In this post I will be going to share AWS IAM Best Practices. These best practices are recommended by AWS. You must adhere to these practices to get the best out of your AWS setup.
IAM Best Practices:
- Enable MFA (Multi Factor Authentication) on your AWS account.
- Do not give away root account credentials or access keys to anyone, instead create IAM user and IAM role to grant granular permissions.
- Configure a strong password policy for all users.
- The credentials should be rotated regularly.
- Do not share access keys, even do not keep it in code that is unencrypted. Better use temporary security credentials using IAM role in application.
- Use IAM Roles to delegate access to account. You can define through role what permission are allowed for user.
- You can combine AWS Cloudtrail with IAM to log api actions on AWS account.
- Remove unnecessary credentials.
- Use Policy conditions for extra security.
- Whenever Possible use AWS Defined Policies to Assign Permissions.