AWS-Logo_White-Color
Workshop Scenarios
Explore Security Services
Sensitive data detected in S3
Brute force attack detected
Privilege escalation detected
Inspector findings
Unencrypted volumes detected
Who removed my permissions?
Unapproved software package loaded on EC2 instances
Does this role have S3 Create Bucket permissions?
Resources
Privacy
|
Site Terms
| © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Landing Zone Workshop
> Resources
Resources
AWS Security Resources
AWS Security Resources
AWS CIS Foundations Benchmark
AWS Landing Zone Resources
AWS Landing Zone Best Practices and Debugging Tips
AWS Landing Zone CIS Controls Mapping
What we added to the AWS Landing Zone for this workshop
Centralized Logging
Security Hub
deployed to all accounts centralized in the Security account
Macie
deployed to all accounts centralized in the Security account
AWS Config Aggregator
deployed to all accounts and centralized in the Security account
AWS Landing Zone
roles were tagged
in order to protect them with IAM policies
Guard Duty Tester
was deployed to the Development account to generate findings
Systems Manager Inventory
configured in each account to send inventory to the Shared Services account