Talk To An Expert


Secure your Cloud Infrastructure with AWS Event-Driven Security

Cloud Infrastructure with AWS Event-Driven Security

When it comes to security, Cloud operates on a shared responsibility model and when an organization is planning their cloud adoption roadmap, security is a key part of discussion. Security is always critical for companies and it is not only a technology issue, but also a business problem.

Security is not only about encrypting the data at rest and data in flight, but there are many other layers to consider like network layer design security, users who are going to admin/develop on cloud their permission levels, securing the Application from bad bots, SQL Injection at scale etc. – all these are a part of the overall security posture.

Shared security model – in which security of the Cloud is the Cloud Provider’s responsibility and security in the Cloud is user’s responsibility. What I mean is that physical hardware, geography, Infrastructure, Authorised Employee access etc. are the responsibility of the Cloud Provider, and there are services, which need to be enabled in the Design Architecture to achieve Security in the Cloud.

Cloud Infrastructure with AWS Event-Driven Security

In this post, I would like to share about how AWS is driving security at different layers and how the innovative security services are shifting toward event-driven calls to action. Before diving deeper, I would like to share more about a few services from AWS – combining which – we can build an Event-Driven Security posture for your AWS Account.

  • CloudTrail – Repository for logging All API’s Call W.
  • CloudWatch- especially Cloud Watch Events
  • Event bridge – Cloud Watch Events V2
  • Guard Duty – A Cloud based IDS
  • Macie- ML bases Data Leak Protection
  • AWS Config – Assets history Manager
  • WAF – Serverless Layer 7 Firewall Service
  • Security Hub – One-stop shop for Entire Account Security.

All the above have play a role at different levels and a few of them may be combined to make a cloud native event-driven security architecture.

One of the most important layer, which can also be one of the weakest links in any organization are ‘Users’. AWS provides IAM Services which is User/Group/Permission store place. IAM provides Managed Policies – a set of permissions assigned to a User or Group. One concern can be that it could be very wide which may expose certain services to a user who is not supposed to take action or when the infrastructure belongs to another department of an organization.

I recommend using Cloudtrail along with Cloudwatch Events to strengthen the security of IAM access in real time.

Let us cover each service in detail:


Whatever we do in Cloud, under-the-hood, it is calling API’s of that service to perform the action. CloudTrail is the AWS service that records all the calls and can be queried to review actions. Logs can be stored in S3 for long-term retention, which helps for Audit and compliance purposes.

Cloudtrail integrates with CloudWatch Events to enable Event-driven security and quick calls to action, which may only be notification to relevant stakeholders or auto remediation of that action which can triggered by Lambda function.

Important thing to note is that Cloudtrail does not publish logs in real time so using CloudWatch Events, it is now possible to monitor specific API calls that occurred in account to take action.

Cloud Watch Events and Event Bridge

I want to cover both because although the underlying API is the same, Event Bridge is a new version of CloudWatch events. The idea of this service is to become a bridge between internal and external services to get data and take action according to the intelligent rule engine.

One limitation with Cloudwatch Events was that it supports fewer services and was restricted to only AWS services but with Event Bridge, it supports external services as well.

Guard Duty

This is one of the easiest service to enable and it is highly recommended. Setting up any IDS (Intrustion Detection System) can be a daunting task but with Guard Duty Service, your entire AWS Account will be covered to detect any bad actor trying to crack into your cloud infrastructure by detecting ping flood, SSH Brute force etc.

This service also works well with multiple AWS accounts – so if you are planning to setup a landing zone kind of architecture, then enable Guard Duty in your Central security account.


Handling PII data is always a tough task in the past and it can turn out be very expensive to handle. With services like AWS Macie, which is Machine Learning based, it can scan the AWS S3 buckets to give you information about anything related to Personal Information, Payment Information or other sensitive information which can be defined via rules.

This service will deliver a report and we can select the criticality level of Data. Right now, Macie only works with S3 and the API comes under the category of Data Leak Protection.

AWS Config

Cloud provides flexibility to change the infrastructure sizing at any point of time that is where the elasticity and real value of cloud lies. However, businesses need to follow their industry compliance standards under which, managing the entire history of infrastructure assets can be complex.

AWS Config released by AWS a few years ago, continuously checks the Infrastructure running in your account and monitors any change that takes place even in its supporting components. It records the entire lifecycle details of Infrastructure and can be integrated with AWS Lambda very well to achieve event-driven security.

Web Application Firewall (WAF)

Internet is open and vulnerable and so are web-facing applications. There are millions of web attacks happening every day and it may affect our business revenue if our applications and infrastructure are not ready to mitigate such attacks. WAF is a managed serverless service in AWS Portfolio. WAF can integrate with Application Load Balancer and can even work “on-the edge” when integrated with AWS Cloudfront (CDN service) which is implemented on

It is capable to handle millions of hits per second with its intelligent rule engine to scan and block malicious traffic. OWASP top 10 attacks can be mitigated by using WAF in your Web facing application.

Cloud Infrastructure

Security Hub

This service is relatively new but it is gaining maturity with time. The idea is to test you AWS Account against industry specific compliances. For example, if you want to build your Infrastructure for following PCI (Payment Card Industry), then this can be a one-stop scan to check if you are missing any critical points.

Security Hub is integrated with AWS Inspector which checks the CVE’s of OS and Applications (few tech stacks) and gives us central view of our account.

Final Word on Cloud Infrastructure with AWS Event-Driven Security

Security is everyone’s responsibility and regardless of the scale of the organization, it should be considered seriously. There are many other services, which can be used to secure your AWS environment.

I hope this article helped you to understand the idea of Cloud Infrastructure with AWS Event-Driven Security and all can be utilized with a ‘pay-as-you-go’ cloud pricing model.

So don’t wait! Let us start implementing the required security protocols in your account. Contact Us and our team at Cloud Kinetics for Cloud Infrastructure with AWS will be happy to perform a Security Assessment of your account and recommend the optimal security approach.

Follow us on LinkedIn for more updates on Cloud Infrastructure.

Chirag Nayyar is a Cloud Enthusiast and works as a Sales Specialist at Cloud Kinetics. He holds multiple cloud certifications from AWS, Microsoft and GCP. He is a public speaker and has a passion to mentor younger cloud aspirants.

Want to achieve similar results?

Talk to our Cloud Experts today!

Recent Posts

How to Choose Between Public, Private and Hybrid Clouds

How to Choose Between Public, Private and Hybrid Clouds

Shifting to the cloud is a fundamental step in the digitalisation of businesses, and it is gaining steam. In 2021, the cloud system infrastructure services (IaaS) segment is forecast to grow by almost 27 percent in 2021 compared to 2020, while the public cloud...

read more
Best Practices for Working with Managed Service Providers

Best Practices for Working with Managed Service Providers

As mandated lockdowns and limited physical interaction persist during the COVID-19 pandemic, businesses are adapting by going digital and generating exponentially more virtual data as a result. To cope with the increased demand for IT expertise, more businesses are...

read more
Using Big Data Analytics to Know Your Customers Better

Using Big Data Analytics to Know Your Customers Better

Today, customers expect more than a good product or service – they want businesses to understand them, know them, and deliver a truly personalised experience. To stay relevant, businesses are collecting and storing more data about customer habits and preferences,...

read more