Control: AWS > Well-Architected Tool > AWS Well-Architected Framework > Security

Primary Policies

The following policies can be used to configure this control:

• Security
• Security > SEC 01. How do you securely operate your workload?
• Security > SEC 01. How do you securely operate your workload? > Secure AWS account
• Security > SEC 01. How do you securely operate your workload? > Identify and validate control objectives
• Security > SEC 01. How do you securely operate your workload? > Evaluate and implement new security services and features regularly
• Security > SEC 01. How do you securely operate your workload? > Separate workloads using accounts
• Security > SEC 01. How do you securely operate your workload? > Automate testing and validation of security controls in pipelines
• Security > SEC 01. How do you securely operate your workload? > Identify and prioritize risks using a threat model
• Security > SEC 01. How do you securely operate your workload? > Keep up to date with security recommendations
• Security > SEC 01. How do you securely operate your workload? > Keep up to date with security threats
• Security > SEC 02. How do you manage identities for people and machines?
• Security > SEC 02. How do you manage identities for people and machines? > Audit and rotate credentials periodically
• Security > SEC 02. How do you manage identities for people and machines? > Use strong sign-in mechanisms
• Security > SEC 02. How do you manage identities for people and machines? > Leverage user groups and attributes
• Security > SEC 02. How do you manage identities for people and machines? > Rely on a centralized identity provider
• Security > SEC 02. How do you manage identities for people and machines? > Store and use secrets securely
• Security > SEC 02. How do you manage identities for people and machines? > Use temporary credentials
• Security > SEC 03. How do you manage permissions for people and machines?
• Security > SEC 03. How do you manage permissions for people and machines? > Analyze public and cross account access
• Security > SEC 03. How do you manage permissions for people and machines? > Reduce permissions continuously
• Security > SEC 03. How do you manage permissions for people and machines? > Define access requirements
• Security > SEC 03. How do you manage permissions for people and machines? > Define permission guardrails for your organization
• Security > SEC 03. How do you manage permissions for people and machines? > Establish emergency access process
• Security > SEC 03. How do you manage permissions for people and machines? > Grant least privilege access
• Security > SEC 03. How do you manage permissions for people and machines? > Manage access based on life cycle
• Security > SEC 03. How do you manage permissions for people and machines? > Share resources securely
• Security > SEC 04. How do you detect and investigate security events?
• Security > SEC 04. How do you detect and investigate security events? > Implement actionable security events
• Security > SEC 04. How do you detect and investigate security events? > Analyze logs, findings, and metrics centrally
• Security > SEC 04. How do you detect and investigate security events? > Configure service and application logging
• Security > SEC 04. How do you detect and investigate security events? > Automate response to events
• Security > SEC 05. How do you protect your network resources?
• Security > SEC 05. How do you protect your network resources? > Automate network protection
• Security > SEC 05. How do you protect your network resources? > Create network layers
• Security > SEC 05. How do you protect your network resources? > Implement inspection and protection
• Security > SEC 05. How do you protect your network resources? > Control traffic at all layers
• Security > SEC 06. How do you protect your compute resources?
• Security > SEC 06. How do you protect your compute resources? > Enable people to perform actions at a distance
• Security > SEC 06. How do you protect your compute resources? > Automate compute protection
• Security > SEC 06. How do you protect your compute resources? > Implement managed services
• Security > SEC 06. How do you protect your compute resources? > Reduce attack surface
• Security > SEC 06. How do you protect your compute resources? > Validate software integrity
• Security > SEC 06. How do you protect your compute resources? > Perform vulnerability management
• Security > SEC 07. How do you classify your data?
• Security > SEC 07. How do you classify your data? > Automate identification and classification
• Security > SEC 07. How do you classify your data? > Define data protection controls
• Security > SEC 07. How do you classify your data? > Identify the data within your workload
• Security > SEC 07. How do you classify your data? > Define data lifecycle management
• Security > SEC 08. How do you protect your data at rest?
• Security > SEC 08. How do you protect your data at rest? > Enforce access control
• Security > SEC 08. How do you protect your data at rest? > Automate data at rest protection
• Security > SEC 08. How do you protect your data at rest? > Enforce encryption at rest
• Security > SEC 08. How do you protect your data at rest? > Implement secure key management
• Security > SEC 08. How do you protect your data at rest? > Use mechanisms to keep people away from data
• Security > SEC 09. How do you protect your data in transit?
• Security > SEC 09. How do you protect your data in transit? > Authenticate network communications
• Security > SEC 09. How do you protect your data in transit? > Automate detection of unintended data access
• Security > SEC 09. How do you protect your data in transit? > Enforce encryption in transit
• Security > SEC 09. How do you protect your data in transit? > Implement secure key and certificate management
• Security > SEC 10. How do you anticipate, respond to, and recover from incidents?
• Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Automate containment capability
• Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Develop incident management plans
• Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Identify key personnel and external resources
• Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Pre-deploy tools
• Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Pre-provision access
• Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Prepare forensic capabilities
• Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Run game days

Category

• Other

In Your Workspace

• Controls by Resource report
• Controls by Control Type report

Developers

Control Type URI

tmod:@turbot/aws-wellarchitected-framework#/control/types/sec

Category URI

tmod:@turbot/turbot#/control/categories/other

GraphQL

query controlType(id: "tmod:@turbot/aws-wellarchitected-framework#/control/types/sec") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-wellarchitected-framework#/control/types/sec'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-wellarchitected-framework#/control/types/sec"