Mandatory Security Checklist for New AWS Account

Posted on December 28, 2022 by Arun N

Did you complete these mandatory checklist for your new AWS account?.

AWS New Account mandatory checklist

Once we create an AWS account make sure you follow these steps to ensure your account is safe, secure and within our budget limit.

Top 5 Checklist:

  1. Understand the Cloud Shared responsibility model.
  2. Secure the root user
  3. Create an admin user.
  4. Set billing alert.
  5. Create a password Policy.

Cloud Shared responsibility model:

  • Cloud Security is not just the responsibility of the cloud provider, it’s the shared responsibility of the customer and cloud provider.
  • AWS is only responsible for the secure cloud which includes the cloud infrastructures, software, hardware and data center.
  • Customer is responsible for account security, resource created, encryption, customer data, network traffic etc.

Secure the root user:

  • Create a high secure password for the root user.
  • Delete access key if created.

  • Enable MFA.


Create an Admin User:

Create a Admin user for day today activities.

Step 1:

Navigate to IAM Users and click on Add Users


Step 2:

Fill the user details.

User name : username used for login

AWS Credential type: Enable both programmatic access (enable access key ID secret for CLI/SDK) and console access


Step 3:

Set permission.

Attach existing policy directly: Select AWS defined existing policy "AdministratorAccess"


Set a Billing Alert:

Create a alert for your budget. To maintain our account spending within our budget, we can create alert. Not well this is just an alert, we have to make sure we login and delete/modify resources to avoid the big bill surprises.

Step 1:

Navigate to Billing Console and click on Create Budget


Step 2:

Select Use a template(simplified)

Select Budget alert as Monthly and fill the monthly budget amount

Add recipients email address for the alert


Step 3:

Validate the Alert


Create a Password policy:

Create a password policy which will be applied to all the users which we are creating, making the account password policy within our control.

Step 1:

Navigate to IAM and click on Account Settings


Step 2:

Edit the Password Policy



These are minimum mandatory things we have to do after creating a new account. There are other configuration to tighten the security and to keep the bills within our budget including enabling cloudtrail logs, adding tags,using aws configs etc.

arun n
Written by
Arun N

Full stack developer. | Go | 6x AWS Certified | Angular

About Us
Tech enthusiastic from t2run