Mandatory Security Checklist for New AWS Account

Posted on December 28, 2022 by Arun N
AWS
aws-new-account-checklist

Did you complete these mandatory checklist for your new AWS account?.

AWS New Account mandatory checklist

Once we create an AWS account make sure you follow these steps to ensure your account is safe, secure and within our budget limit.

Top 5 Checklist:

  1. Understand the Cloud Shared responsibility model.
  2. Secure the root user
  3. Create an admin user.
  4. Set billing alert.
  5. Create a password Policy.

Cloud Shared responsibility model:

  • Cloud Security is not just the responsibility of the cloud provider, it’s the shared responsibility of the customer and cloud provider.
  • AWS is only responsible for the secure cloud which includes the cloud infrastructures, software, hardware and data center.
  • Customer is responsible for account security, resource created, encryption, customer data, network traffic etc.

Secure the root user:

  • Create a high secure password for the root user.

  • Delete access key if created.

    aws-new-account-checklist-delete-access-key-diagram

  • Enable MFA.

    aws-new-account-checklist-mfa1
    aws-new-account-checklist-mfa2
    aws-new-account-checklist-mfa3

Create an Admin User:

Create a Admin user for day today activities.

Step 1:

Navigate to IAM Users and click on Add Users

aws-new-account-checklist-admin1

Step 2:

Fill the user details.

User name : username used for login

AWS Credential type: Enable both programmatic access (enable access key ID secret for CLI/SDK) and console access

aws-new-account-checklist-admin2-diagram

Step 3:

Set permission.

Attach existing policy directly: Select AWS defined existing policy "AdministratorAccess"

aws-new-account-checklist-admin3-diagram

Set a Billing Alert:

Create a alert for your budget. To maintain our account spending within our budget, we can create alert. Not well this is just an alert, we have to make sure we login and delete/modify resources to avoid the big bill surprises.

Step 1:

Navigate to Billing Console and click on Create Budget

aws-new-account-checklist-budget1-diagram

Step 2:

Select Use a template(simplified)

Select Budget alert as Monthly and fill the monthly budget amount

Add recipients email address for the alert

aws-new-account-checklist-budget1-diagram

Step 3:

Validate the Alert

aws-new-account-checklist-budget1-diagram

Create a Password policy:

Create a password policy which will be applied to all the users which we are creating, making the account password policy within our control.

Step 1:

Navigate to IAM and click on Account Settings

aws-new-account-checklist-password

Step 2:

Edit the Password Policy

aws-new-account-checklist-password

Summary:

These are minimum mandatory things we have to do after creating a new account. There are other configuration to tighten the security and to keep the bills within our budget including enabling cloudtrail logs, adding tags,using aws configs etc.

Next: How to Create a Table in DynamoDB?
arun n
Written by
Arun N

Full stack developer. | Go | 6x AWS Certified | Angular

Search
Categories
About Us
Tech enthusiastic from t2run
Arun N