本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 资源
<a name="resources"></a>

## AWS 文档
<a name="resources-aws-documentation"></a>
+ [AWS 安全参考架构 (AWS SRA)](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/)
+ [AWS CAF 安全视角](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/aws-caf-security-perspective.html)
+ [安全性、身份和合规性最佳实践](https://aws.amazon.com/architecture/security-identity-compliance/)
+ 开启自动安全响应 AWS （AWS 解决方案）
  + [解决方案登录页面](https://aws.amazon.com/solutions/implementations/automated-security-response-on-aws/)
  + [实施指南](https://docs.aws.amazon.com/solutions/latest/automated-security-response-on-aws/welcome.html)

## AWS 博客文章
<a name="resources-aws-blog"></a>
+ [身份指南 — 使用 AWS 身份进行预防性控制 — SCPs](https://aws.amazon.com/blogs/mt/identity-guide-preventive-controls-with-aws-identity-scps)
+ [如何为 AWS Organizations中的账户实施只读服务控制策略（SCP）](https://aws.amazon.com/blogs/mt/implement-read-only-service-control-policy-in-aws-organizations/)
+ [多账户环境中 AWS Organizations 服务控制策略的最佳实践](https://aws.amazon.com/blogs/industries/best-practices-for-aws-organizations-service-control-policies-in-a-multi-account-environment/)
+ [使用服务控制策略保持合规，并确保始终应用这些策略](https://aws.amazon.com/blogs/mt/maintain-compliance-using-service-control-policies-and-ensure-they-are-always-applied/)
+ [何时何地使用 IAM 权限边界](https://aws.amazon.com/blogs/security/when-and-where-to-use-iam-permissions-boundaries/)
+ [使用 AWS CloudFormation 钩子主动确保资源安全和合规](https://aws.amazon.com/blogs/mt/proactively-keep-resources-secure-and-compliant-with-aws-cloudformation-hooks/)

## 其他资源
<a name="resources-other"></a>
+ [云控制矩阵（CCM）](https://cloudsecurityalliance.org/research/cloud-controls-matrix/)（云安全联盟）
+ [权限边界示例](https://github.com/aws-samples/example-permissions-boundary) (GitHub)