Amazon Web Services (AWS) follows a shared responsibility model. Amazon takes responsibility for the security of its infrastructure, and has made platform security a priority to protect customers’ critical data and applications. Amazon detects fraud and abuse, and responds to incidents by notifying customers. Customers are also responsible for the application hosted in AWS & security configurations done in AWS services.
CloudTrail is an AWS service that generates log files of all API calls made within AWS, including the AWS management console, SDKs, command line tools, etc. This capability allows organizations to continuously monitor activities in AWS for compliance auditing and post-incident forensic investigations.To Secure AWS account, below cloudtrail points should be enabled
IAM - Identity & Access Management is a web service which aims to enable secured control access to AWS resources. IAM is used to control who is authenticated and who is authorized to use the resources. Some of the steps taken for a strong IAM framework are listed below.
AWS provides many storage solutions like Object based storage - S3, Elastic Block Storage, Relational Database Service- RDS & Aurora, Data warehousing - Redshift, In-Cache memory - Elasticache and NoSQL - DynamoDB. Some steps that need to be taken to ensure secure storage are :
AWS inspector, automatically assesses application vulnerability or deviations from best practices, including impacted networks, OS, and attached storage. AWS Config, is a service that identifies all of your AWS resources and then evaluates the same with the required AWS configuration needed for your setup.