IAM Best Practices and Experiences

This is a highlight of the best practices as listed in AWS website along with personal experiences and from other materials.

  1. Lock away your AWS account (root) access keys

  2. Create individual IAM users. Use only root account rarely (or never after initial setup).

  3. Use AWS-defined policies to assign permissions whenever possible

  4. Use groups to assign permissions to IAM users.

    • Even if it is one user, it is recommended to create groups.

  5. Grant least privilege

  6. Configure a strong password policy for your users

  7. Enable MFA for privileged users.

  8. Use roles for applications that run on Amazon EC2 instances; should not copy user’s access key to EC2 instance.

  9. Delegate by using roles instead of by sharing credentials.

    • Delegation is granting permission to someone that allows access to resources that you control.

    • To delegate permission to access a resource, you create an IAM role that has two policies attached.

      • The permissions policy grants the user of the role the needed permissions to carry out the desired tasks on the resource.

      • The trust policy specifies which trusted accounts are allowed to grant its users permissions to assume the role.

    • Read more @ http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html.

  10. Rotate credentials regularly

  11. Remove unnecessary credentials

  12. Use policy conditions for extra security

  13. Monitor activity in your AWS account

Learn Serverless from Serverless Programming Cookbook

Contact

Please first use the contact form or facebook page messaging to connect.

Offline Contact
We currently connect locally for discussions and sessions at Bangalore, India. Please follow us on our facebook page for details.
WhatsApp (Primary): (+91) 7411174113
Phone (Escalations): (+91) 7411174114

Business newsletter

Complete the form below, and we'll send you an e-mail every now and again with all the latest news.

About

Cloudericks.com is my blog to share notes and learning materials on Cloud and Data Analytics. My current focus is on Amazon Web Services.

I like to write. I try to document what I learn and share with others. I believe that knowledge is useless unless you share it; the more you share, the more you learn.

Recent comments

Photo Stream