Scanning EC2 instances and container images for known vulnerabilities
Defining the metrics and thresholds that generate alerts
Log destinations and lifecycle management (for example, retention period)
AWS Well-Architected Framework
Methods and services for creating and managing identities (for example, federation, identity providers, AWS IAM Identity Center [AWS Single Sign-On], Amazon Cognito)
Normalizing, parsing, and correlating logs
Evaluating findings from security services (for example, GuardDuty, Security Hub, Macie, AWS Config, IAM Access Analyzer)
Designing network controls to permit or prevent network traffic as required (for example, by using security groups, network ACLs, and Network Firewall)
Designing secure connectivity between AWS and on-premises networks (for example, by using Direct Connect and VPN gateways)
Identifying logging requirements and sources for log ingestion
AWS Security Finding Format (ASFF)
Selecting appropriate edge services based on anticipated threats and attacks (for example, OWASP Top 10, DDoS)
Applying the principle of least privilege across an environment
Configuring and deploying portfolios of approved AWS services (for example, by using AWS Service Catalog)
Integrity-checking techniques (for example, hashing algorithms, digital signatures)
Configuring logging for services and applications