Five things to do to secure your AWS account

Have you opened an AWS account recently or do you have an exisiting AWS account, here are five (5) things that you can do to secure you AWS account.

1. Restrict the use of the root user
2. Enable password complexity requirement
3. Enable Multifactor Authentication (MFA)
4. Enable Cost Explorer
5. Configure AWS Budgets to track your usage

1. Restrict the use of the root user

Action
Create an Administrator account

The root user is created when you create an AWS account, and this user has full ownership privileges and permissions over the account that cannot be changed. You should protect your root user credentials like you would your credit card numbers or any other sensitive secret and use them for only the tasks that require them.

• Your root user credentials is the master key, anybody with access to it has unfettered access to your AWS account, even AWS support might not be able to help you to regain control of your account if a rogue user hijacks it.
• The root user should be used for tasks that can be performed by only the root user such as closing your AWS account. Daily task should be managed using an administrator account.
• Don’t create access keys for the root user. Instead, use the root user to create an administrator account for daily task.

2. Enable password complexity requirement

Action
Enable password complexity requirement

• Many AWS accounts have been compromised in the wild as a result of the use of weak passwords. Enforcing password complexity requirements ensures that all users are forced to use passwords that meets the minimum requirements.
• Never share your AWS account root user password or access keys with anyone
• Use a strong password to help protect access to the AWS Management Console.

3. Enable Multifactor Authentication (MFA)

Action
Enable Multifactor Authentication (MFA)

MFA adds extra level of security because it requires users to provide unique authentication from an AWS supported MFA mechanism in addition to their regular sign-in credentials when they access AWS websites or services. To secure your AWS account and force all users to set MFA, follow the action above.

4. Enable Cost Explorer

Action
Enable Cost Explorer

AWS Cost Explorer is a tool that enables you to view and analyze your costs and usage. You can view the breakdown of your cost and the services that generated the cost, and view your usage pattern over a period of time.

5. Configure AWS Budgets to track your usage

Action
Turn on AWS Free Tier Usage alerts
Configure AWS Budgets to track your usage

It is very common for developers to provision resources (such as an EC2 instance) and forget to delete it when they are done with testing and development. Cost tracking is important because it helps you to monitor resource utlilzation and reduce unnecessary expense.

First things first, track your AWS Free Tier Usage. To do this, turn on Free Tier usage alerts in Billing preferences to automatically notify you over email when you exceed 85% of the Free Tier limit for each service. See Action above.

AWS Budgets can be used to track and take action on your AWS costs and usage. In this case, we will set a monthly cost budget with a fixed target amount to track all costs associated with your account and send an email notification when the set budget is exceeded. See Action above to configure AWS Budgets

References: AWS Account Management, AWS IAM, AWS Prescriptive Guidance, AWS Billing, AWS Cost Management