Security Baseline
Framework
leverage Well-Architected
AWS Security Baseline is a set of controls that create a minimum foundation for projects to build securely on AWS without decreasing their agility. It integrates with existing accounts that host and maintain your project’s runtime platform workloads and services. These controls form the basis of your security posture and are focused on:
​
-
Security & Compliance: Establish a security baseline for each account.
-
Secure Defaults: All accounts are configured with safe baselines, including mandatory MFA, password policies, encrypted EBS by default, and secure S3 bucket policies.
-
AWS Security Audit:
-
Enable Cloudwatch alerts for all AWS Cloudtrail monitored services, centralizing audit operations.
-
IAM Access Analyzer: Identifies shared resources and potential security risks.
-
VPC Flow Logs: Enabled for all accounts with a VPC.
-
-
AWS Security Compliance: Use AWS Config for inventory, configuration history, and compliance-as-code framework. Additionally, AWS Inspector provides automated security assessments.
-
AWS Security Monitoring: Amazon GuardDuty offers threat detection across all AWS accounts, while AWS Security Hub provides a comprehensive view of high-priority security alerts.
-
Encryption Keys: AWS KMS CMKs are created for services requiring encryption, ensuring lifecycle management and permission control.
-
IMPORTANT CONSIDERATION
-
While the AWS Security Baseline favors best practices aligned with CIS AWS Foundations Benchmark standards, SOC2 , HIPAA and ISO 27001 conformance rules, it won't strictly adhere to any specific compliance framework during this phase. It's recommended to review and audit for specific regulation conformance after workloads are operational.
-
The design presented in this document is inspired by several official AWS official recommendations such as: Establishing your best practice AWS environment - Amazon Web Services, AWS Well-Architected - Build secure, efficient cloud applications, and The AWS Security Reference Architecture - AWS Prescriptive Guidance.
Security Base
Security Audit
(CloudTrail)
AWS Security Compliance
(AWS Config)
AWS Security Compliance
(AWS Inspector)
AWS Security Monitoring
(Amazon GuardDuty)
AWS IAM
Access Analyzer
Security Encryption Keys
(AWS KMS)
Notifications
(AWS SNS to Slack)
Security Optimization
(AWS Trusted Advisor)
Build a resilient security posture for your AWS projects.
Take the first step – complete the form and implement our Security Baseline controls today.