AWS Cloud
AWS Cloud
I'd like information about Security in the Cloud »

Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.

An advantage of the AWS cloud is that it allows customers to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment.

Interested in bringing your skills to the cloud? Check out our open Security Careers »

For additional security information, visit our Security Blog »

We worked closely with the Amazon team to develop a security model, which we believe enables us to operate more securely in the public cloud than we can even in our data centers.
Rob Alexander CIO, Capital One

More controls and increased privacy - all at a lower cost

Secure Cloud Computing

Keep Your Data Safe

The AWS infrastructure puts strong safeguards in place to help protect customer privacy. All data is stored in highly secure AWS data centers.

AWS Compliance

Meet Compliance Requirements

AWS manages dozens of compliance programs in its infrastructure. This means that segments of your compliance have already been completed.

Cost Savings

Save Money

Cut costs by using AWS data centers. Maintain the highest standard of security without having to manage your own facility.

Quick Scaling

Scale Quickly

Security scales with your AWS cloud usage. No matter the size of your business the AWS infrastructure is designed to keep data safe.

AWS Global Infrastructure
Infrastructure Region

Region & Number of Availability Zones

AWS GovCloud (2)

US West
Oregon (3), Northern California (3)

US East
Northern Virginia (5), Ohio (3)

South America
São Paulo (3)

EU
Ireland (3), Frankfurt (2)

Asia Pacific
Singapore (2), Sydney (3), Tokyo (3), Seoul (2), Mumbai (2)

China
Beijing (2)

Region Coming Soon

New Region (coming soon)

Montreal

London

Paris

Ningxia


Improving Continuity With Replication Between Regions

Meeting Compliance and Data Residency Requirements

Geographic Expansion

In addition to replicating applications and data across multiple data centers in the same region using Availability Zones, you can also choose to increase redundancy and fault tolerance further by replicating data between geographic regions.

You retain complete control and ownership over the region in which your data is physically located, making it easy to meet regional compliance and data residency requirements.

Throughout the next year, the AWS Global Infrastructure will expand with at least 11 new Availability Zones in new geographic regions: Montreal in Canada, Ningxia in China, Paris in France, and the United Kingdom.

Spend less time on compliance and more time running your business

Have the backing of our extensive support network every step of the way

Real-time insight through AWS Trusted Advisor

Proactive support and advocacy with a Technical Account Manager (TAM)

Learn more »

Strategic advice to create In-Depth Security Solutions

Detect and respond to security issues with the Security Operations Playbook

Learn more »

  • Infrastructure Security

    AWS provides several security capabilities and services to increase privacy and control network access. These include:

    • Network firewalls built into Amazon VPC, and web application firewall capabilities in AWS WAF let you create private networks, and control access to your instances and applications
    • Encryption in transit with TLS across all services
    • Connectivity options that enable private, or dedicated, connections from your office or on-premises environment

     





    Cloud Infrastructure Security
  • DDoS Mitigation

    Availability is of paramount importance in the cloud. AWS customers benefit from AWS services and technologies built from the ground up to provide resilience in the face of DDoS attacks.

    A combination of AWS services may be used to implement a defense in depth strategy and thwart DDoS attacks. Services designed with an automatic response to DDoS help minimize time to mitigate and reduce impact.

    Learn about how to use AWS technologies like autoscaling, Amazon CloudFront and Amazon Route 53 help to mitigate Distributed Denial of Service attacks.

    Learn more about DDoS »





     

     

    Data Encryption
  • Data Encryption

    AWS offers you the ability to add an additional layer of security to your data at rest in the cloud, providing scalable and efficient encryption features. This includes:

    • Data encryption capabilities available in AWS storage and database services, such as EBS, S3, Glacier, Oracle RDS, SQL Server RDS, and Redshift
    • Flexible key management options, including AWS Key Management Service, allowing you to choose whether to have AWS manage the encryption keys or enable you to keep complete control over your keys
    • Dedicated, hardware-based cryptographic key storage using AWS CloudHSM, allowing you to satisfy compliance requirements

    In addition, AWS provides APIs for you to integrate encryption and data protection with any of the services you develop or deploy in an AWS environment.

    Data Encryption
  • Inventory and Configuration

    AWS offers a range of tools to allow you to move fast while still ensuring that your cloud resources comply with organizational standards and best practices. This includes:

    • A security assessment service, Amazon Inspector, that automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage
    • Deployment tools to manage the creation and decommissioning of AWS resources according to organization standards
    • Inventory and configuration management tools, including AWS Config, that identify AWS resources and then track and manage changes to those resources over time
    • Template definition and management tools, including AWS CloudFormation to create standard, preconfigured environments
    Inventory In The Cloud
  • Monitoring and Logging

    AWS provides tools and features that enable you to see exactly what’s happening in your AWS environment. This includes:

    • Deep visibility into API calls through AWS CloudTrail, including who, what, who, and from where calls were made
    • Log aggregation options, streamlining investigations and compliance reporting
    • Alert notifications through Amazon CloudWatch when specific events occur or thresholds are exceeded

    These tools and features give you the visibility you need to spot issues before they impact the business and allow you to improve security posture, and reduce the risk profile, of your environment.




    Monitoring and Logging
  • Identity and Access Control

    AWS offers you capabilities to define, enforce, and manage user access policies across AWS services. This includes:

    AWS provides native identity and access management integration across many of its services plus API integration with any of your own applications or services.


    Inventory In The Cloud
  • Penetration Testing

    Please complete and submit the AWS Vulnerability / Penetration Testing Request Form to request authorization for penetration testing to or originating from any AWS resources. There are several important things to note about penetration testing requests:

    • Permission is required for all penetration tests.
    • To request permission, you must be logged into the AWS portal using the root credentials associated with the instances you wish to test, otherwise the form will not pre-populate correctly. If you have hired a third party to conduct your testing, we suggest that you complete the form and then notify your third party when we grant approval.
    • Our policy only permits testing of EC2 and RDS instances that you own. Tests against any other AWS services or AWS-owned resources are prohibited
    • At this time, our policy does not permit testing small or micro RDS instance types. Testing of m1.small or t1.micro EC2 instance types is not permitted. This is to prevent potential adverse performance impacts on resources that may be shared with other customers.
    Inventory In The Cloud

APN Partners offer hundreds of industry-leading products that are equivalent, identical to, or integrate with existing controls in your on-premises environments. These products complement the existing AWS services to enable you to deploy a comprehensive security architecture and a more seamless experience across your cloud and on-premises environments.

Contact Us »