Here are a few key takeaways from this chapter:
- Get rid of the Root Account, use IAM wherever necessary. Hide away the Root key and avoid using it unless it's the end of the world!
- Create a separate IAM users for your organization, each with their own sets of access and Secret Keys. DO NOT SHARE YOUR KEYS OR PASSWORDS! Sharing such things is never a good idea and can cause serious implications and problems.
- Create separate administrators for each of the AWS services that you use.
- Use roles and groups to assign individual IAM users permissions. Always employ the least privilege approach wherein a particular group or role has the least amount of privileges assigned to it. Provide only the required level of access and permissions that the task demands.
- Leverage multi-factor authentication (MFA) wherever possible. Although passwords are good, they are still not the best option when it comes to authenticating users at times.
- Rotate your passwords and keys on a periodic basis. Create keys only if there is a requirement for it. If there are unused keys and/or users, then make sure you delete them on a regular basis.
- Maintain a logs and history of your AWS account and its services. Use AWSCloudTrail for security and compliance auditing.
- Use temporary credentials (IAM Roles) rather than sharing your account details with other users and applications.
- Leverage AWS Key Management Service to encrypt data and your keys wherever necessary.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.