Introduction Building a secure AWS environment has many layers – the AWS account access and resource privileges, keeping inventory of the instances, and managing application configuration. This is of course not a one-time effort but a continuous process – the ability to review AWS recourses and access, the ability to check for installed software and unpatched instances, the ability to check who had access to configuration properties. A separate whitepaper has been released that addresses all these topics. Taking an Infrastructure as Code (IaC) approach, where the whole infrastructure (AWS resources and access) is treated as code under version control provides full visibility and makes every change traceable and auditable.…