SlideShare a Scribd company logo

AWS Account Security Checklist

Download as PPTX, PDF
N
Ninad Gupte

Get Instant Access: http://pxlme.me/e_dPhN4c This 17-point checklist makes sure your AWS account is not misused. AWS Security starts with protecting your AWS Account. Overlooking the account security can lead to a compromise of data, and theft of resources. Use it and stay safe!

Technology
1 of 19
Author Ninad Gupte AWS Account Security Checklist
AWS Account Security Checklist #1 Store your AWS Account root User and Password safely • For storing your root account credentials, use a password management applications, such as LastPass, KeePass, Dashlane. Etc.
AWS Account Security Checklist #2 Create a password policy • Define password requirements, such as minimum length, whether it requires non-alphabetic characters, how frequently it must be rotated, and so on.
AWS Account Security Checklist # 3 If you have created Access Key for your root account, delete it unless you absolutely need it • You will seldom need to access any AWS service using access keys of the root account. If you do, there could be a serious security flaw in your AWS architecture.
AWS Account Security Checklist # 4 Enable AWS multi-factor on your root account • With MFA enabled, users must provide both their normal credentials (like their user name and password) and the OTP.
AWS Account Security Checklist # 5 Create IAM users for AWS console access • With MFA enabled, users must provide both their normal credentials (like their user name and password) and the OTP.
AWS Account Security Checklist # 6 Do not share access credentials among users • Best practice is to create individual IAM users for each person that needs to access services and resources in your AWS account to increase your AWS account security.
AWS Account Security Checklist # 7 Use IAM groups to assign permissions to IAM users • Create a IAM group and assign the relevant common permissions to this account and add users to that group who need access to AWS Console.
AWS Account Security Checklist # 8 Use AWS Defined Policies wherever possible • Use standard set of AWS defined policies as far as possible, instead of creating your own policies. This helps to maintain and manage security as per best practices.
AWS Account Security Checklist # 9 Grant least privilege • Start with a minimum set of permissions and grant additional permissions as necessary.
AWS Account Security Checklist # 10 Create separate IAM user for IAM management • Create a separate IAM user whose only role is IAM user management.
AWS Account Security Checklist # 11 Use Access Levels to Review IAM Permissions • AWS categorizes each service action into one of four access levels based on what each action does: 1. List 2. Read 3. Write 4. Permissions management. • You can use these access levels to determine which actions to include in your policies.
AWS Account Security Checklist # 12 Use Roles for Applications That Run on Amazon EC2 Instances • Instead of hardcoding AWS credentials, keys into the application source code repository use IAM roles and assign them to the applications that runs on an Amazon EC2 instance.
AWS Account Security Checklist # 13 Use Roles to Delegate Permissions • Don't share security credentials between accounts to allow users from another AWS account to access resources in your AWS account. Instead, use IAM roles.
AWS Account Security Checklist # 14 Rotate Access Credentials regularly • Change your own passwords and access keys regularly, and make sure that all IAM users in your account do as well.
AWS Account Security Checklist # 15 Remove Unnecessary Credentials • Find unused passwords or access keys using the console, using the API, or by downloading the credentials report and remove such unused credentials to improve the security of your AWS account.
AWS Account Security Checklist # 16 Use Policy Conditions for Extra Security • Wherever possible, define the conditions under which your IAM policies allow access to a resource. For example, you can write conditions to specify a range of allowable IP addresses that a request must come from.
AWS Account Security Checklist # 17 Monitor Activity in Your AWS Account • Use logging features in AWS to determine the actions users have taken in your account and the resources that were used.
AWS Account Security Checklist Thank you! Ninad Gupte ninad@interpole.net www.interpole.net

Recommended

AWS Atlanta Meetup - June 19 - AWS organizations - Account Structure
AWS Atlanta Meetup - June 19 - AWS organizations - Account StructureAWS Atlanta Meetup - June 19 - AWS organizations - Account Structure
AWS Atlanta Meetup - June 19 - AWS organizations - Account StructureAdam Book
 
(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon Alexa(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon AlexaAmazon Web Services
 
Cross-Account Delegation in AWS
Cross-Account Delegation in AWSCross-Account Delegation in AWS
Cross-Account Delegation in AWSJames Wing
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
Federation
FederationFederation
FederationAmazon Web Services
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionErnest Chiang
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
Easily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesEasily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesAmazon Web Services
 

Recommended

AWS Atlanta Meetup - June 19 - AWS organizations - Account Structure
AWS Atlanta Meetup - June 19 - AWS organizations - Account StructureAWS Atlanta Meetup - June 19 - AWS organizations - Account Structure
AWS Atlanta Meetup - June 19 - AWS organizations - Account StructureAdam Book
 
(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon Alexa(MBL301) Creating Voice Experiences Using Amazon Alexa
(MBL301) Creating Voice Experiences Using Amazon AlexaAmazon Web Services
 
Cross-Account Delegation in AWS
Cross-Account Delegation in AWSCross-Account Delegation in AWS
Cross-Account Delegation in AWSJames Wing
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
Federation
FederationFederation
FederationAmazon Web Services
 
AWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionAWS IAM -- Notes of 20130403 Doc Version
AWS IAM -- Notes of 20130403 Doc VersionErnest Chiang
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
Easily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesEasily Govern and Audit your AWS Resources
Easily Govern and Audit your AWS ResourcesAmazon Web Services
 
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014Amazon Web Services
 
Best of reI:nvent Tel Aviv 2015 - Keynote
Best of reI:nvent Tel Aviv 2015 - KeynoteBest of reI:nvent Tel Aviv 2015 - Keynote
Best of reI:nvent Tel Aviv 2015 - KeynoteAmazon Web Services
 
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMBrandon Wells
 
Federation
Federation Federation
Federation Amazon Web Services
 
AWS Storage services
AWS Storage servicesAWS Storage services
AWS Storage servicesNagesh Ramamoorthy
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM IntroductionAmazon Web Services
 
(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...
(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...
(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...Amazon Web Services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Amazon Web Services
 
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014Amazon Web Services
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennaivinoth kumar
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
Hands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSync
Hands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSyncHands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSync
Hands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSyncAmazon Web Services
 
Building Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar SeriesBuilding Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar SeriesAmazon Web Services
 
Integrating with Aws s3
Integrating with Aws s3Integrating with Aws s3
Integrating with Aws s3NeerajKumar1965
 
Manage Security & Compliance of Your AWS Account using CloudTrail
Manage Security & Compliance of Your AWS Account using CloudTrailManage Security & Compliance of Your AWS Account using CloudTrail
Manage Security & Compliance of Your AWS Account using CloudTrailCloudlytics
 
Aws IAM
Aws IAMAws IAM
Aws IAMChamali Liyanage
 
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...Amazon Web Services
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your ResourcesAmazon Web Services
 

More Related Content

What's hot

(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014Amazon Web Services
 
Best of reI:nvent Tel Aviv 2015 - Keynote
Best of reI:nvent Tel Aviv 2015 - KeynoteBest of reI:nvent Tel Aviv 2015 - Keynote
Best of reI:nvent Tel Aviv 2015 - KeynoteAmazon Web Services
 
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Amazon Web Services
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMBrandon Wells
 
(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...
(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...
(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...Amazon Web Services
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Amazon Web Services
 
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014Amazon Web Services
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennaivinoth kumar
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
Hands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSync
Hands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSyncHands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSync
Hands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSyncAmazon Web Services
 
Building Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar SeriesBuilding Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar SeriesAmazon Web Services
 
Manage Security & Compliance of Your AWS Account using CloudTrail
Manage Security & Compliance of Your AWS Account using CloudTrailManage Security & Compliance of Your AWS Account using CloudTrail
Manage Security & Compliance of Your AWS Account using CloudTrailCloudlytics
 

What's hot (20)

(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
(SEC310) Integrating AWS with External Identity Management | AWS re:Invent 2014
 
Best of reI:nvent Tel Aviv 2015 - Keynote
Best of reI:nvent Tel Aviv 2015 - KeynoteBest of reI:nvent Tel Aviv 2015 - Keynote
Best of reI:nvent Tel Aviv 2015 - Keynote
 
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
 
Federation
Federation Federation
Federation
 
AWS Storage services
AWS Storage servicesAWS Storage services
AWS Storage services
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...
(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...
(SEC304) Bring Your Own Identities – Federating Access to Your AWS Environmen...
 
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019 Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
Achieving security goals with AWS CloudHSM - SDD333 - AWS re:Inforce 2019
 
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennai
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
Hands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSync
Hands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSyncHands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSync
Hands-On Lab: Building a Serverless Real-Time Chat Application with AWS AppSync
 
Building Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar SeriesBuilding Serverless Chat Bots - AWS August Webinar Series
Building Serverless Chat Bots - AWS August Webinar Series
 
Integrating with Aws s3
Integrating with Aws s3Integrating with Aws s3
Integrating with Aws s3
 
Manage Security & Compliance of Your AWS Account using CloudTrail
Manage Security & Compliance of Your AWS Account using CloudTrailManage Security & Compliance of Your AWS Account using CloudTrail
Manage Security & Compliance of Your AWS Account using CloudTrail
 
Aws IAM
Aws IAMAws IAM
Aws IAM
 

Similar to AWS Account Security Checklist

SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...Amazon Web Services
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your ResourcesAmazon Web Services
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and securityErik Paulsson
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
Security Best Practices - Hebrew Webinar
Security Best Practices - Hebrew WebinarSecurity Best Practices - Hebrew Webinar
Security Best Practices - Hebrew WebinarAmazon Web Services
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management ServicesNagesh Ramamoorthy
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesIan Massingham
 
Security Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackSecurity Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackIan Massingham
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 

Similar to AWS Account Security Checklist (20)

SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
SEC309 Secure Your Cloud Investment: Mastering AWS Identity Access Management...
 
Controlling Access to your Resources
Controlling Access to your ResourcesControlling Access to your Resources
Controlling Access to your Resources
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
AWS IAM and security
AWS IAM and securityAWS IAM and security
AWS IAM and security
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
 
Security Best Practices - Hebrew Webinar
Security Best Practices - Hebrew WebinarSecurity Best Practices - Hebrew Webinar
Security Best Practices - Hebrew Webinar
 
AWS deployment and management Services
AWS deployment and management ServicesAWS deployment and management Services
AWS deployment and management Services
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Security Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackSecurity Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management Track
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
 
AWS core services
AWS core servicesAWS core services
AWS core services
 
Security & Compliance (Part 1)
Security & Compliance (Part 1)Security & Compliance (Part 1)
Security & Compliance (Part 1)
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
Security best practices
Security best practices Security best practices
Security best practices
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
 
Implementing the Top 10 AWS Security Best Practices
Implementing the Top 10 AWS Security Best PracticesImplementing the Top 10 AWS Security Best Practices
Implementing the Top 10 AWS Security Best Practices
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 

Recently uploaded

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Recently uploaded (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 

AWS Account Security Checklist

  • 1. Author Ninad Gupte AWS Account Security Checklist
  • 2. AWS Account Security Checklist #1 Store your AWS Account root User and Password safely • For storing your root account credentials, use a password management applications, such as LastPass, KeePass, Dashlane. Etc.
  • 3. AWS Account Security Checklist #2 Create a password policy • Define password requirements, such as minimum length, whether it requires non-alphabetic characters, how frequently it must be rotated, and so on.
  • 4. AWS Account Security Checklist # 3 If you have created Access Key for your root account, delete it unless you absolutely need it • You will seldom need to access any AWS service using access keys of the root account. If you do, there could be a serious security flaw in your AWS architecture.
  • 5. AWS Account Security Checklist # 4 Enable AWS multi-factor on your root account • With MFA enabled, users must provide both their normal credentials (like their user name and password) and the OTP.
  • 6. AWS Account Security Checklist # 5 Create IAM users for AWS console access • With MFA enabled, users must provide both their normal credentials (like their user name and password) and the OTP.
  • 7. AWS Account Security Checklist # 6 Do not share access credentials among users • Best practice is to create individual IAM users for each person that needs to access services and resources in your AWS account to increase your AWS account security.
  • 8. AWS Account Security Checklist # 7 Use IAM groups to assign permissions to IAM users • Create a IAM group and assign the relevant common permissions to this account and add users to that group who need access to AWS Console.
  • 9. AWS Account Security Checklist # 8 Use AWS Defined Policies wherever possible • Use standard set of AWS defined policies as far as possible, instead of creating your own policies. This helps to maintain and manage security as per best practices.
  • 10. AWS Account Security Checklist # 9 Grant least privilege • Start with a minimum set of permissions and grant additional permissions as necessary.
  • 11. AWS Account Security Checklist # 10 Create separate IAM user for IAM management • Create a separate IAM user whose only role is IAM user management.
  • 12. AWS Account Security Checklist # 11 Use Access Levels to Review IAM Permissions • AWS categorizes each service action into one of four access levels based on what each action does: 1. List 2. Read 3. Write 4. Permissions management. • You can use these access levels to determine which actions to include in your policies.
  • 13. AWS Account Security Checklist # 12 Use Roles for Applications That Run on Amazon EC2 Instances • Instead of hardcoding AWS credentials, keys into the application source code repository use IAM roles and assign them to the applications that runs on an Amazon EC2 instance.
  • 14. AWS Account Security Checklist # 13 Use Roles to Delegate Permissions • Don't share security credentials between accounts to allow users from another AWS account to access resources in your AWS account. Instead, use IAM roles.
  • 15. AWS Account Security Checklist # 14 Rotate Access Credentials regularly • Change your own passwords and access keys regularly, and make sure that all IAM users in your account do as well.
  • 16. AWS Account Security Checklist # 15 Remove Unnecessary Credentials • Find unused passwords or access keys using the console, using the API, or by downloading the credentials report and remove such unused credentials to improve the security of your AWS account.
  • 17. AWS Account Security Checklist # 16 Use Policy Conditions for Extra Security • Wherever possible, define the conditions under which your IAM policies allow access to a resource. For example, you can write conditions to specify a range of allowable IP addresses that a request must come from.
  • 18. AWS Account Security Checklist # 17 Monitor Activity in Your AWS Account • Use logging features in AWS to determine the actions users have taken in your account and the resources that were used.
  • 19. AWS Account Security Checklist Thank you! Ninad Gupte ninad@interpole.net www.interpole.net