Compute Related Services
Storage Related Services
Database Related Services
Container Related Services
Migration and Transfer Related Services
Networking and Content Delivery Related Services
Developer Tools Related Services
Customer Enablement Related Services
Blockchain Related Services
Satellite Related Services
Quantum Technologies Related Services
Management and Governance Related Services
Media Services Related Services
Machine Learning Related Services
Analytics Related Services
Security Identity & Compliance Related Services
Cloud Financial Management Related Services
Front-end web and Mobile Related Services
Application Integration Related Services
Business Applications Related Services
End User Computing Related Services
Internet of Things Related Services
Game Development Related Services

Security, Identity & Compliance Related Services

1. Resource Access Manager

AWS Resource Access Manager is a service that allows organizations to securely share AWS resources across multiple AWS accounts or within an AWS Organization without duplicating resources. It helps centralize and simplify resource management by allowing shared access to resources like subnets, transit gateways, license configurations, and more. Instead of creating separate copies of the same resource in different accounts, AWS Resource Access Manager lets multiple accounts use a single shared resource. This reduces operational overhead and improves consistency across environments. It is commonly used in large enterprises with multi-account AWS architectures.

Example:
A company can use AWS Resource Access Manager to share a central networking setup, such as VPC subnets, with multiple development and production AWS accounts instead of creating separate networks for each account.

2. Cognito

Amazon Cognito is a fully managed service that helps developers add user sign-up, sign-in, authentication, and access control to web and mobile applications. It allows users to log in using usernames/passwords or through social identity providers like Google, Facebook, and Apple. Amazon Cognito manages user accounts, authentication tokens, password recovery, and multi-factor authentication (MFA). It also integrates with AWS services to securely control access to resources. The service is commonly used in apps that require user accounts, secure login systems, and identity management.

Example:
A mobile shopping app can use Amazon Cognito to let users sign in with their Google account and securely access their saved orders and profile data.

3. Secrets Manager

AWS Secrets Manager is a fully managed service that helps securely store, manage, and rotate sensitive information such as database passwords, API keys, tokens, and application secrets. Instead of hardcoding credentials directly into application code, developers can store them securely in Secrets Manager and retrieve them when needed. The service supports automatic secret rotation, which means passwords and credentials can be changed regularly without manual effort. It integrates with AWS services like RDS, Lambda, and IAM for secure access control. It is commonly used to improve application security and reduce the risk of credential leaks.

Example:
A web application can use AWS Secrets Manager to securely store its database password and automatically rotate it every few weeks without developers manually updating the application.

4. GuardDuty

Amazon GuardDuty is a fully managed security service that continuously monitors AWS accounts, workloads, and data for suspicious activity and potential threats. It uses machine learning, anomaly detection, and threat intelligence feeds to identify issues such as unauthorized access, compromised instances, malicious API calls, cryptocurrency mining, and unusual network behavior. GuardDuty analyzes data sources like AWS CloudTrail logs, VPC Flow Logs, DNS logs, and Kubernetes audit logs to detect threats in real time. It automatically generates security findings with details about the detected risks and recommended actions. The service is commonly used for cloud security monitoring and threat detection without requiring customers to manage complex security infrastructure.

Example:
A company can use Amazon GuardDuty to detect if an EC2 instance has been compromised and is communicating with a known malicious IP address.

5. Amazon Inspector

Amazon Inspector is a fully managed security service that automatically scans AWS workloads for software vulnerabilities and unintended network exposure. It continuously checks resources such as EC2 instances, container images, and Lambda functions to identify security risks like outdated software packages, known CVEs (Common Vulnerabilities and Exposures), and insecure configurations. Amazon Inspector prioritizes findings based on severity and helps security teams fix critical issues quickly. It integrates with services like Amazon ECR, AWS Organizations, and Security Hub for centralized security management. AWS manages the scanning infrastructure and threat intelligence updates automatically.

Example:
A company can use Amazon Inspector to scan its EC2 servers and get alerts if they are running outdated software with known security vulnerabilities that hackers could exploit.

6. Amazon Macie

Amazon Macie is a fully managed security and data privacy service that uses machine learning to automatically discover, classify, and protect sensitive data stored in AWS. It mainly scans Amazon S3 buckets to identify sensitive information such as personal data, financial records, passwords, API keys, and confidential business documents. Amazon Macie helps organizations understand where sensitive data exists and alerts them if data is exposed publicly or accessed in unusual ways. It supports compliance and security requirements by continuously monitoring data privacy risks. AWS handles scanning, classification, and scaling automatically.

Example:
A company can use Amazon Macie to detect if customer credit card numbers or personal documents are accidentally stored in a publicly accessible S3 bucket.

7. IAM Identity Center

AWS IAM Identity Center is a service that helps organizations centrally manage user identities and access to multiple AWS accounts and business applications. It provides single sign-on (SSO) capabilities, allowing users to log in once and securely access AWS accounts, cloud applications, and custom apps without separate credentials for each one. AWS IAM Identity Center integrates with existing identity providers such as Microsoft Active Directory, Okta, and other SAML-based systems. It simplifies permission management across AWS Organizations by assigning users and groups to accounts and roles centrally. The service is commonly used in enterprises to improve security, simplify access management, and reduce password-related issues.

Example:
A company can use AWS IAM Identity Center so employees log in once with their corporate credentials and automatically access multiple AWS accounts and applications without needing separate usernames and passwords.

8. Certificate Manager

AWS Certificate Manager is a fully managed service that helps users provision, manage, and renew SSL/TLS certificates for websites and applications running on AWS. SSL/TLS certificates are used to encrypt data transferred between users and servers, enabling secure HTTPS connections. AWS Certificate Manager can automatically issue and renew certificates, removing the need for manual certificate management. It integrates with services like Elastic Load Balancing, CloudFront, and API Gateway to easily secure applications. The service helps improve security and simplify certificate lifecycle management.

Example:
A company hosting an e-commerce website on AWS can use AWS Certificate Manager to automatically provide and renew HTTPS certificates so customer payment and login data stays encrypted and secure.

9. Key Management Service

AWS Key Management Service (commonly called AWS KMS) is a fully managed service that helps users create, store, and manage cryptographic encryption keys used to protect data. It allows organizations to encrypt data in AWS services and applications while controlling who can use the encryption keys. AWS KMS integrates with many AWS services like S3, EBS, RDS, and Lambda to provide built-in encryption support. It also supports auditing through AWS CloudTrail so users can track key usage and access. The service is commonly used for securing sensitive data, meeting compliance requirements, and managing encryption centrally.

Example:
A healthcare company can use AWS KMS to encrypt patient records stored in Amazon S3 so only authorized systems and employees can access the data securely.

10. CloudHSM

AWS CloudHSM is a fully managed service that provides dedicated hardware security modules (HSMs) in the cloud for generating, storing, and managing cryptographic keys. Unlike AWS KMS, where AWS manages much of the underlying key infrastructure, CloudHSM gives customers more direct control over their encryption keys and cryptographic operations. The service uses tamper-resistant hardware devices that meet strict security and compliance standards. It is commonly used by organizations in banking, healthcare, government, and other industries with very high security or regulatory requirements. AWS manages the hardware availability and infrastructure, while customers manage the keys and cryptographic operations.

Example:
A bank can use AWS CloudHSM to securely store and manage encryption keys used for protecting financial transaction data while meeting strict compliance regulations.

11. Directory Service

AWS Directory Service is a fully managed service that helps organizations run and integrate directory services in the AWS cloud. It allows businesses to use Microsoft Active Directory (AD) or compatible directory systems for managing users, groups, permissions, and authentication across applications and AWS resources. AWS Directory Service supports features like single sign-on (SSO), centralized identity management, and integration with on-premises Active Directory environments. It is commonly used for Windows-based workloads, enterprise applications, and user authentication systems. AWS manages the infrastructure, replication, patching, and availability of the directory servers.

Example:
A company can use AWS Directory Service to allow employees to log into AWS-hosted Windows servers and applications using the same corporate usernames and passwords they use in the office.

12. AWS Firewall Manager

AWS Firewall Manager is a security management service that helps organizations centrally configure and manage firewall rules and security policies across multiple AWS accounts and resources. It works with services like AWS WAF, Shield Advanced, Network Firewall, and security groups to enforce consistent protection policies across an entire AWS Organization. AWS Firewall Manager automatically applies and monitors security rules for resources such as load balancers, CloudFront distributions, VPCs, and EC2 instances. This helps large organizations maintain consistent security standards and reduce manual configuration effort. The service is commonly used for centralized security governance and compliance management.

Example:
A large company can use AWS Firewall Manager to automatically apply the same web application firewall (WAF) rules across all its AWS accounts to block malicious traffic consistently.

13. AWS Artifact

AWS Artifact is a self-service portal that provides customers with access to AWS compliance reports, certifications, and security-related documentation. It helps organizations review AWS’s compliance with standards such as ISO, SOC, PCI DSS, HIPAA, and GDPR. AWS Artifact allows users to download audit reports and agreements needed for regulatory, legal, and security reviews. It is commonly used by businesses that need proof of compliance when using AWS for sensitive or regulated workloads. The service simplifies access to compliance documentation without needing to contact AWS support.

Example:
A healthcare company can use AWS Artifact to download AWS HIPAA compliance reports and security certifications before hosting patient-related applications on AWS.

14. Detective

Amazon Detective is a fully managed security service that helps security teams investigate and analyze potential security issues in AWS environments. It automatically collects and organizes data from sources like AWS CloudTrail, VPC Flow Logs, and GuardDuty findings to create a detailed view of activities and relationships between resources, users, and events. Amazon Detective uses graph-based analysis and machine learning to help users quickly identify the root cause of suspicious behavior or security incidents. It reduces the time needed for manual investigation by providing visualizations and contextual insights. The service is commonly used for threat investigation, incident response, and security forensics.

Example:
A company can use Amazon Detective to investigate how an attacker gained access to an EC2 instance by tracing suspicious API calls, network traffic, and user activities across the AWS environment.

15. AWS Signer

AWS Signer is a fully managed service that helps developers digitally sign software code and application packages to ensure their authenticity and integrity. Code signing proves that software came from a trusted source and has not been modified or tampered with after signing. AWS Signer supports signing for applications, containers, IoT firmware, and Lambda code packages. It integrates with AWS services and CI/CD pipelines to automate secure software delivery workflows. The service is commonly used to improve software supply chain security and meet compliance requirements.

Example:
An IoT company can use AWS Signer to digitally sign firmware updates before sending them to smart devices so the devices only install trusted and untampered software updates.

16. Security Lake

Amazon Security Lake is a fully managed service that automatically collects, normalizes, and stores security-related logs and events from AWS environments, on-premises systems, and third-party sources into a centralized data lake. It helps organizations consolidate security data in one place for easier analysis, threat detection, compliance, and incident investigation. Amazon Security Lake uses the Open Cybersecurity Schema Framework (OCSF) to standardize security data formats, making it easier for security tools and analytics systems to work together. It integrates with services like GuardDuty, CloudTrail, Security Hub, and SIEM platforms. AWS manages storage, scaling, and data ingestion automatically.

Example:
A large enterprise can use Amazon Security Lake to centralize logs from AWS accounts and security tools so its cybersecurity team can investigate threats and detect suspicious activity more efficiently.

17. AWS Security Agent

AWS Security Agent is an AI-powered security service from AWS designed to help organizations identify and fix security vulnerabilities during software development. It performs automated security reviews on application architectures, scans source code for vulnerabilities, reviews pull requests, and provides context-aware penetration testing on demand. AWS Security Agent allows companies to define their own security requirements and automatically checks applications against those standards throughout the development lifecycle. The service also provides remediation guidance and reproducible exploit details to help developers quickly resolve issues. It is mainly used to improve application security, reduce manual security review effort, and detect vulnerabilities early before deployment.

Example:
A software company can use AWS Security Agent to automatically scan application code, review GitHub pull requests for security risks, and perform AI-driven penetration testing before releasing the application to production.

18. Amazon Verified Permissions

AWS Verified Permissions is a fully managed authorization service that helps developers manage and enforce fine-grained access control in applications. It allows organizations to define centralized permission policies that determine who can access specific resources and what actions they are allowed to perform. AWS Verified Permissions uses the Cedar policy language to create flexible and scalable authorization rules for applications. It separates authorization logic from application code, making permissions easier to manage, update, and audit. The service is commonly used in applications that require role-based access control (RBAC), attribute-based access control (ABAC), and complex user permissions.

Example:
A project management application can use AWS Verified Permissions to ensure that only project managers can edit project settings while team members can only view tasks assigned to them.

19. AWS Audit Manager

AWS Audit Manager is a fully managed service that helps organizations continuously assess, manage, and simplify compliance audits for their AWS environments. It automatically collects evidence from AWS services to demonstrate compliance with standards and regulations such as PCI DSS, HIPAA, GDPR, ISO, and SOC. AWS Audit Manager reduces the manual effort required for audits by organizing evidence, tracking controls, and generating audit-ready reports. It integrates with services like CloudTrail, Config, and Security Hub to gather compliance data automatically. The service is commonly used by businesses that need to meet regulatory, security, and governance requirements.

Example:
A healthcare company can use AWS Audit Manager to automatically collect evidence showing that patient data systems comply with HIPAA security requirements during an audit.

20. Security Hub CSPM

AWS Security Hub CSPM is a cloud security posture management (CSPM) capability within AWS Security Hub that helps organizations continuously monitor and improve the security configuration of their AWS environments. It automatically checks AWS resources against security best practices, compliance standards, and internal policies to identify misconfigurations and risks. The service aggregates findings from AWS services like GuardDuty, Inspector, Config, and Macie into a centralized dashboard for easier security management. AWS Security Hub CSPM helps security teams prioritize issues and maintain compliance with standards such as CIS AWS Foundations Benchmark, PCI DSS, and NIST. It is commonly used for continuous security monitoring and governance across multi-account AWS environments.

Example:
A company can use AWS Security Hub CSPM to detect publicly exposed S3 buckets, weak IAM permissions, or unencrypted resources and quickly fix them before they become security risks.

21. IAM

AWS Identity and Access Management (commonly called AWS IAM) is a service that helps securely control who can access AWS resources and what actions they are allowed to perform. It allows organizations to create users, groups, and roles, and assign permissions through policies. AWS IAM supports features like multi-factor authentication (MFA), temporary credentials, and fine-grained access control to improve security. It is used to manage access to services such as EC2, S3, Lambda, and databases across AWS accounts. The service is fundamental to AWS security and is commonly used in every AWS environment.

Example:
A company can use AWS IAM to allow developers access to EC2 instances while preventing them from deleting S3 buckets or changing billing settings.

22. WAF & Shield

AWS WAF is a security service that protects web applications from common web attacks such as SQL injection, cross-site scripting (XSS), bots, and malicious HTTP requests. It allows users to create rules that filter and block harmful traffic before it reaches applications hosted on services like CloudFront, API Gateway, and Application Load Balancer. AWS WAF helps improve application security and availability by stopping malicious traffic at the edge.

Example:
An e-commerce website can use AWS WAF to block attackers trying to inject malicious SQL queries into login forms.

AWS Shield is a managed security service that protects AWS applications against Distributed Denial of Service (DDoS) attacks. DDoS attacks attempt to overwhelm websites or applications with huge amounts of traffic to make them unavailable. AWS Shield automatically detects and mitigates these attacks to keep applications running. It comes in two versions: Shield Standard (basic automatic protection included with AWS services) and Shield Advanced (enhanced protection, monitoring, and support for critical applications).

Example:
A gaming platform can use AWS Shield to protect its servers from large-scale DDoS attacks during major online tournaments.

23. Security Hub

AWS Security Hub is a cloud security service that provides a centralized dashboard for monitoring and managing security alerts, compliance status, and security findings across AWS accounts and services. It collects and aggregates security data from services like GuardDuty, Inspector, Macie, IAM Access Analyzer, and third-party security tools into one place. AWS Security Hub automatically checks resources against security best practices and compliance standards such as CIS AWS Foundations Benchmark, PCI DSS, and NIST. It helps security teams prioritize risks, investigate findings, and improve overall cloud security posture. The service is commonly used for continuous security monitoring and governance in AWS environments.

Example:
A company can use AWS Security Hub to view all security alerts from multiple AWS accounts in one dashboard and quickly identify issues like exposed S3 buckets or vulnerable EC2 instances.

24. AWS Private Certificate Authority

AWS Private Certificate Authority is a managed service that helps organizations create and manage their own private digital certificates for internal applications, devices, users, and servers. Unlike public SSL certificates used for public websites, private certificates are mainly used inside organizations for secure internal communication and authentication. The service allows companies to build their own private PKI (Public Key Infrastructure) without managing complex certificate servers manually. It integrates with AWS services and supports automatic certificate issuance and renewal. It is commonly used in enterprises, IoT systems, VPNs, and internal microservices architectures.

Example:
A company can use AWS Private Certificate Authority to issue secure internal certificates for employee VPN access and communication between internal applications running on AWS.

25. AWS Payment Cryptography

AWS Payment Cryptography is a fully managed service designed for securing payment processing systems and sensitive financial transactions. It helps payment providers, banks, and financial institutions generate, store, and manage cryptographic keys used in payment operations such as PIN verification, card encryption, transaction validation, and EMV processing. The service supports industry-standard payment cryptography algorithms and compliance requirements like PCI DSS and PCI PIN Security. AWS Payment Cryptography removes the need to manage specialized hardware security infrastructure manually while still providing highly secure payment-grade encryption. It is commonly used in card payment systems, ATMs, point-of-sale systems, and digital payment platforms.

Example:
A digital payments company can use AWS Payment Cryptography to securely encrypt customer card details and verify payment PINs during online transactions.

26. AWS Security Incident Response

AWS Security Incident Response is a security service that helps organizations prepare for, investigate, contain, and recover from cybersecurity incidents in their AWS environments. It combines automated detection, investigation workflows, and access to AWS security expertise to help respond quickly to threats such as compromised accounts, malware activity, unauthorized access, or data breaches. The service integrates with AWS security tools like GuardDuty, Security Hub, CloudTrail, and Detective to gather security findings and accelerate incident analysis. AWS Security Incident Response helps reduce response time and improve coordination during active security events. It is commonly used by enterprises that need faster and more organized cloud security incident handling.

Example:
A company can use AWS Security Incident Response to quickly investigate and contain a compromised EC2 instance after GuardDuty detects suspicious outbound network activity.