By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubNetwork FirewallAmazon MacieBilling and Cost ManagementS3 Bucket PoliciesCloudWatch Alarms and Event RulesLogging & Monitoring ConfigurationsAWS WAFBackups & DRAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Billing and Cost Management

AWS controls to help manage costs in an AWS environment. Controls include AWS Budgets and CloudWatch alarms.

Budget

AWS Budgets provide the ability to set custom budgets that can alert when costs exceed (or are forecasted to exceed) the budgeted amount. (Default configured budget is 1000 USD)

CloudFormationTerraformAWS CLI

AWS Budgets provide the ability to set custom budgets that can alert when costs exceed (or are forecasted to exceed) the budgeted amount. A notification has been configured when the actual costs exceed 80% of the budget (Default is 1000 USD).

CloudFormationTerraformAWS CLI
CloudWatch Alarms

A CloudWatch Alarm that triggers the AWS bill reaches the specified threshold (default: 100 USD).

CloudFormationTerraformAWS CLI
IAM Policy

A policy that allows starting or stopping a specific EC2 instance and modifying a specific security group (Programmatically and in the Console).

CloudFormationTerraformAWS CLI

A policy that allows listing information for all EC2 objects and launching EC2 instances in a specific subnet. This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI

A policy that allows managing Amazon EC2 security groups associated with a specific virtual private cloud (VPC). This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI

A policy hat allows full EC2 access within a specific region. This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI

An IAM policy that prevents users from creating their own security groups, and allows users to only launch approved AMIs (Amazon Machine Images). Approved images are identified with Tags (Example, Tag Key: Approved, Tag Value: True). This policy provides the permissions necessary to complete this action programmatically or from the console.

CloudFormationTerraformAWS CLI

An IAM policy that allows an IAM user to start or stop EC2 instances, but only if the instance tag Owner has the value of that user's user name. This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI

An IAM policy that prevents users from terminating EC2 instances when the request does not come from a specified IP range. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only

CloudFormationTerraformAWS CLI

An IAM policy that prevents users from launching new EC2 Instances if they are not configured to use the new Instance Metadata Service (IMDSv2)

CloudFormationTerraformAWS CLI