Congratulations on beginning your journey with AWS. As you get the new AWS account setup, we have prepared a checklist of some AWS basics for you to ensure maximum security.
Create administrator user
As part of your AWS onboarding process you receive root user credentials. This user has the highest level of privileges and it is advisable to not use this user for any purpose, except for super-privilege activities.
The first step when getting started with AWS is to create an administrator user in the IAM console and assign the AdministratorAccess permission policy to it. If you plan to have multiple users with admin roles, you could create an IAM User Group with AdministratorAccess permission policy and then add users to the group.
Enable MFA
You should also enable Multi Factor Authentication (MFA) for all your AWS users. AWS supports virtual MFA devices that work on mobile phones as well as hardware based devices. A complete list of devices is available here.
Every user needs to individually activate their MFA device. To do this, you need to navigate to the user in the IAM console, open the Security credentials tab and click on Manage link next to the Assigned MFA device option and follow the instructions provided on the page.
Change password policy
AWS allows you to create custom password policies for your users. You can do this by opening “Account settings” under the IAM console. You can use any combination of the following rules to set up the policy:
- Set minimum password length
- Increase password strength by mandating at least one:
- Uppercase letter
- Lowercase letter
- Number
- Non alphanumeric characters
- Set number of days after which passwords expire
- Allow users to change their own password
- Allow users to change their expired password
- Prevent reuse of old passwords
References
- Creating your first IAM admin user and user group – AWS Identity and Access Management. (n.d.). Amazon Web Services, Inc. https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html
- Using multi-factor authentication (MFA) in AWS – AWS Identity and Access Management. (n.d.). Amazon Web Services, Inc. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html
- Setting an account password policy for IAM users – AWS Identity and Access Management. (n.d.). Amazon Web Services, Inc. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html?icmpid=docs_iam_console