Identity and Access Management

Use roles instead of user

Wherever it is possible, use IAM roles instead of users. Roles have no credentials that can be lost or leaked. 

Deny IAM operations

Sometimes it is necessary to allow a wide spread of operations to a role or user. Add an IAM deny policy if possible to reduce the impact in case of abuse.

Use MFA

Multi-Factor Authentication adds an additional security layer.

Remove Root Credentials

Never user root credentials! Remove the access keys to ensure that each access is via user / roles.

Logging

Use CloudTrail

CloudTrail can log all API requests. 

Use GuardDuty

GuardDury can analyze your logs and detect threats.

Leave a comment

Kommentar hinterlassen

Your email address will not be published. Required fields are marked *