Security Tools

Tool

Purpose

Key Capabilities

How to Gain Practical Experience

AWS IAM

Identity & Access Management

Users, Groups, Roles, Policies, MFA, Permissions boundaries

Create users/roles, enforce least privilege, manage policies, audit permissions

AWS Organizations & SCPs

Multi-account management & governance

Control accounts, Service Control Policies (SCPs), consolidated billing

Set up multi-account hierarchy, enforce policies across accounts

AWS KMS

Key Management Service

Create, rotate, and manage encryption keys, integrate with S3, RDS, EBS

Encrypt data at rest, manage CMKs, audit key usage

AWS CloudTrail

Audit & Compliance

Track API calls, user activity, compliance reporting, log retention

Enable for all regions, create trails, analyze logs in Athena or CloudWatch

AWS Config

Continuous compliance

Monitor resource configuration, compliance rules, drift detection

Create rules for S3 encryption, IAM policies, generate compliance reports

AWS GuardDuty

Threat detection

Detect compromised instances, anomalous activity, malware

Enable across accounts, analyze findings, automate response

AWS Inspector

Vulnerability scanning

Detect OS & app vulnerabilities, CIS benchmark checks

Scan EC2/ECS, review findings, remediate issues

AWS Macie

Data security & privacy

Sensitive data discovery (PII, PCI), monitoring S3 buckets

Classify S3 data, generate alerts on policy violations

AWS WAF

Web Application Firewall

Block malicious traffic, protect APIs, use rules & rate-based controls

Create rules for OWASP threats, protect CloudFront/APIs

AWS Shield

DDoS protection

Standard & Advanced, network-layer protection, integration with WAF

Monitor attacks, enable protection on ELB/CloudFront

AWS Secrets Manager

Secret management

Store DB/API credentials, auto-rotate secrets

Store app secrets, rotate automatically, enforce access policies

AWS Security Hub

Central security dashboard

Aggregates GuardDuty, Inspector, Macie, compliance checks

Enable Hub, monitor findings, prioritize remediation

AWS S3 Security Tools

Access & encryption

Bucket policies, encryption, Block Public Access, MFA Delete

Apply least privilege, enable encryption, monitor logs

AWS CloudWatch Security Insights

Monitoring & alerting

Metrics, logs, alarms, anomaly detection

Create alerts on IAM changes, failed logins, unusual API calls

AWS VPC Security Tools

Network security

Security Groups, NACLs, Flow Logs, Traffic Mirroring

Set up secure network architecture, monitor traffic, detect anomalies

PreviousS3 NextThreat Mapping

Last updated 2 months ago