Security, identity & compliance - AWS Prescriptive Guidance (original) (raw)
DocumentationAWS Prescriptive GuidancePatterns
Topics
- Automate incident response and forensics
- Automatically audit AWS security groups that allow access from public IP addresses
- Automatically remediate unencrypted Amazon RDS DB instances and clusters
- Automatically validate and deploy IAM policies and roles by using CodePipeline, IAM Access Analyzer, and AWS CloudFormation macros
- Bidirectionally integrate AWS Security Hub CSPM with Jira software
- Build a pipeline for hardened container images using EC2 Image Builder and Terraform
- Centralize IAM access key management in AWS Organizations by using Terraform
- Check an Amazon CloudFront distribution for access logging, HTTPS, and TLS version
- Choose an Amazon Cognito authentication flow for enterprise applications
- Create AWS Config custom rules by using AWS CloudFormation Guard policies
- Create a consolidated report of Prowler security findings from multiple AWS accounts
- Deploy and manage AWS Control Tower controls by using AWS CDK and CloudFormation
- Deploy and manage AWS Control Tower controls by using Terraform
- Deploy the Security Automations for AWS WAF solution by using Terraform
- Deploy a pipeline that simultaneously detects security issues in multiple code deliverables
- Deploy detective attribute-based access controls for public subnets by using AWS Config
- Deploy preventative attribute-based access controls for public subnets
- Detect Amazon RDS and Aurora database instances that have expiring CA certificates
- Dynamically generate an IAM policy with IAM Access Analyzer by using Step Functions
- Enable Amazon GuardDuty conditionally by using AWS CloudFormation templates
- Enable transparent data encryption in Amazon RDS for SQL Server
- Monitor and remediate scheduled deletion of AWS KMS keys
- Identify public Amazon S3 buckets in AWS Organizations by using Security Hub CSPM
- Ingest and analyze AWS security logs in Microsoft Sentinel
- Manage AWS Organizations policies as code by using AWS CodePipeline and Amazon Bedrock
- Manage AWS IAM Identity Center permission sets as code by using AWS CodePipeline
- Manage credentials using AWS Secrets Manager
- Monitor Amazon ElastiCache clusters for at-rest encryption
- Monitor IAM root user activity
- Send a notification when an IAM user is created
- Prevent internet access at the account level by using a service control policy
- Export a report of AWS IAM Identity Center identities and their assignments by using PowerShell
- Restrict access based on IP address or geolocation by using AWS WAF
- Scan Git repositories for sensitive information and security issues by using git-secrets
- Secure file transfers by using Transfer Family, Amazon Cognito, and GuardDuty
- Secure sensitive data in CloudWatch Logs by using Amazon Macie
- Securing AWS IAM Roles Anywhere with a private certificate
- Send alerts from AWS Network Firewall to a Slack channel
- Send custom attributes to Amazon Cognito and inject them into tokens
- Simplify private certificate management by using AWS Private CA and AWS RAM
- Streamline Amazon EC2 compliance management with Amazon Bedrock agents and AWS Config
- Update AWS CLI credentials from AWS IAM Identity Center by using PowerShell
- Use Network Firewall to capture the DNS domain names from the Server Name Indication for outbound traffic
- Use Terraform to automatically enable Amazon GuardDuty for an organization
- Verify operational best practices for PCI DSS 4.0 by using AWS Config
- More patterns
More patterns
Automate incident response and forensics
Did this page help you? - Yes
Thanks for letting us know we're doing a good job!
If you've got a moment, please tell us what we did right so we can do more of it.
Did this page help you? - No
Thanks for letting us know this page needs work. We're sorry we let you down.
If you've got a moment, please tell us how we can make the documentation better.