AWS KMS, or AWS Key Management Service, protects your application data using cryptographic keys.
A cryptographic key is a sequence of characters used for encrypting or decrypting data, where encryption locks the data and decryption unlocks it.
You have full control over your keys and can grant IAM users the ability to manage AWS KMS keys.
AWS WAF, or AWS Web Application Firewall, monitors network requests to your application.
It can allow or block incoming network traffic.
AWS WAF uses ACLs (web access control lists) to determine whether to permit or deny network traffic.
Amazon Inspector enhances application security and compliance by scanning for software versions and other vulnerabilities.
It provides a report detailing all security issues along with recommended solutions for your application.
Amazon GuardDuty is a threat detection service that identifies threats to AWS resources and infrastructure by continuously monitoring network activity.
Similar to Amazon Inspector, it reports detected threats and provides recommendations for remediation.