Explore Security Services

The following services have been implemented within the provided environment. Explore the services within each account and make sure to check out the services that have been setup with a master account displaying information for all the member accounts (e.g. Config, Macie, Security Hub, GuardDuty)


CloudTrail has been enabled in all accounts with logs sent to a central S3 bucket in the Logging Account. Logs are also forwarded to Elasticsearch in the Shared Services Account for log visibility using Kibana.


CloudWatch Alarms have been created in each account and alerts are sent to an email address via SNS Topic.


AWS Config has been enabled in each account and aggregated within the Security Account providing resource inventory and compliance visibility across all the accounts.


GuardDuty has been enabled to all regions within all accounts and centralized in the Security Account.


Inspector has been enabled in the Development Account and findings are visible within Security Hub in the Development Account as well as the Security Account.


Macie has been setup in the Security Account and linked to all the other accounts. Macie is configured to scan an S3 bucket in the Development Account and the Master Account.

Security Hub

Security Hub has been enabled in all accounts with the Security Account as the master displaying information from all the other accounts.

Service Quotas

Service Quotas consolidates the AWS default values and your account specific values for quotas across AWS services in one single location, providing you with improved visibility. Service Quotas provides a great addition to your asset inventory solution.

Systems Manager

Systems Manager Inventory has been enabled in all the accounts and each account sends EC2 instance inventory to a central S3 bucket within the Shared Services Account providing a central view of the software installed on EC2 instances.

Trusted Advisor

Trusted Advisor is a great tool that is provided by AWS for security checks as well as other valuable insights like service limits. Trusted Advisor is fully enabled in the Development Account.