Secure AWS root account
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed multi-factor authentication.
In this blog post, we are going to complete our root account security.
Secure AWS root account:
When you first create an Amazon Web Services (AWS) account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account. AWS strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.
There are five steps required to consider your root account secure.
- Delete your root access keys
- Activate MFA on your root account
- Create individual IAM users
- Use groups to assign permissions
- Apply an IAM password policy
We have already enabled MFA for the root account and created IAM user with administrative access policy attached to a group.
Next, we will delete the root access key and set IAM password policy.
Step 1: Login to AWS console and navigate to IAM.
Step 2: Click ‘Manage Security Credentials’ located under ‘Dashboard’.
Step 3: Expand ‘Access keys’ and click ‘Delete’.
You will receive one warning message, click ‘Yes’.
Next, we will set a password policy for IAM user.
Step 4: Navigate to ‘Dashboard’ and click ‘Manage Password Policy’.
Step 5: Set IAM password policy as per your requirement and click ‘Apply password policy’.
Congratulations, your root account has been secured successfully.
Hope you have enjoyed this article. In the next blog post, we will discuss the identity provider in IAM.
To get more details on IAM, please refer below AWS documentation.