Modern applications are being deployed on cloud. In my day to day experience as a security engineer I have noticed that most applications deployed on cloud are vulnerable to security issues either due to a misconfiguration in the cloud service being used or vulnerability in the deployed application itself. These security issues could have been avoided if the applications have used the security mechanisms provided by cloud providers. In this talk we will look at AWS security services that we can leverage to protect the modern applications against common web applications vulnerability attacks. I will explain how cloud services can be mapped to OWASP Top 10 security risks. The talk will start with mentioning some lesser known cloud security attacks and then it explains how AWS services can be mapped to OWASP Top 10 to prevent these attacks. We will look at how IAM, Data Protection, Infrastructure security and monitoring can help prevent modern applications from common web application vulnerability attacks. By the end of this talk, the audience will have learnt a unique approach towards using cloud services when deploying their application on to the cloud. Audience will have learnt about most of the lesser known attacks and defense techniques against these cloud based applications.