IAM Guidelines & Best Practices
Don't use the root account except for AWS account setup.
One physical user = One AWS user
Assign users to group and assign permissions to groups
Create a strong password policy
Use and enforce the use of Multi Factor Authentication (MFA)
Create and use Roles for giving permissions to AWS Services
Use Access Keys for Programmatic Access (CLI/SDK)
Audit permissions of your account using IAM Credentials Report & IAM Access Advisor
Never share IAM user & Access Keys
Shared Responsibility Model for IAM
In AWS, the Shared Responsibility Model is a crucial concept that defines the division of security responsibilities between AWS and its customers. Specifically for IAM, here's how the shared responsibility model applies:
1. AWS Responsibility
Infrastructure (global network security)
Configuration and vulnerability analysis
Compliance validation
2. Customer Responsibility
Users, Groups, Roles, Policies management and monitoring
Enable MFA on all accounts
Rotate all your keys often
Use IAM tools to apply appropriate permissions
Analyze access patterns & review permissions.
Top comments (0)