# Security, identity & compliance **Topics** + [Automate incident response and forensics](automate-incident-response-and-forensics.md) + [Automatically audit AWS security groups that allow access from public IP addresses](audit-security-groups-access-public-ip.md) + [Automatically remediate unencrypted Amazon RDS DB instances and clusters](automatically-remediate-unencrypted-amazon-rds-db-instances-and-clusters.md) + [Automatically validate and deploy IAM policies and roles by using CodePipeline, IAM Access Analyzer, and AWS CloudFormation macros](automatically-validate-and-deploy-iam-policies-and-roles-in-an-aws-account-by-using-codepipeline-iam-access-analyzer-and-aws-cloudformation-macros.md) + [Bidirectionally integrate AWS Security Hub CSPM with Jira software](bidirectionally-integrate-aws-security-hub-with-jira-software.md) + [Build a pipeline for hardened container images using EC2 Image Builder and Terraform](build-a-pipeline-for-hardened-container-images-using-ec2-image-builder-and-terraform.md) + [Centralize IAM access key management in AWS Organizations by using Terraform](centralize-iam-access-key-management-in-aws-organizations-by-using-terraform.md) + [Check an Amazon CloudFront distribution for access logging, HTTPS, and TLS version](check-an-amazon-cloudfront-distribution-for-access-logging-https-and-tls-version.md) + [Choose an Amazon Cognito authentication flow for enterprise applications](choose-an-amazon-cognito-authentication-flow-for-enterprise-applications.md) + [Create AWS Config custom rules by using AWS CloudFormation Guard policies](create-aws-config-custom-rules-by-using-aws-cloudformation-guard-policies.md) + [Create a consolidated report of Prowler security findings from multiple AWS accounts](create-a-consolidated-report-of-prowler-security-findings-from-multiple-aws-accounts.md) + [Deploy and manage AWS Control Tower controls by using AWS CDK and CloudFormation](deploy-and-manage-aws-control-tower-controls-by-using-aws-cdk-and-aws-cloudformation.md) + [Deploy and manage AWS Control Tower controls by using Terraform](deploy-and-manage-aws-control-tower-controls-by-using-terraform.md) + [Deploy the Security Automations for AWS WAF solution by using Terraform](deploy-the-security-automations-for-aws-waf-solution-by-using-terraform.md) + [Deploy a pipeline that simultaneously detects security issues in multiple code deliverables](deploy-a-pipeline-that-simultaneously-detects-security-issues-in-multiple-code-deliverables.md) + [Deploy detective attribute-based access controls for public subnets by using AWS Config](deploy-detective-attribute-based-access-controls-for-public-subnets-by-using-aws-config.md) + [Deploy preventative attribute-based access controls for public subnets](deploy-preventative-attribute-based-access-controls-for-public-subnets.md) + [Detect Amazon RDS and Aurora database instances that have expiring CA certificates](detect-rds-instances-expiring-certificates.md) + [Dynamically generate an IAM policy with IAM Access Analyzer by using Step Functions](dynamically-generate-an-iam-policy-with-iam-access-analyzer-by-using-step-functions.md) + [Enable Amazon GuardDuty conditionally by using AWS CloudFormation templates](enable-amazon-guardduty-conditionally-by-using-aws-cloudformation-templates.md) + [Enable transparent data encryption in Amazon RDS for SQL Server](enable-transparent-data-encryption-in-amazon-rds-for-sql-server.md) + [Monitor and remediate scheduled deletion of AWS KMS keys](monitor-and-remediate-scheduled-deletion-of-aws-kms-keys.md) + [Identify public Amazon S3 buckets in AWS Organizations by using Security Hub CSPM](identify-public-s3-buckets-in-aws-organizations-using-security-hub.md) + [Ingest and analyze AWS security logs in Microsoft Sentinel](ingest-analyze-aws-security-logs-sentinel.md) + [Manage AWS Organizations policies as code by using AWS CodePipeline and Amazon Bedrock](manage-organizations-policies-as-code.md) + [Manage AWS IAM Identity Center permission sets as code by using AWS CodePipeline](manage-aws-iam-identity-center-permission-sets-as-code-by-using-aws-codepipeline.md) + [Manage credentials using AWS Secrets Manager](manage-credentials-using-aws-secrets-manager.md) + [Monitor Amazon ElastiCache clusters for at-rest encryption](monitor-amazon-elasticache-clusters-for-at-rest-encryption.md) + [Monitor IAM root user activity](monitor-iam-root-user-activity.md) + [Send a notification when an IAM user is created](send-a-notification-when-an-iam-user-is-created.md) + [Prevent internet access at the account level by using a service control policy](prevent-internet-access-at-the-account-level-by-using-a-service-control-policy.md) + [Export a report of AWS IAM Identity Center identities and their assignments by using PowerShell](export-a-report-of-aws-iam-identity-center-identities-and-their-assignments-by-using-powershell.md) + [Restrict access based on IP address or geolocation by using AWS WAF](aws-waf-restrict-access-geolocation.md) + [Scan Git repositories for sensitive information and security issues by using git-secrets](scan-git-repositories-for-sensitive-information-and-security-issues-by-using-git-secrets.md) + [Secure file transfers by using Transfer Family, Amazon Cognito, and GuardDuty](secure-file-transfers.md) + [Secure sensitive data in CloudWatch Logs by using Amazon Macie](secure-cloudwatch-logs-using-macie.md) + [Securing AWS IAM Roles Anywhere with a private certificate](iam-roles-anywhere-private-ca.md) + [Send alerts from AWS Network Firewall to a Slack channel](send-alerts-from-aws-network-firewall-to-a-slack-channel.md) + [Send custom attributes to Amazon Cognito and inject them into tokens](send-custom-attributes-cognito.md) + [Simplify private certificate management by using AWS Private CA and AWS RAM](simplify-private-certificate-management-by-using-aws-private-ca-and-aws-ram.md) + [Streamline Amazon EC2 compliance management with Amazon Bedrock agents and AWS Config](streamline-amazon-ec2-compliance-management-with-amazon-bedrock-agents-and-aws-config.md) + [Update AWS CLI credentials from AWS IAM Identity Center by using PowerShell](update-aws-cli-credentials-from-aws-iam-identity-center-by-using-powershell.md) + [Use Network Firewall to capture the DNS domain names from the Server Name Indication for outbound traffic](use-network-firewall-to-capture-the-dns-domain-names-from-the-server-name-indication-sni-for-outbound-traffic.md) + [Use Terraform to automatically enable Amazon GuardDuty for an organization](use-terraform-to-automatically-enable-amazon-guardduty-for-an-organization.md) + [Verify operational best practices for PCI DSS 4.0 by using AWS Config](verify-ops-best-practices-pci-dss-4.md) + [More patterns](securityandcompliance-more-patterns-pattern-list.md)