# AWS

**Activity Logs & Alerts:**

* CloudTrail Logs ( full reference [here](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference.html) )
* GuardDuty Findings & Alerts (If enabled)<br>

**Identities and their profile information & Configuration**

* Users (SSO & Locally Managed)&#x20;
* Groups
* Roles
* Policies
* SAML\OpenID Providers
* Access Advisor Information  &#x20;

{% hint style="info" %}
Note that Assets Configuration & Discovery is Optional and can be disabled
{% endhint %}

**Assets Configuration** - The existence of the resource and its configuration (with no data access)&#x20;

* ACM - Certificates
* API Gateway Resources (V1\V2)
* AutoScaling Resources
* CloudFormation Stacks
* CloudFront Resources
* CloudTrail Settings
* Cognito Identity Pools
* DocDB Resources
* DynamoDB Resources
* EC2 & Networking Resources
* ECR Resources
* ECS\EKS Resources
* ElasticCache Resources
* Elastic Load Balancer Resources (V1\V2)
* GuardDuty Alerts and Detectors
* Kafka (MSK, KafkaConnect) Resources
* Lambda Functions & Layers
* Log Groups
* Neptune Databases
* Organizational Structures & Account Owners
* Security Hub Controls & Findings
* SNS, SQS Resources
* SSM Commands & Agents
* WAF  (V1\V2)
* Workspaces Resources
* RDS Resources
* Route53
* S3 Buckets
* Secrets Manager (The existence of secret, no access to the secret itself)
* SES (v1\v2)