Noise

Search
Skip to content
  • Home
  • About

Introducing SRA Verify – an AWS Security Reference Architecture assessment tool

2025-07-22 Jeremy Schiefer

Post Syndicated from Jeremy Schiefer original https://aws.amazon.com/blogs/security/introducing-sra-verify-an-aws-security-reference-architecture-assessment-tool/

The AWS Security Reference Architecture (AWS SRA) provides prescriptive guidance for deploying AWS security services in a multi-account environment. However, validating that your implementation aligns with these best practices can be challenging and time-consuming.

Today, we’re announcing the open source release of SRA Verify, a security assessment tool that helps you assess your organization’s alignment to the AWS SRA.

The AWS SRA is a holistic set of guidelines for deploying the full complement of AWS security services in a multi-account environment. You can use it to design, implement, and manage AWS security services so that they align with AWS recommended practices. The recommendations are built around a single-page architecture that includes AWS security services—how they help achieve security objectives, where they can be best deployed and managed in your AWS accounts, and how they interact with other security services. This overall architectural guidance complements detailed, service-specific recommendations such as those found in AWS Security Documentation.

SRA Verify directly maps to these recommendations by providing automated checks that validate your implementation against the AWS SRA guidance. The tool helps you verify that security services are properly configured according to the reference architecture. To assist with remediation and implementing the guidance in the AWS SRA, review the infrastructure as code (IaC) examples in the AWS Security Reference Architecture Github repo.

SRA Verify includes checks across multiple AWS services including AWS CloudTrail, Amazon GuardDuty, AWS IAM Access Analyzer, AWS Config, AWS Security Hub, Amazon Simple Storage Service (Amazon S3), Amazon Inspector, and Amazon Macie. We plan to expand its capabilities over time to cover additional AWS security services and evolving AWS SRA best practices. To contribute to SRA Verify, review the Contributing Guidelines on Github.

If you have any feedback about this post, submit comments in the Comments section below.
 

Jeremy Schiefer
Jeremy Schiefer

Jeremy is a Principal Security Specialist at Amazon Web Services. He helps customers improve their cloud security posture by using data and recommendations to adopt AWS security best practices and services, enabling them to better protect against, prevent, and respond to cyber threats.
Matt Nispel
Matt Nispel

Matt is an Enterprise Solutions Architect at AWS. He has more than 10 years of experience building cloud architectures for large enterprise companies. At AWS, Matt helps customers rearchitect their applications to take full advantage of the cloud. Matt lives in Minneapolis, Minnesota, and in his free time enjoys spending time with friends and family.
Justin Kontny
Justin Kontny

Justin is a Sr. Security Engineer at AWS who combines his passion for software development with expertise in cloud security. He focuses on transforming security from a barrier to a business enabler through innovative AI-driven automation. When not pushing the boundaries of cloud security, Justin enjoys time with his children and being active outdoors.
announcementsassessmentAWS Security Reference ArchitectureFoundational (100)Multi-account securitysecuritySecurity BlogSecurity, Identity & ComplianceSRATools

Post navigation

Previous PostComic for 2025.07.22 – COUGH COUGHNext PostInside the NVIDIA Cedar Module with 1.6Tbps of Networking Capacity

The collective thoughts of the interwebz

Contributors

  • Rapid7 Cybersecurity Blog
  • The Cloudflare Blog
  • Armed and Dangerous
  • arp242.net
  • AWS Architecture Blog
  • AWS Big Data Blog
  • AWS Compute Blog
  • AWS DevOps & Developer Productivity Blog
  • AWS Messaging Blog
  • AWS News Blog
  • AWS Security Blog
  • Backblaze Blog | Cloud Storage & Cloud Backup
  • BeardedTinker
  • Birata.Info
  • Bivol!
  • Bozho's tech blog
  • Bradley M. Kuhn's Blog ( bkuhn )
  • Crosstalk Solutions
  • Curious Droid
  • Darknet – Hacking Tools, Hacker News & Cyber Security
  • Delian’s Tech blog
  • Devil’s Advocate Security
  • digiblur DIY
  • Errata Security
  • Explosm.net
  • fuzzy notepad
  • Geographics
  • Grab Tech
  • Grigor Gatchev – A Weblog
  • Home Assistant
  • IBM 360 Model 20 Rescue and Restoration
  • Joel on Software
  • KENDOV.COM
  • LastWeekTonight
  • laur.ie's blog
  • lcamtuf’s old blog
  • Let's Encrypt
  • LGR
  • LWN.net
  • Matt Granger
  • Matthew Garrett
  • Monty says
  • Nebosystems Ltd
  • Netflix TechBlog – Medium
  • NTPsec Project Blog
  • Oglaf! — Comics. Often dirty.
  • Pid Eins
  • Prometheus Blog
  • Raspberry Pi Foundation blog: news, announcements, stories, ideas
  • Schneier on Security
  • ServeTheHome
  • Show Notes
  • Sprites mods
  • Talks at Google
  • Techmoan
  • Technology Connextras
  • The Atlantic
  • The Codeless Code
  • The History Guy: History Deserves to Be Remembered
  • The Hook Up
  • The latest from GitHub’s engineering team – The GitHub Blog
  • turnoff.us
  • xkcd.com
  • Yahoo Engineering
  • yovko in a nutshell
  • Zabbix Blog
  • БЛОГодаря
  • Блогът на Делян Делчев
  • Блогът на Юруков
  • Дневникът на Георги
  • Дни
  • Како Сийке, не съм от тях!
  • Кътчето на Селин
  • Неосъзнато
  • татко Крокодил
  • Тоест

Tags

Advanced (300) AI Amazon EC2 Amazon QuickSight Amazon Redshift Amazon Simple Storage Service (S3) Analytics announcements Architecture artificial intelligence AWS AWS Glue AWS Lambda AWS re:Invent B2Cloud Best practices Cloud Storage comics Customer Solutions cybersecurity devops Engineering Featured Foundational (100) generative AI intel Intermediate (200) launch networking news Product News Projects research security Security, Identity & Compliance Security Blog serverless squid storage Technical How-to Uncategorized България Водещи Политика общество
Proudly powered by Ants
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}