Category | Use cases | AWS service |
Identity & access management | Identity management for your apps | Amazon Cognito |
“ | Managed Microsoft Active Directory | AWS Directory Service |
“ | Manage user access and encryption keys | AWS Identity & Access Management (IAM) |
“ | Simple, secure service to share AWS resources | AWS Resource Access Manager |
“ | Rotate, manage and retrieve secrets | AWS Secrets Manager |
“ | Cloud single-sign-on (SSO) service | AWS Single Sign-On |
Detective controls | Unified security and compliance center | AWS Security Hub |
“ | Managed threat detection service | Amazon GuardDuty |
“ | Analyze application security | Amazon Inspector |
“ | Discover, classify and protect your data | Amazon Macie |
“ | Investigate potential security issues | Amazon Detective |
“ | Config | Config |
Infrastructure protection | DDoS protection | AWS WAF & Shield |
“ | Filter malicious web traffic | AWS Web Application Firewall (WAF) |
“ | Central management of firewall rules (for Organizations) | AWS Firewall Manager |
Data protection | Key storage and management | AWS Key Management Service (KMS) |
“ | Hardware based key storage for regulatory compliance | AWS CloudHSM |
“ | Provision, manage, and deploy public and private SSL/TLS certificates | AWS Certificate Manager |
Compliance | No cost, self-service portal for on-demand access to AWS’ compliance reports | AWS Artifact |