In the cloud, there is a set of principles that can help strengthen security and compliance.

1.Use the principle of least privilege.

Access only for those who really need it;

Clearly defined and consistently applied authority policies within groups and across teams;

Centralize privilege management;

2.Activate traceability.

Apply the principles of security governance;

Create monitoring, alerts and audits of actions;

Apply observability principles;

3.Protect all layers.

Implementation of a defense in depth strategy, incorporating various security controls; Ex: reinforced authentication, require decryption key, validate that the network path is trustworthy.

4.Automate security.

With a code-based infrastructure and a set of APIs and tools, you can automate security engineering and operations functions. It will allow you to monitor, evaluate, and initiate a response to your system.

Metrify and monitor threat detection, investigation and response responses

5.Project data has transit and at rest.

Refine access control

Create and control encryption keys

Data integrity validation

Lifecycle rule for data retention

Classify data protection management into sensitivity levels.

6.Prepare for events.

Prevention and detection control at an advanced stage, it is necessary to implement processes to respond to and mitigate the impact of security incidents.

Apply security practices from the AWS Well-Architected Framework.

7.Minimize the attack surface.

Be ready to escalate and absorb attacks, minimize it, or remove the possibility of an unprotected device.

Services such as AWS Auto Scaling and Amazon CloudFront enable this procedure to absorb attacks at both the architectural and network layers.

I hope I helped, the idea is to share knowledge :)