Mandatory Security Checklist for New AWS Account
Did you complete these mandatory checklist for your new AWS account?.
AWS New Account mandatory checklist
Once we create an AWS account make sure you follow these steps to ensure your account is safe, secure and within our budget limit.
Top 5 Checklist:
- Understand the Cloud Shared responsibility model.
- Secure the root user
- Create an admin user.
- Set billing alert.
- Create a password Policy.
Cloud Shared responsibility model:
- Cloud Security is not just the responsibility of the cloud provider, it’s the shared responsibility of the customer and cloud provider.
- AWS is only responsible for the secure cloud which includes the cloud infrastructures, software, hardware and data center.
- Customer is responsible for account security, resource created, encryption, customer data, network traffic etc.
Secure the root user:
- Create a high secure password for the root user.
Delete access key if created.
Create an Admin User:
Create a Admin user for day today activities.
Navigate to IAM Users and click on Add Users
Fill the user details.
User name : username used for login
AWS Credential type: Enable both programmatic access (enable access key ID secret for CLI/SDK) and console access
Attach existing policy directly: Select AWS defined existing policy "AdministratorAccess"
Set a Billing Alert:
Create a alert for your budget. To maintain our account spending within our budget, we can create alert. Not well this is just an alert, we have to make sure we login and delete/modify resources to avoid the big bill surprises.
Navigate to Billing Console and click on Create Budget
Select Use a template(simplified)
Select Budget alert as Monthly and fill the monthly budget amount
Add recipients email address for the alert
Validate the Alert
Create a Password policy:
Create a password policy which will be applied to all the users which we are creating, making the account password policy within our control.
Navigate to IAM and click on Account Settings
Edit the Password Policy
These are minimum mandatory things we have to do after creating a new account. There are other configuration to tighten the security and to keep the bills within our budget including enabling cloudtrail logs, adding tags,using aws configs etc.