- AWS provides built-in security controls that customers don't need to manage themselves, like security groups and IAM. - The Cloud Adoption Framework helps customers adapt existing practices or introduce new practices for cloud computing across five core security capabilities: identity and access management, detective controls, infrastructure security, data protection, and incident response. - AWS services like CloudTrail, Config, Inspector, and Flow Logs provide detective controls to monitor activity and configuration changes. Services like OpsWorks, Shield, and WAF help secure infrastructure. Key Management Service, CloudHSM, and Certificate Manager help protect data. CloudWatch Events and Lambda can automate incident response.