2. Start off on the right foot
Three critical steps:
1. Enable MFA for Root account
2. Use AWS IAM or AWS IAM Identity
Center & enable MFA
3. Invest in the skills of your workforce
1
56
https://aws.amazon.com/training/
3. Lack of Multi-Account Governance
• Limit incident blast radius
• Discount sharing
• Consolidated billing
• Organizational Units
• Distinct security controls by
environment - Service Control
Policies (SCP)
2
78
4. Poor IAM Implementation
• Avoid AWS managed policies
(“one-size-fits-all” policies)
• Principle of least privilege
• Have processes in place
• IAM vs AWS IAM Identity Center
• Leverage AWS IAM Access
Analyzer
3
56
IAM
IAM Identity Center
6. Insufficient measures to protect data
• Encryption in transit & at rest
• Secrets Management
• 3-2-1-1-0 Backup rule
• DR plan/design for failure
5
56
7. Not Prioritizing Cost Management
• Enable AWS Budgets & Billing
Alarms
• Leverage AWS Cost Explorer
• Develop a culture of cost awareness
• Provide dev team with cost visibility
6
15