This shot lists five steps we can follow to secure our Amazon Web Services (AWS) account.
If our AWS root user account is compromised, every resource and data in our account can be exposed to attackers. Therefore, we should make sure we don’t share our account credentials with anyone. To keep our root account secure, it’s a good practice to:
In information security, the principle of least privilege dictates that we give users the least amount of access necessary to complete their tasks.
It is advised to grant users only the permissions that are necessary to do a particular job. We should start by denying all permissions, and then grant additional permissions as necessary for the user, group, or role.
Identity and Access Management (IAM) provides a way to create and manage users, groups, and roles that provide secure access to our AWS account and resources.
It is easier to maintain roles than users. When we assume an IAM role, a short-term temporary credential allows us to access the resource temporarily. After some time, the given temporary credential expires automatically.
An Identity Provider (IdP) is a trusted third-party company that creates and manages an AWS user identity and associated identity attributes.
Using an IDP allows us to use identities that are federated from our IDP for access control.
Securing our AWS account is crucial to the overall security of our applications. Thus, we should follow these steps to ward off security threats and safely use AWS.