Best practices in implementing AWS security
Typically, you will start with basic security measures in place and then rapidly iterate from there to improve your overall cloud security model and/or implementation. Before designing any of your security solutions, you will need to identify and then classify (into high/medium/low categories) the assets you need to protect. This is often a non-trivial undertaking in large enterprises. Assets related data is typically entered manually in most organizations and it relies heavily on human accuracy. Capturing this data programmatically results in better efficiency and accuracy. Integrate AWS Describe APIs with your existing enterprise asset management systems and include your CloudFormation templates or scripts as artifacts in your configuration management database to get a better handle on your cloud assets.
In order to get off the ground faster, take full advantage of everything that is provided out of the box by AWS, whether it is security groups...