Live Tour of the AWS Console

This video walks through the AWS Management Console with GRC-relevant services highlighted. No hands-on work — just a guided tour so you know what you are looking at when an engineer shares their screen or when you need to pull evidence for an audit.

Services covered

IAM Dashboard

Where users, roles, and policies live. The credential report (downloadable CSV of all users, MFA status, key age) is the single most-requested piece of SOC 2 evidence. You will pull this report dozens of times in your career.

S3 Console

Bucket settings, encryption configuration, public access block, versioning, and access logging. S3 misconfigurations are the most common cloud security finding — an open bucket is a headline.

CloudTrail

The audit log for every API call in the account. Event history lets you answer "who did what, when" — the question auditors ask most often. Trail configuration shows whether logs are encrypted and centralized.

AWS Config

Compliance rules that continuously evaluate resource configurations. Config rules are the closest thing AWS offers to automated compliance checking. Non-compliant resources surface immediately.

Security Hub

Aggregated security findings from Config, GuardDuty, Inspector, and third-party tools. The single-pane view that a GRC Engineer checks weekly. CIS Benchmark scores live here.

Organizations

Multi-account structure, organizational units (OUs), and service control policies (SCPs). Understanding the account hierarchy tells you where guardrails are enforced and where they are not.