AWS Well-Architected Security Pillar Check
Best practices directly from AWS for security, reliability, and efficiency. 226 checks, 57 requirements
Framework overview
AWS Well-Architected Security Pillar
The AWS Well-Architected Security Pillar codifies AWS's own recommendations for secure cloud workloads. Its 57 best practices cover IAM, detective controls, infrastructure protection, data protection, and incident response. Unlike third-party frameworks, these controls map directly to AWS-native services and configurations.
Who needs this
Relevant for
AWS customers, cloud teams, solution architects
What the scan checks
Example check areas
IAM best practices, detective controls, infrastructure protection, data protection, incident response
Frequently asked questions
What is the AWS Well-Architected Security Pillar?
AWS's own set of 57 best practices for secure cloud workloads, covering IAM, detective controls, infrastructure protection, data protection, and incident response. Unlike third-party frameworks, every recommendation maps directly to an AWS service or configuration.
Who should use the Well-Architected Security check?
Any team running workloads on AWS. Solution architects use it when designing new systems. Operations teams use it to validate existing configurations. It is the closest thing to an official AWS security audit you can run yourself.
How does this relate to the AWS Well-Architected Review?
The full Well-Architected Review covers all six pillars and typically involves an AWS partner. Our scan focuses on the Security Pillar and runs automatically against your live configuration. It gives you an immediate baseline without scheduling a workshop.