- Atlas – Compliance Centre
- Centre for Internet Security CIS Benchmarks: 100+ configuration guidelines for various technology groups to safeguard systems against cyber threats.
- SCAP Security Guide
- A SOC 1 Report (System and Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting.
- AWS Tasks That Require AWS Account Root User Credentials
- AWS Services That Work with IAM AWS services grouped by their AWS product categories and include information about what IAM features they support.
- How IAM evaluates policies
- Policy Summaries Make Understanding IAM Policies Easier.
- Configuring MFA-Protected API Access provides the additional security of requiring users to be authenticated with AWS multi-factor authentication (MFA) before you allow them to perform particularly sensitive actions.
- AWS Process Credential Providers process-based credential providers to be used with the AWS CLI and related tools. Includes examples for okta and adfs.
- AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts.
- AWS Control Tower automates the set-up of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment.
- AWS Data-safe Cloud
- AWS License Manager – Manage Software Licenses and Enforce Licensing Rules You can define your licensing rules, taking in to account any enterprise agreements and other terms that govern your use of the licensed software.
- AWS Key Management Service Cryptographic Details white paper.
- Signing AWS Requests with Signature Version 4 how to create a signature and add it to an HTTP request to AWS.
- TLS 1.3: better for individuals – harder for enterprises – blog post from the National Cyber Security Centre.
- How to quickly launch encrypted EBS-backed EC2 instances from unencrypted AMIs
- Sharing an AMI with Specific AWS Accounts
- Gateway Load Balancer one gateway for distributing traffic across multiple virtual appliances
- Deployment models for AWS Network Firewall
- Trusted Advisor Reduce Costs, Increase Performance, and Improve Security
- Viewing Events with CloudTrail Event History
- CloudTrail Supported Services and Integrations
- Validating CloudTrail Log File Integrity
- AWS Service Limits
- Cloud Custodian is a rules engine for managing public cloud accounts and resources
- AWS Security Incident Response Guide
- VPC Traffic Mirroring Capture & Inspect Network Traffic
- S3 Cross-Region Replication – what Amazon S3 does/does not replicate after you add a replication configuration on a bucket.
- Replicating Objects Created with Server-Side Encryption (SSE) Using AWS KMS-Managed Encryption Keys
- AWS Acceptable Use Policy
- Guidelines for Shared Linux AMIs to reduce the attack surface and improve the reliability of the AMIs you create.
- Amazon Inspector FAQs
- Amazon Inspector Agents
- Amazon Inspector Rules Packages for Supported Operating Systems
- AWS Systems Manager Features and Use Cases and Best Practices
- Recommended NACL rules for VPCs
- Security Group Rules Reference
- Security features of Amazon DocumentDB https://docs.aws.amazon.com/documentdb/latest/developerguide/security.html
- AWS Resource Access Manager https://docs.aws.amazon.com/ram/latest/userguide/what-is.html(AWS RAM) enables you to share your resources with any AWS account or through AWS Organizations.