AWS Security Best Practices for IAM
What are the steps to flow to secure IAM According to Security Team.
Important Steps to Follow
- Ensure that use email address as IAM User
- Make sure NO Access key will be created for individual IAM User. You can use Service Account instead.
- Ensure that passwords should be complex and need to be minimum 14 char(one uppercase,one lowercase,one number,at least one non-alphanumeric character)
- Ensure that Admin team will provide temporary auto generated password for NEW User.
- User needs to change password during first time login to the aws console.
- Ensure that Unused AWS Accounts need to be deleted.
- Ensure that MFA (Multi Factor Authentication) need to be enable.
- Ensure that IAM User access key shoud be Rotate every 90 days.