In this chapter, we quickly went through some of the industry best practices that have been tried and tested, are easy to implement, and should be followed at all times. We then understood how AWS Trusted Advisor is a service that is based upon AWS best practices within your environment and covers not only security best practices but also those focused on cost optimization, performance, fault tolerance, and service limits. However, depending on your support plan, not all of the checks within Trusted Advisor may be available. Finally, we looked at the dos and don'ts for the policies that must be followed, to ensure that you do not breach any security procedures set out by AWS when pentesting.
In the next chapter, we will be looking at AWS Key Management Service, known as KMS, and CloudHSM, which are two services used to manage encryption keys. Therefore, the next chapter will be very much focused on data protection using different encryption mechanisms.