Following are some of the recommendations available under security for the basic plan: Security Groups - Specific Ports Unrestricted (Alert), Amazon EBS Public Snapshots, Amazon RDS Public Snapshots, Amazon S3 Bucket Permissions, IAM Use, MFA on Root Account etc.
The CIS benchmark controls available under Identity and Access Management ensure the following:
-
Avoid the use of the root account.
-
Multi-Factor authentication (MFA) is enabled for all IAM users that have a console password.
-
Credentials are unused for 90 days or greater are disabled.
-
Access keys are rotated every 90 days or less.
Let us also quickly go through some core security concepts needed to user identity.
-
Authentication and Authorization - Authentication is the process of verifying a person's identity and granting him access to the application. Authorization is the process of granting him access to specific features of our application based on his permissions.
We will learn more about CloudWatch in this book. If you want us to include any recipe or note, please do let us know.
