- Principle of least privilege
- IAM policies are in JSON
- Role-based Access Control - Identity Federation
- Centralized management of AWS Accounts
- Consolidated billing
- Hierarchical grouping of accounts
- Service Control Policies (SCPs)
- AWS Artifacts
- AWS 3rd party infrastructure compliance Documentation
- Review, accept, and manage agreements with AWS
- AWS Compliance Center - all compliance needs in one place
- AWS Shield Standard
- Default protection at no cost
- AWS Shield Advanced
- Protection and mitigation against sophisticated DDoS attacks
- AWS Key Management Service (KMS)
- Amazon Inspector
- Amazon GuardDuty