SbD outlines the control responsibilities, the automation of security baselines, the configuration of security, and the customer audit of controls for AWS customer infrastructure, operating systems, services and applications running in AWS. This standardized, automated, prescriptive, and repeatable design can be deployed for common use cases, security standards, and audit requirements across multiple industries and workloads.
AWS recommends building in security and compliance into your AWS account by following a four-phase approach:
Phase 1 – Understand your requirements. Outline your policies, then document the controls you inherit from AWS. Next, document the controls you own and operate in your AWS environment, and decide what security rules you want to enforce within your AWS IT environment.
Phase 2 – Build a secure environment that fits your requirements and implementation. Define the configuration you require in the form of AWS configuration values, such as encryption requirements (for example, forcing server-side encryption for