AWS Security Documentation

Setup guides and best practices for AWS security services. Configuration patterns for threat detection, compliance monitoring, and security automation.

Core Security Services

Five services form the foundation of AWS security monitoring and compliance:

GuardDuty

Threat detection analyzing CloudTrail, VPC Flow Logs, and DNS queries for malicious activity.

View guide →

Security Hub

Centralized findings aggregation with compliance scoring against CIS and AWS standards.

View guide →

AWS Config

Resource configuration recording with compliance rules and drift detection.

View guide →

CloudTrail

API activity logging with log validation and KMS encryption for audit trails.

View guide →

EventBridge

Event routing for security automation, notifications, and remediation workflows.

View guide →

Architecture Overview

How these services connect to form a comprehensive security monitoring pipeline:

Data Sources

CloudTrail Logs VPC Flow Logs DNS Queries

Detection

GuardDuty AWS Config

Aggregation

Security Hub

Automation

EventBridge SNS / Lambda

Implementation Order

Recommended sequence for enabling security services:

Enable CloudTrail

Foundation for audit logging. Required by GuardDuty and Security Hub compliance checks.

Set up AWS Config

Resource recording enables Security Hub compliance standards and drift detection.

Enable GuardDuty

Automated threat detection with minimal configuration. Analyzes CloudTrail data.

Configure Security Hub

Aggregates findings from GuardDuty and Config. Enable CIS and FSBP standards.

Integrate EventBridge

Route high-severity findings to SNS for notifications or Lambda for remediation.

Compliance Frameworks

AWS security services support these compliance standards:

CIS AWS Foundations Benchmark

FSBP AWS Foundational Security Best Practices

PCI Payment Card Industry DSS

SOC 2 Service Organization Control

ISO ISO 27001 Information Security

NIST NIST 800-53 Security Controls