DevSecOps

Includes features like account per environment, organization with OU, and SCP Policy.

Includes features like setting up IAM Password Policy; creating an IAM role for contacting AWS support for incident handling; enabling AWS Config rules to audit root account status; enabling IAM Access Analyzer in each region; and following IAM best practices.

Includes features like removing all rules associated with default route tables, default network ACLs and default security groups in the default VPC in all regions; enabling AWS Config rules to audit unrestricted common ports in Security Group rules; enabling VPC Flow Logs with the default VPC in all regions; and enabling default EBS encryption for newly created volumes.

Includes features like lint checks, SAST checks, and compliance checks.

Includes features like Git secrets pre-commit hooks, AWS Secrets Management, AWS Secure Parameter store, AWS Secrets Manager, and BridgeCrew free scanning for Terraform source code.

Includes features like sending CloudWatch, Security Hub, and GuardDuty notifications to Slack.

Includes features like enable CloudTrail in all regions and deliver events to CloudWatch Logs; checking that object-level logging for all S3 buckets is enabled by default; encrypting CloudTrail logs using AWS Key Management Service; storing logs in the S3 bucket with access logging enabled; automatically archiving logs into Amazon Glacier after a given period (defaults to 90 days); setting up CloudWatch alarms to notify you when critical changes happen in your AWS account; enabling AWS Config in each regions to automatically take configuration snapshots; enabling SecurityHub and subscribe available standards; subscribing CIS benchmark standard; subscribing PCI DSS standard; subscribing AWS Foundational security best practices standard; and enabling GuardDuty in each regions.