1. 程式人生 > >Learn Best Practices for Securing Your Account and Resources

Learn Best Practices for Securing Your Account and Resources

AWS offers a number of tools to help secure your account. Many of these measures are not active by default, and you must take direct action to implement them. Here are some best practices to consider to help secure your account and its resources:

Safeguard your passwords and access keys

The two main types of credentials used for accessing your account are passwords and access keys. Both types of credentials can be applied to the root account or to individual IAM users. You should safeguard passwords and access keys as you would any other confidential personal data, and never embed them in publicly accessible code (i.e. a public Git repository). For added security, frequently rotate or update all security credentials.

If you use GitHub for document or code versioning and sharing, consider using git-secrets, which can scan for AWS credentials and other sensitive information, helping you avoid committing code or documents that contain any sensitive information.

Set up a multi-factor authentication (MFA)

device to protect access keys that only have API access and fine-tune which API commands require an MFA token to proceed.

If you suspect that a password or access key pair has been exposed, immediately rotate and delete the exposed credentials, and see My AWS account may be compromised.

Limit root user access to your resources

Root account credentials (the root password or root access keys) grant unlimited access to your account and its resources, so it's a best practice to both secure and minimize root user access to your account.

Consider the following strategies to limit root user access to your account:

  • Use IAM users for day-to-day access to your account, even if you're the only person accessing it.

Audit IAM users and their policies frequently

Consider the following best practices when working with IAM users:

  • Ensure that IAM users are given the most restrictive policies possible, with only enough permissions to allow them to carry out their intended tasks (least privilege).
  • Create different IAM users for each set of tasks.
  • When associating multiple policies with the same IAM user, keep in mind that the least restrictive policy takes precedence.
  • Frequently audit your IAM users and their permissions, and delete any unused IAM users or keys.
  • If your IAM user needs access to the console, you can set up a password to allow console access while limiting the user's permissions.
  • Set up individual MFA devices for each IAM user with access to the console.

You can use the AWS Policy Generator to help you define secure policies. For examples of common business use cases and the policies you might use to address them, see Business Use Cases.

Monitor your account and its resources

You can contact AWS Support with questions you might have about your account's activity. However, for privacy and security reasons, AWS doesn't actively monitor your usage and uses limited tools to investigate issues. It's best to actively monitor your account and its resources to detect any unusual activity or access to your account. Consider one or more of these solutions:

  • Enable CloudWatch billing alerts to receive automated notification when your bill exceeds thresholds you define.
  • Enable CloudTrail logging services to track what credentials were used to initiate particular API calls and when, to help you determine if the usage was accidental or unauthorized, and take the appropriate steps to mitigate the situation.
  • Enable resource-level logging (for example, at the instance or OS level).

Note: If possible, as a best practice, enable logging for all regions, not just the ones you regularly use.

相關推薦

Learn Best Practices for Securing Your Account and Resources

AWS offers a number of tools to help secure your account. Many of these measures are not active by default, and you must take direct action to

Best Practices for QML and Qt Quick

ins proto IT fault qmake scala simple text view Despite all of the benefits that QML and Qt Quick offer, they can be challenging in certa

Google and Uber’s Best Practices for Deep Learning

Google and Uber’s Best Practices for Deep LearningThere is more to building a sustainable Deep Learning solution than what is provided by Deep Learning fra

Best Practices for Spies, Stubs and Mocks in Sinon.js

Introduction Testing code with Ajax, networking, timeouts, databases, or other dependencies can be difficult. For example, if you use A

Chapter 1 Securing Your Server and Network(7):禁用SQL Server Browse

tcp/ip blog splay 響應 otto 屬性 you src 安裝 原文出處:http://blog.csdn.net/dba_huangzj/article/details/38227187,專題文件夾:http://blog.csdn.net/dba_hu

Fw: EPM 11.1.2.x – Planning/PBCS Best Practices for BSO Business Rule Optimisation

trigge rec oval sage depend opera manage 1.2 group 1. Introduction This document is intended to provide best practices for Business Rule

轉錄組分析綜述A survey of best practices for RNA-seq data analysis

轉錄組分析綜述 轉錄組   文獻解讀   Trinity   cufflinks 轉錄組研究綜述文章解讀 今天介紹下小編最近閱讀的關於RNA-seq分析的文章,文章發在Genome Biology 上的A survey of

PBR最佳實踐(Best Practices For Physically Based Content Creation)

該視訊是Anton Hand在Unite 大會上做的分享,比較老的視訊了,但是PBR理論及最佳實踐永遠不會過時。Anton Hand在Youtube上還有一個頻道 (需科學上網),每隔一段時間會上傳一個開發日誌,演示他做的VR專案進展,有興趣的可以看一下,是關於他的VR槍戰遊戲,目前

Best practices, how-tos, use cases, and internals from Cloudera Engineering and the community

One instance of Cloudera Manager (CM) can manage N clusters. In the current Role Based Access Control (RBAC) model, CM users hold privileges and permi

Best practices for building API Keys

Best practices for building API KeysHello there, we all know how valuable APIs are, its a gateway to explore other services, integrate with them and build

Get Help with Your AWS Account and Resources

To get help with AWS, try one of the following resources: Check the documentation for the service you're using. AWS docu

Best Practices for Implementing Custom CloudFormation Resources with Lambda

When implementing Lambda-backed custom resources in your CloudFormation stack, consider the following best practices: Build your cus

Best Practices for Running Apache Cassandra on Amazon EC2

Apache Cassandra is a commonly used, high performance NoSQL database. AWS customers that currently maintain Cassandra on-premises may want to take

What are best practices for identifying users? Documentation

This tutorial will help you track newly registered users the right way. The process of shifting from an anonymous visitor to an identified user requires so

Anyone interested for your kids and mine to learn Chinese and English together?

I am from China, have a 6 years boy. I just got this idea that to help him improving English, we might find another English speaking native kid, to learn C

What is Web Application Architecture? How It Works, Trends, Best Practices and More

som put type ruby async sin porting whole ldb At Stackify, we understand the amount of effort that goes into creating great applications.

Best deals for Oct. 1: Save on Instant Pot, Epson printers, Beats headphones, Echo Show, LEGO, and more

October is here and so are some great sales. We've gathered the best deals on the products you want, including printers, headphones, kitchen gear, video st

Ask HN: What is your best advice for a junior software developer?

Don't stress about not being good enough when you see other people's work. People show off their end result and not the hundreds of brok

Best deals for Oct. 3: Amazon Echo Plus, Roomba robot vacuums, Beats and Bose headphones, Crock

We're rounding up the best deals on the products that will help you upgrade your life. Check out what Amazon, Walmart, Target, and Udemy have discounted ri

Ask HN: What is your best advice for a Senior Software Engineer?

Sometimes, we senior engineers seem to have lost our way. What is the way forward for us? What are the new avenues. I would call anyone who's been codin