AWS Security Incident Response Guide


Security is the highest priority at AWS. As an AWS customer, you benefit from a data center and network architecture that is built to meet the requirements of the most security-sensitive organizations. The AWS Cloud has a shared responsibility model. AWS manages security of the cloud. You are responsible for security in the cloud. This means that you retain control of the security you choose to implement. You have access to hundreds of tools and services to help you meet your security objectives. These capabilities help you establish a security baseline that meets your objectives for your applications
running in the cloud.

When a deviation from your baseline does occur (such as by a misconfiguration), you may need to respond and investigate. To successfully do so, you must understand the basic concepts of security incident response within your AWS environment, as well as the issues you need to consider to prepare, educate, and train your cloud teams before security issues occur. It is important to know which controls and capabilities you can use, to review topical examples for resolving potential concerns, and to identify remediation methods that you can use to leverage automation and improve your response speed. Because security incident response can be a complex topic, we encourage you to start small, develop runbooks, leverage basic capabilities, and create an initial library of incident response mechanisms to iterate from and improve upon. This initial work should include your legal department as well as teams that are not involved with security, so that you are better able to understand the impact that incident response (IR), and the choices you have made, have on your corporate goals.

  • Before You Begin (p. 2)
  • AWS CAF Security Perspective (p. 2)
  • Foundation of Incident Response (p. 3)

Leave a Reply

Your email address will not be published. Required fields are marked *