The primary goal of information security is to protect data, which of course entails protecting the resources that store and provide access to that data. To effectively protect data, Amazon Web Services (AWS) architects need to ensure three elements of the data: confidentiality, integrity, and availability. This chapter examines how to apply security controls to every system that touches architects' data—storage, compute, and networking—to ensure the confidentiality, integrity, and availability of their data throughout its life cycle. Security in AWS begins with the foundation of identity, which is managed by the Identity and Access Management service. AWS offers a number of detective controls that can keep a record of the events that occur in architects' AWS environment, as well as alert them to security incidents or potential threats. AWS Firewall Manager is a one‐stop shop for configuring and applying a consistent set of security rules across architects' AWS Organizations.