|"|Manage user access and encryption keys|AWS Identity & Access Management (IAM)|
|"|Simple, secure service to share AWS resources| AWS Resource Access Manager|
|"|Rotate, manage and retrieve secrets| AWS Secrets Manager|
|"|Cloud single-sign-on (SSO) service| AWS Single Sign-On|
^Detective controls|Unified security and compliance center| **AWS Security Hub**|
|"|Managed threat detection service| **Amazon GuardDuty**|
|"|Analyze application security| **Amazon Inspector**|
|"|Discover, classify and protect your data|Amazon Macie|
|"|Investigate potential security issues|Amazon Detective|
|"|Config|Config|
^Infrastructure protection|DDoS protection| AWS WAF & Shield|
|"|Filter malicious web traffic| AWS Web Application Firewall (WAF)|
|"|Central management of firewall rules (for Organizations)| AWS Firewall Manager|
^Data protection|Key storage and management| AWS Key Management Service (KMS)|
|"|Hardware based key storage for regulatory compliance| AWS CloudHSM|
|"|Provision, manage, and deploy public and private SSL/TLS certificates| AWS Certificate Manager|
|Compliance|No cost, self-service portal for on-demand access to AWS’ compliance reports| AWS Artifact|