Get Instant Access: http://pxlme.me/e_dPhN4c
This 17-point checklist makes sure your AWS account is not misused. AWS Security starts with protecting your AWS Account. Overlooking the account security can lead to a compromise of data, and theft of resources. Use it and stay safe!
2. AWS Account Security Checklist
#1 Store your AWS Account root User and Password
safely
• For storing your root account credentials, use a password management
applications, such as LastPass, KeePass, Dashlane. Etc.
3. AWS Account Security Checklist
#2 Create a password policy
• Define password requirements, such as minimum length, whether it requires
non-alphabetic characters, how frequently it must be rotated, and so on.
4. AWS Account Security Checklist
# 3 If you have created Access Key for your root
account, delete it unless you absolutely need it
• You will seldom need to access any AWS service using access keys of the root
account. If you do, there could be a serious security flaw in your AWS
architecture.
5. AWS Account Security Checklist
# 4 Enable AWS multi-factor on your root account
• With MFA enabled, users must provide both their normal credentials (like their
user name and password) and the OTP.
6. AWS Account Security Checklist
# 5 Create IAM users for AWS console access
• With MFA enabled, users must provide both their normal credentials (like their
user name and password) and the OTP.
7. AWS Account Security Checklist
# 6 Do not share access credentials among users
• Best practice is to create individual IAM users for each person that needs to
access services and resources in your AWS account to increase your AWS
account security.
8. AWS Account Security Checklist
# 7 Use IAM groups to assign permissions to IAM users
• Create a IAM group and assign the relevant common permissions to this
account and add users to that group who need access to AWS Console.
9. AWS Account Security Checklist
# 8 Use AWS Defined Policies wherever possible
• Use standard set of AWS defined policies as far as possible, instead of creating
your own policies. This helps to maintain and manage security as per best
practices.
10. AWS Account Security Checklist
# 9 Grant least privilege
• Start with a minimum set of permissions and grant additional permissions as
necessary.
11. AWS Account Security Checklist
# 10 Create separate IAM user for IAM management
• Create a separate IAM user whose only role is IAM user management.
12. AWS Account Security Checklist
# 11 Use Access Levels to Review IAM Permissions
• AWS categorizes each service action into one of four access levels based on
what each action does:
1. List
2. Read
3. Write
4. Permissions management.
• You can use these access levels to determine which actions to include in your
policies.
13. AWS Account Security Checklist
# 12 Use Roles for Applications That Run on Amazon
EC2 Instances
• Instead of hardcoding AWS credentials, keys into the application source code
repository use IAM roles and assign them to the applications that runs on an
Amazon EC2 instance.
14. AWS Account Security Checklist
# 13 Use Roles to Delegate Permissions
• Don't share security credentials between accounts to allow users from another
AWS account to access resources in your AWS account. Instead, use IAM
roles.
15. AWS Account Security Checklist
# 14 Rotate Access Credentials regularly
• Change your own passwords and access keys regularly, and make sure that all
IAM users in your account do as well.
16. AWS Account Security Checklist
# 15 Remove Unnecessary Credentials
• Find unused passwords or access keys using the console, using the API, or by
downloading the credentials report and remove such unused credentials to
improve the security of your AWS account.
17. AWS Account Security Checklist
# 16 Use Policy Conditions for Extra Security
• Wherever possible, define the conditions under which your IAM policies allow
access to a resource. For example, you can write conditions to specify a range
of allowable IP addresses that a request must come from.
18. AWS Account Security Checklist
# 17 Monitor Activity in Your AWS Account
• Use logging features in AWS to determine the actions users have taken in your
account and the resources that were used.