🟪 Layer 1 — Edge Entry

Route 53 + API Gateway

  • IAM Auth
  • Throttling
  • Schema Validation

CloudFront (CDN)

  • Geo-blocking
  • Signed URLs
  • Origin Shield

WAF

  • OWASP Rules
  • Rate-based Rules
  • IP Reputation

Shield Advanced

  • DDoS Protection
  • Anomaly Detection
🟦 Layer 2 — Perimeter Routing

ALB

  • WAF Integration
  • TLS Termination

VPC Subnets

  • Public/Private Separation
  • NACLs

Security Groups

  • Least Privilege Enforcement

Verified Access

  • Device Trust
  • User Identity Checks
🟩 Layer 3 — Service & Governance

ECS / EKS Services

  • App Logic
  • IAM Roles

ElastiCache / RDS

  • Encryption
  • Patching
  • IAM Auth

CodePipeline

  • SAST
  • SCA
  • IaC Gates

Systems Manager + CloudWatch

  • Automation Docs
  • Drift Alerts

Audit Manager + Config

  • Control Packs
  • SLA Dashboards
Story Mode Off
Toggle 'Show Metaphor' for comedic, memorable metaphors; use Async Flow for non-blocking animations.