Security, identity, and compliance

AWS offers security to access its cloud services. This helps administrators or companies to manage access to entire AWS services and secure applications using SSL certificates:

• Identity and Access Management (IAM): AWS Identity and Access Management is a service that provides secured access to AWS resources. Using IAM, we can verify authentication and authorization to use AWS services.
• AWS Cognito: This allows us to create and log in users for authentication and authorization to applications. The administrator can manage the permissions to be provided to certain users. Cognito also integrates with social identities, such as Facebook, Twitter, Amazon, and so on. Cognito also syncs data across the user's devices, which benefits the user experience, making it possible to have all data across all devices.
• GuardDuty: AWS GuardDuty is a threat detection service that monitors AWS resources. It can detect any unauthorized access or unusual API calls, so that we can take precautions to protect our AWS resources.
• Inspector: AWS Inspector is an automated tool that finds security and compliance vulnerabilities on AWS services. This tool creates detailed reports based on the severity of the vulnerability.
• Certificate Manager: AWS Certificate Manager allows you to create and manage the Secure Sockets Layer/Transport Layer Security for use with different AWS services that are exposed over the internet. Using Certificate Manager, you can deal with the renewal of certificates without impacting your applications over AWS.
• Directory Service: AWS Directory Service allows us to use Microsoft Active Directory (AD) on AWS. Using this service, IT administrators can set up access to AWS services for users and groups, and enable single sign-on applications.
• WAF and Shield: The AWS Web Application Firewall (WAF) helps us to monitor HTTP/HTTPS requests for AWS CloudFront or AWS Application Load Balancer. Using AWS WAF, we can apply rules to control access to CloudFront or Application Load Balancer. AWS Shield helps us to protect from distributed denial of service (DDoS) attacks.
• Artifact: AWS Artifact provides AWS security and compliance reports and agreements. This service is available at no additional cost. AWS Artifact provides reports with various accreditation bodies. AWS Artifact also covers agreements for a Non-Disclosure Agreement (NDA) and Business Associate Addendum (BAA).
• Amazon Macie: Amazon Macie is a security service that uses machine learning for discovering, classifying, and protecting your data stored on AWS. It identifies sensitive data and monitors for security breaches. Reports are displayed on the dashboard and alerts are generated for any security concerns.
• AWS Single Sign-On: AWS Single Sign-On (SSO) allows us to have centrally managed SSO for our AWS account and applications. This helps to centrally manage the user access and sign-on process at the organization level.
• CloudHSM: AWS CloudHSM (Hardware Security Module) allows you to create and use your encryption keys on AWS. These encryption keys can easily be integrated with applications using APIs, such as the PKCS #11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries.