How to secure an AWS account
Sujith Rajendran
Cloud Infrastructure Architect | Cloud Consultant | Coach | Mentor |
#aws
This article will describe how to secure an AWS account.
We should enable multifactor authentication (MFA) for the root user in AWS account .It is important because the root user can perform sensitive operations in your account, so you need to add an additional layer of authentication.
It is never a good idea to share root credentials with anyone. Implement IAM for each individual user.4. Make sure the root account hardware MFA device is kept in a secure location. Assign permissions to IAM users using groups. Enable multi-factor authentication for privileged users. Use IAM roles to grant access across accounts. Whenever possible, assign permissions based on AWS policies. Access levels are useful for reviewing IAM permissions.Remove the root credentials. Rotate credentials regularly.Use IAM roles to delegate access to AWS resources.
Audit IAM users and its polices frequently .Need to ensure that IAM users have most restrictive policies and the least privileges assigned.Create a billing alarm to reveal your envisioned AWS fees to obtain automatic notifications whilst your invoice exceeds thresholds you define.
Create a path on your AWS account to song what credentials are used to provoke unique API calls and whilst they`re used.Activate resource-degree logging (for example, at the example or OS degree) and Amazon S3 default bucket encryption.Activate Amazon GuardDuty on your AWS account in all supported Regions.