Shield

• AWS managed DDoS protection service
• Protect against Layer 3 and 4 (Network and Transport) attacks
• Shield Standard is automatic and free DDoS protection for CF + 53
• Shield Advanced paid service EC2, ELB

AWS WAF

• Web Application Firewall protects web applications - web exploits SQL injection or Cross-site scripting (XSS)
• CloudFront, ALB, API Gateway and AWS AppSync

AWS Firewall Manager

centrally configure and manage across accounts in AWS Organization

AWS WAF rules, AWS Shield Advanced, Network Firewall rules, and Route 53 DNS Firewall Rules

• Use case: Meet Gov regulations to deploy AWS WAF rule to block traffic from embargoed countries across accounts and resources

AWS GuardDuty

• Read . Apply machine learning algorithms and anomaly detections to discover threats

  VPC Flow Logs, DNS Logs, and CloudTrail events

• Can protect against CryptoCurrency attacks

Amazon Inspector

• Automated Security Assessment service for EC2 instances by installing an agent in the OS of EC2 instance.
• Inspector comes with pre-defined rules packages:-
  1. Network Reachability rules package checks for unintended network accessibility of EC2 instances
  2. Host Assessment rules package checks for vulnerabilities and insecure configurations on EC2 instance. Includes Common Vulnerabilities and Exposures (CVE), Center for Internet Security (CIS) Operating System configuration benchmarks, and security best practices.

Amazon Macie

• Managed service to discover and protect your sensitive data in AWS
• Macie identify and alert for sensitive data, such as Personally Identifiable Information (PII) in your selected S3 buckets