Security auditing
AWS offers some good tools to help you keep your security policies in shape. Those will provide you with detailed audit reports including advice on how to improve any potential risk areas. In addition, you can configure service logs, so you get a better understanding what goes on within your deployment or AWS account as a whole.
VPC Flow Logs
This service lets you capture information about the network traffic flowing through a VPC. The generated logs (unfortunately not quite real-time yet) contain src/dst port, src/dst address, protocol and other related details (for a full list please see: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html#flow-log-records). Apart from making for some pretty cool graphs to help identify network bottlenecks, the data can also be used for spotting unusual behavior. You could, for example, devise an in-house IDS by parsing the Flow Logs and forwarding any suspicious entries to your monitoring solution.
In the VPC Console,...
