VPC Flow Logs allows you to capture metadata about the traffic flowing in and out of networking interfaces within a VPC.
Amazon CloudTrail
CloudTrail is a governance, compliance, risk management, and auditing service that records account activity within an AWS account. Any actions taken by users, roles, or AWS services are recorded to the service. Activity is recorded as a CloudTrail event, and by default you can view 90 days via event history.
Amazon CloudWatch
CloudWatch is a service that provides near real-time monitoring of AWS products. In essence, it’s a metrics repository. You can import custom metric data in real-time from some AWS services and on-premises platforms.
AWS Systems Manager
Systems Manager helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems.
AWS CloudFormation
CloudFormation is an Infrastructure as Code (IaC) product — you can create manage, and remove infrastructure using JSON or YAML. CloudFormation is effective if you frequently deploy the same infrastructure or you require guaranteed consistent configuration.