17 thẻ
GuardDuty
Threat detection (ML)
Inspector
Vulnerability scanning
Macie
PII discovery in S3
Detective
Root cause analysis
Security Hub
Central findings
WAF
Layer 7 (SQL injection, XSS)
Shield
DDoS (Standard=free, Advanced=$$)
Firewall Manager
Central management
Network Firewall
VPC traffic filtering
KMS
Managed keys, rotation
CloudHSM
Dedicated HSM, FIPS 140-2 L3
Secrets Manager
Rotation, cross-account
Parameter Store
Config, hierarchy (free tier)
IAM Identity Center
SSO
Cognito User Pools
App authentication
Cognito Identity Pools
Temp AWS creds
Directory Service
AD integration