Capturing traffic samples for problem analysis (for example, by using Traffic Mirroring)
How to troubleshoot authorization issues (for example, by using CloudTrail, IAM Access Advisor, and IAM policy simulator)
Managed services that allow delegated administration
Responding to compromised resources (for example, by isolating Amazon EC2 instances)
Designing mechanisms to require encryption when connecting to resources (for example, Amazon RDS, Amazon Redshift, CloudFront, Amazon S3, Amazon DynamoDB, load balancers, Amazon Elastic File System [Amazon EFS], Amazon API Gateway)
Designing environment monitoring and workload monitoring based on business and security requirements
Capabilities and use cases of AWS services that provide data sources (for example, log level, type, verbosity, cadence, timeliness, immutability)
Long-term and temporary credentialing mechanisms
Defining edge security strategies for common use cases (for example, public website, serverless app, mobile app backend)
Activating logs, metrics, and monitoring around edge services to indicate attacks
AWS Security Incident Response Guide
Analyzing architectures to identify monitoring requirements and sources of data for security monitoring
Applying instance roles and service roles as appropriate to authorize compute workloads
Identifying sensitive data by using Macie
Activating host-based security mechanisms (for example, host-based firewalls)
Security features on edge services (for example, AWS WAF, load balancers, Amazon Route 53, Amazon CloudFront, AWS Shield)