Implement encryption in transit (for example, AWS Certificate Manager [ACM], VPN).
Implement cost allocation tags.
Configure Amazon EventBridge rules to invoke actions.
Implement encryption at rest (for example, AWS Key Management Service [AWS KMS]).
Create and manage AMIs (for example, EC2 Image Builder).
Troubleshoot hybrid and private connectivity issues.
Troubleshoot or take corrective actions based on notifications and alarms.
Create, manage, and protect encryption keys.
Perform disaster recovery procedures.
Identify and remediate CloudFront caching issues.
Configure notifications (for example, Amazon Simple Notification Service [Amazon SNS], Service Quotas, CloudWatch alarms, AWS Health events).
Enforce a data classification scheme.
Configure Amazon S3 Cross-Region Replication (CRR).
Collect and interpret logs (for example, VPC Flow Logs, ELB access logs, AWS WAF web ACL logs, CloudFront logs).
Create CloudWatch dashboards.
Implement versioning and lifecycle rules.