Introduction to AWS Security Services – Microsoft AWS

Governance framework

Governance in a cloud environment involves the management and oversight of multiple accounts, services, and data flows. Organizations and Control Tower play pivotal roles in establishing a governance framework that adapts to evolving needs.

• Organizations for hierarchical management: Organizations allows you to create a hierarchical structure of AWS accounts, grouped into OUs. This structure enables centralized billing and easier policy enforcement. SCPs can be applied at different levels, offering granular control over service permissions across accounts.
• Control Tower for guardrails: Control Tower simplifies the setup of a well-architected multi-account AWS environment. One of its standout features is the implementation of guardrails—pre-configured rules for security, operations, and compliance. These guardrails work in tandem with Organizations and Config to provide a holistic governance approach.
• Synergy between Organizations and Control Tower: When used together, they offer a unified governance framework. Organizations provide the structural backbone, while Control Tower offers the guardrails for policy enforcement. This synergy ensures that governance is not just a checkbox but an integrated part of your AWS architecture.

Alerting and incident response

Effective security management is not just about prevention but also about rapid detection and response. AWS provides a range of tools to help you set up real-time monitoring, alerting, and even automatic remediation for security incidents. Let’s dive into some of these capabilities in more detail.

Real-time monitoring and alerting

By integrating security services, you can create a comprehensive real-time monitoring and alerting mechanism that covers various aspects of your AWS environment. Here are some examples of how you can set up alerts across key AWS security services:

• GuardDuty: Once enabled, GuardDuty will continuously monitor your AWS account for malicious or unauthorized behavior. From CloudWatch, you can set up alarms and notifications to be sent via Amazon SNS to alert your security team.
• Macie: Macie’s findings can be published to CloudWatch, where you can set up alarms to notify your security team via email or SMS when sensitive data is accessed or moved.
• Config: Set up Config rules and associate them with CloudWatch alarms to get alerted on non-compliant resources.
• Security Hub: Enable this service to aggregate findings from various AWS services, including GuardDuty, Inspector, and Macie. You can set up custom insights and also configure CloudWatch alarms for aggregated findings that can be sent directly to your team’s Slack channel.