A key advantage of AWS and the cloud is that it is dynamic and can be scaled according to need. That advantage, however, can cause security nightmares. With that in mind, here are five easy tips to ensure that you keep up your end of the bargain.
Use ‘least privileging’ when permissioning. What does this mean? It means use either the templates AWS provides or create your own to insure that users are not given more access than they require. Use AWS’ resource level controls. This is equally critical when considering programs that are gaining API access. Do not over permission and carefully control privileges.
AWS allows MFA. Use it for privileged accounts. Similarly, create and enforce policies to insure that passwords are appropriately complex and secure for all accounts. Ensure that your security groups are properly configured and permissioned.