Skip to content
Menu
Menu
Contact Us
What we Offer
Well Architected Pillars
Documents
Search for Well Architected Advice
Security
Securely operate your workload
Separate workloads using accounts
Secure account root user and properties
Identify and validate control objectives
Keep up-to-date with security recommendations
Keep up-to-date with security threats
Identify and prioritize risks using a threat model
Automate testing and validation of security controls in pipelines
Evaluate and implement new security services and features regularly
Manage identities for people and machines
Use strong sign-in mechanisms
Use temporary credentials
Store and use secrets securely
Rely on a centralized identity provider
Audit and rotate credentials periodically
Leverage user groups and attributes
Manage permissions for people and machines
Define access requirements
Grant least privilege access
Define permission guardrails for your organization
Manage access based on life cycle
Establish emergency access process
Share resources securely within your organization
Reduce permissions continuously
Share resources securely with a third party
Analyze public and cross-account access
Detect and investigate security events
Configure service and application logging
Analyze logs, findings, and metrics centrally
Automate response to events
Implement actionable security events
Protect your network resources
Create network layers
Control traffic at all layers
Implement inspection and protection
Automate network protection
Protect your compute resources
Perform vulnerability management
Reduce attack surface
Validate software integrity
Enable people to perform actions at a distance
Implement managed services
Automate compute protection
Classify your data
Identify the data within your workload
Define data protection controls
Define data lifecycle management
Automate identification and classification
Protect your data at rest
Implement secure key management
Enforce encryption at rest
Automate data at rest protection
Use mechanisms to keep people away from data
Enforce access control
Protect your data in transit
Implement secure key and certificate management
Enforce encryption in transit
Authenticate network communications
Automate detection of unintended data access
Anticipate, respond to, and recover from incidents
Identify key personnel and external resources
Develop incident management plans
Prepare forensic capabilities
Develop and test security incident response playbooks
Pre-provision access
Run simulations
Pre-deploy tools
Establish a Framework for Learning from Incidents
Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle
Perform regular penetration testing
Deploy software programmatically
Regularly assess security properties of the pipelines
Train for Application Security
Automate testing throughout the development and release lifecycle
Manual Code Reviews
Centralize services for packages and dependencies
Build a program that embeds security ownership in workload teams
Main
Security
Category - Security
Securely operate your workload
Separate workloads using accounts
Secure account root user and properties
Identify and validate control objectives
Keep up-to-date with security recommendations
Keep up-to-date with security threats
Identify and prioritize risks using a threat model
Automate testing and validation of security controls in pipelines
Evaluate and implement new security services and features regularly
Manage identities for people and machines
Use strong sign-in mechanisms
Use temporary credentials
Store and use secrets securely
Rely on a centralized identity provider
Audit and rotate credentials periodically
Leverage user groups and attributes
Manage permissions for people and machines
Define access requirements
Grant least privilege access
Define permission guardrails for your organization
Manage access based on life cycle
Establish emergency access process
Share resources securely within your organization
Reduce permissions continuously
Share resources securely with a third party
Analyze public and cross-account access
Detect and investigate security events
Configure service and application logging
Analyze logs, findings, and metrics centrally
Automate response to events
Implement actionable security events
Protect your network resources
Create network layers
Control traffic at all layers
Implement inspection and protection
Automate network protection
Protect your compute resources
Perform vulnerability management
Reduce attack surface
Validate software integrity
Enable people to perform actions at a distance
Implement managed services
Automate compute protection
Classify your data
Identify the data within your workload
Define data protection controls
Define data lifecycle management
Automate identification and classification
Protect your data at rest
Implement secure key management
Enforce encryption at rest
Automate data at rest protection
Use mechanisms to keep people away from data
Enforce access control
Protect your data in transit
Implement secure key and certificate management
Enforce encryption in transit
Authenticate network communications
Automate detection of unintended data access
Anticipate, respond to, and recover from incidents
Identify key personnel and external resources
Develop incident management plans
Prepare forensic capabilities
Develop and test security incident response playbooks
Pre-provision access
Run simulations
Pre-deploy tools
Establish a Framework for Learning from Incidents
Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle
Perform regular penetration testing
Deploy software programmatically
Regularly assess security properties of the pipelines
Train for Application Security
Automate testing throughout the development and release lifecycle
Manual Code Reviews
Centralize services for packages and dependencies
Build a program that embeds security ownership in workload teams
