AWS Least Privilege Role Comparisons
AWS Firewalls & Encryptions Comparisons
Core Identity and Access Management:
- IAM (Identity and Access Management): This service allows you to manage access to AWS resources. You control who is authenticated (signed in) and authorized (has permissions) to use resources. You create users, groups, and roles, and apply policies that grant or deny permissions. Crucial for security and resource control.
- IAM Identity Center (successor to AWS Single Sign-On): Enables you to centrally manage access to multiple AWS accounts and applications. It simplifies SSO (Single Sign-On) for users and provides centralized access control across your organization.
Data Protection:
- KMS (Key Management Service): Used to create and manage encryption keys. KMS makes it easy to encrypt data at rest and in transit. You control the use of these keys, ensuring that only authorized users and services can access encrypted data.
- CloudHSM (Hardware Security Module): Provides dedicated hardware appliances within AWS for cryptographic key storage and operations. It offers higher security and compliance requirements than KMS. Use it when you need FIPS 140-2 Level 3 validated hardware.
- AWS Certificate Manager (ACM): Simplifies the provisioning, management, and deployment of SSL/TLS certificates for use with AWS services. It helps secure your websites and applications.
Threat Detection and Monitoring:
Network Security:
- Shield: Provides protection against Distributed Denial of Service (DDoS) attacks. Shield Standard is automatically included with all AWS accounts. Shield Advanced offers additional protection and support for a fee.