As part of my AWS Certified Cloud Practitioner learning journey, Day 4 focused on AWS security services and governance tools.
The key goal of this session was understanding which security service to use, when, and why — something that is often confusing for beginners.
This post summarizes the core purpose and differences between major AWS security services.
1. AWS Systems Manager (SSM)
What it does:
AWS Systems Manager helps you manage, monitor, and automate operations on your EC2 instances and on-prem servers.
Key use cases:
- Patch management
- Run commands without SSH
- Configuration management
- Operational visibility
When to use:
Use SSM when you want secure operational control over servers without opening ports or managing credentials manually.
👉 Think of SSM as an operations & automation tool, not a firewall.
2. AWS Web Application Firewall (WAF)
What it does:
AWS WAF protects web applications from common attacks like:
- SQL injection
- Cross-site scripting (XSS)
- Malicious bots
Works with:
- CloudFront
- Application Load Balancer
- API Gateway
When to use:
Use WAF when your application is public-facing and you need layer 7 (HTTP/HTTPS) protection.
3. AWS Shield
What it does:
AWS Shield protects against DDoS (Distributed Denial of Service) attacks.
Two levels:
- Shield Standard – automatic, free, basic protection
- Shield Advanced – paid, advanced protection with 24/7 AWS support
When to use:
Use Shield when availability is critical and you want protection against network and transport layer attacks.
👉 WAF protects applications; Shield protects availability.
4. Amazon Inspector
What it does:
Amazon Inspector automatically scans workloads for:
- Security vulnerabilities
- Exposed software
- Misconfigurations
Targets:
- EC2 instances
- Container images
- Lambda functions
When to use:
Use Inspector when you want continuous vulnerability assessment of your workloads.
5. AWS Trusted Advisor
What it does:
Trusted Advisor provides best-practice recommendations across:
- Security
- Cost optimization
- Performance
- Reliability
- Service limits
When to use:
Use Trusted Advisor for high-level guidance and proactive improvement suggestions.
👉 It does not fix issues — it advises.
🚨 6. Amazon GuardDuty
What it does:
Amazon GuardDuty is a threat detection service that monitors:
- CloudTrail logs
- VPC Flow Logs
- DNS logs
Detects:
- Compromised credentials
- Malicious IP activity
- Suspicious behavior
When to use:
Use GuardDuty for continuous threat monitoring and early detection.
📄 7. AWS Artifact
What it does:
AWS Artifact provides on-demand access to compliance reports, such as:
- ISO
- SOC
- PCI
- HIPAA
When to use:
Use Artifact when you need compliance documentation for audits or regulatory requirements.
👉 Artifact provides reports, not protection.
⚖️ 8. Governance & Compliance Services
AWS governance focuses on control, visibility, and compliance, using services like:
- AWS Organizations
- AWS Control Tower
- Service Control Policies (SCPs)
When to use:
Use governance services when managing multiple accounts, enforcing policies, and meeting regulatory requirements.
🧠 Quick Decision Guide
| Requirement | Use This Service |
|---|---|
| Manage EC2 securely | Systems Manager |
| Protect web apps | AWS WAF |
| DDoS protection | AWS Shield |
| Find vulnerabilities | Amazon Inspector |
| Best-practice checks | Trusted Advisor |
| Threat detection | GuardDuty |
| Compliance reports | AWS Artifact |
| Multi-account control | Governance services |
✅ Key Takeaway
AWS security is layered, and each service has a specific role.
Understanding where each service fits is essential for making the right architectural decisions — especially for Cloud Practitioner level.
Day 3 link as below:
https://adeelkhan77.com/2025/12/22/blog-68-aws-certified-cloud-practitioner-day-3-access-management-in-aws-cloud/
Day 5 link as below:
https://adeelkhan77.com/2025/12/24/blog-70-aws-certified-cloud-practitioner-day-5-deploying-and-operating-in-the-aws-cloud/