AWS Security must have
Vulnarability Management
Involves identifying, assessing, prioritizing, and mitigating vulnerabilities in your cloud infrastructure, applications, and services. AWS provides several tools and services that can help you effectively manage vulnerabilities. Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure. Also read Utilizing AWS Security Hub for vulnarability management
Threat Detection
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
Security Posture
Security Lake will centralize and visuvalize security data across your entire organization. You can also improve the protection of your workloads, applications, and data. Security Lake has adopted the Open Cybersecurity Schema Framework (OCSF), an open standard. With OCSF support, the service normalizes and combines security data from AWS and a broad range of enterprise security data sources.
Security Config
AWS Config continually assesses, audits, and evaluates the configurations and relationships of your resources on AWS, on premises, and on other clouds.
Audit Trail
AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
Firewall
AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations. As new applications are created, Firewall Manager makes it easier to bring new applications and resources into compliance by enforcing a common set of security rules.
WAF
AWS WAF helps you protect against common web exploits, bots and DDOS that can affect availability, compromise security, or consume excessive resources.
Also see AWSWAF best practices