Security, Identity and Compliance Services
AWS Artifact
What it is:
AWS Artifact is your central hub for AWS compliance reports and certifications, such as SOC, ISO, and PCI. It provides downloadable documents to help with audits and legal assessments.
Why it matters:
- Gives easy access to AWS compliance documentation
- Helps meet regulatory and customer requirements
- Supports internal and external audit processes
Typical Use Cases:
- Sharing SOC 2 reports with auditors
- Collecting evidence for compliance assessments
- Validating AWS compliance for your organization
AWS Audit Manager
What it is:
AWS Audit Manager helps automate the collection of audit evidence by mapping AWS usage data to compliance frameworks such as GDPR, HIPAA, and ISO.
Why it matters:
- Reduces the manual effort in audit preparation
- Continuously tracks compliance posture
- Helps demonstrate control effectiveness
Typical Use Cases:
- Automating SOC 2 evidence collection
- Mapping AWS usage to GDPR controls
- Monitoring compliance for AI/ML pipelines
AWS IAM (Identity and Access Management)
What it is:
IAM is AWS's core access control service, enabling you to create users, groups, roles, and policies to securely manage access to AWS services and resources.
Why it matters:
- Enforces least privilege across your organization
- Provides fine-grained access controls for AI/ML services
- Supports secure role-based delegation
Typical Use Cases:
- Allowing SageMaker to read data from S3
- Creating service roles for Bedrock or Lambda
- Enforcing MFA and managing user permissions
Amazon Inspector
What it is:
Amazon Inspector is an automated vulnerability scanning tool for EC2, container images, and Lambda functions. It continuously checks for known security issues.
Why it matters:
- Helps protect applications from known vulnerabilities
- Automates security checks in DevSecOps pipelines
- Sends real-time findings to Security Hub or CloudWatch
Typical Use Cases:
- Scanning inference EC2s or Lambda functions
- Securing SageMaker endpoints
- Identifying CVEs in Docker images
AWS KMS (Key Management Service)
What it is:
AWS KMS is a managed service for creating and controlling encryption keys used to secure your data across AWS services.
Why it matters:
- Enables encryption-at-rest and in-transit
- Supports customer-managed key (CMK) creation
- Logs key usage via CloudTrail for auditing
Typical Use Cases:
- Encrypting training datasets in S3
- Managing key rotation for AI/ML environments
- Protecting secrets and database credentials
Amazon Macie
What it is:
Amazon Macie is a data security and privacy service that uses ML to discover, classify, and protect sensitive data such as personally identifiable information (PII) stored in Amazon S3.
Why it matters:
- Identifies sensitive data like names, addresses, and credit card numbers
- Alerts you to publicly accessible or misconfigured S3 buckets
- Helps meet privacy regulations like GDPR and HIPAA
Typical Use Cases:
- Scanning training datasets for sensitive content
- Auditing AI data lakes for PII
- Automatically flagging non-compliant storage configurations
AWS Secrets Manager
What it is:
Secrets Manager helps you store, retrieve, and rotate secrets (e.g., database credentials, API keys, tokens) securely in your applications.
Why it matters:
- Keeps secrets out of code
- Supports automatic rotation of credentials
- Provides fine-grained IAM access to secrets
Typical Use Cases:
- Managing API keys for AI services
- Storing database credentials used in SageMaker pipelines
- Rotating secrets used in Lambda or Bedrock functions