Build AWS Expertise

Run our secure AWS scan to receive a report with custom recommendations from our cloud security experts.

Start Free Scan Learn More

Unlock Free AWS Resources

Sign up to download the 20 policies you need for AWS compliance and start your cloud security journey today.

All
Configuration Management
Data Security
Logical Access
Network Monitoring
Penetration Testing
Vulnerability Management

Configuration Management

Configuration Management

Learn about configuration standards from industry leaders such as the Center for Internet Security, NIST, SANS, AWS, and Microsoft.

5 Focus Areas for AWS Compliance

AWS Controls for Implementing a DMZ

AWS Tools for Your SDLC

AWS Web Application Firewall Defaults

Best Practices for Container Security

Configuring Network Border Controls

Disabling Insecure Ports and Protocols

Ensure ALBs Have WAF ACLs Attached

Ensure RDS Instances are Only Accessible by Internal IPs

House Accounts in CloudTrail

How to Use Your AWS Report

Industry Best Practices for Configuration Standards

Introduction to AWS Network Firewall

Introduction to Amazon EKS

Leverage CIS Benchmarks for Cloud Security

Meeting Firewall and Router Configuration Standards

Network Segmentation for AWS

Preventing Publicly Available S3 Buckets

Reviewing Firewall and Router Configurations

Systems Manager Maintenance

Data Security

Learn about practices to safeguard data using encryption, transport layer security, and effective key management during transmission, processing, and storage.

5 Focus Areas for AWS Compliance

Achieving High Availability in AWS

Basic Tools for AWS Security

Breaking Down AWS Security

Cloud Attacks on the Rise

Cloud Security Posture Management

Connect Your AWS Account Using CloudFormation

Connect with AWS Security Experts

Create Policies for Usage of Critical Technologies

Creating a Data Flow Diagram

Creating a Network Diagram

Do All Keys Have Resources Attached?

Don't Face Cloud Security Alone

Enable Maintenance and Backups for RDS

Encrypting Traffic In and Out of AWS

Encryption Decisions for Your Technology Stack

Encryption Opportunities

Encryption for EBS Volumes

Encryption for S3 Buckets

Enforcing Strong TLS Ciphers

Events that Drive Key Rotation

FAQs for Amazon S3 Security

How to Configure Encryption for EBS Volumes on Existing EC2 Instances

How to Configure Encryption for EBS Volumes on New EC2 Instances

How to Configure Encryption for RDS

How to Configure Encryption for S3 Buckets

How to Restrict Public Access to S3 Buckets

How to Use S3 Versioning and Lifecycle Rules

Introduction to Amazon Inspector

Key Rotation and Management

Load Balancers Must Require TLS 1.2

Our Security Standards

Preventing Public Accessibility on DB Instances

Re-Keying for Decryption

Route 53 Support for DNSSEC

The AWS Shared Responsibility Model

Using AWS KMS

Using Prowler to Evaluate AWS Security

Using TLS 1.2 to Encrypt Data in Transit

Logical Access

Learn about identity and access management to protect assets against unauthorized use.

5 Focus Areas for AWS Compliance

AWS Functions to Restrict Database Access

AWS Password Best Practices

AWS Password Expiration Policies

AWS Password Reuse Policy

Access Control Using IAM Instance Roles

Assign Access Based on Business Need to Know

Assigning Information Security Management Responsibility

Attaching IAM Policies to Groups or Roles

Avoid Use of the Root Account

Basics of Role Assumption

Best Practices for Change Management in AWS

Best Practices for Password Parameters

Defining Resources in IAM Policies

Defining Resources in S3 Bucket Policies

Defining Roles and Responsibilities in AWS

Developing a Process for User Authentication

Disabling Unused Credentials

Documenting a Systems Inventory in AWS

Does AWS Provide Vendor Defaults?

Enabling MFA for All IAM Users

Enforce Separation with Access Controls

Enforcing Strong Encryption in AWS

How to Attach IAM Policies to Groups or Roles

How to Check MFA in a Credential Report

How to Check Use of the Root Account

How to Find Administrative Privileges in IAM Policies

How to House Multiple Accounts Within an AWS Organization

How to Modify Password Complexity in a Password Policy

How to Modify Permissions to EBS Snapshots

How to Prevent Password Reuse in a Password Policy

How to Use S3 Bucket Policies

IAM Policies for Account Authentication

IAM Policies that Address Administrative Privileges

Identifying Unused Credentials in a Credential Report

Introduction to Amazon S3 Access Points

Introduction to IAM Access Analyzer

MFA for API Calls

Prevent Shared, Group, or Generic Accounts in AWS

Restricting Access to EBS Snapshots

Rotating Access Keys

Support MFA through IAM Policies

Understanding the "Deny All" Function

Using IAM Instance Roles for AWS Resource Access

Using IAM Policies

When to Use S3 Access Control Lists

Network Monitoring

Network Monitoring

Learn about the tools and techniques to monitor the performance and security of your environment.

5 Focus Areas for AWS Compliance

AWS Firewall Manager Centralized Logging

Attributes of Log Data

Audit Trail Review with Kibana, Athena, and GuardDuty

Audit Your Security Groups for Insecure Ports and Protocols

Change-Detection Solutions in AWS

CloudTrail and CloudWatch Integration

Defining Business Continuity and Disaster Recovery

EC2 Instances in Availability Zones

Enabling AWS Config in All Regions

Enabling CloudTrail Log File Validation

Enabling CloudTrail in All Regions

Filters and Alarms in CloudWatch

GuardDuty Alerts for Control Failures

How to Edit Inbound Traffic Rules for Default Security Groups

Identify Unrestricted Access to Ports for Security Groups

Identify if EC2 Instances Are Directly Connected to the Internet

Introduction to Amazon CloudWatch

Logging Tools in AWS

Logging Web ACL Data in Amazon Kinesis

Monitor Network Traffic with VPC Flow Logs

Protecting API Gateways with WAF Rules

Restrict Security Group Access to All Ports

Retaining Your Audit Trail in AWS

Securing Your Log Files

The Difference Between NACLs and Security Groups

Using a Bastion Host or Session Manager to Limit Access to Port 22

Penetration Testing

Penetration Testing

Learn how to evaluate the security of your systems and identify vulnerabilities through ethical hacking.

Penetration Testing for AWS Segmentation Controls

Penetration Testing in AWS

Separation of Duties in Penetration Testing

Vulnerability Management

Vulnerability Management

Learn about protecting your critical assets with a comprehensive program to defend against malicious threats.

5 Focus Areas for AWS Compliance

AWS Incident Response Playbook

AWS Incident Response Playbook for Credential compromise

AWS Incident Response Playbook for Ransomware

AWS Incident Response Playbook for S3 Buckets

AWS Security Needs a Growth Mindset

Activate Microsoft Defender for Azure SQL Databases

Antivirus Solutions on EC2 Instances

Deploying Security Patches on EC2 Instances

Enable Autoprovisioning of Vulnerability Assessment for Machines

Identifying and Ranking Vulnerabilities in AWS

Introduction to AWS Security Hub

Introduction to Amazon Detective

Meeting Your Baseline with Patch Manager

Running Vulnerability Scans After a Significant Change

Shared Responsibility Matrix in PCI

Testing for Unauthorized Wireless Access Points

The Value of Quarterly Internal Vulnerability Scans

Using Systems Manager from a Service-Linked Role

Using VPC Endpoints to Access Systems Manager