AWS Resource Access
Ensure IAM instance roles are used for AWS resource access from instances.
AWS Support Role
A support role should be created so as to manage incidents with the AWS support.
Access Keys 90 day Rotation
Changing access keys (which consist of an access key ID and a secret access key) on a regular schedule is a well-known security best practice because it shortens the period an access key is active and therefore reduces the business impact if they are compromised.
Access Keys for Console Access Users
Do not set up access keys during inital user setup for all IAM users that have console password.
Active IAM Master/Manager
IAM Master/Manager roles should be active in order to effectively manage user permissions for all levels of your organisation.
Avoid Root account
We strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.Current Contact Info
Ensure your contact information is current.
Disable Unused Credentials
Ensure that credentials unused for more than 90 days are disabled.
Enable Detailed Billing
To have a better idea about the breakup details of your spend ensure detailed billing is activated.
Hardware MFA Enabled
Ensure hardware mutlifactor authorisation is enabled. Without multi-factor authentication (MFA), antivirus software, firewalls, encryption technology, and vulnerability tests can be bypassed.
IAM Group Policy
Ensure IAM policies are attached only to groups or roles and not directly to individual users.IAM Password Policy 90 days
Ensure that the IAM password policy expires within 90 days or less.
IAM Policy groups/roles
Ensures that security questions are registered in the AWS account.MFA Enabled
Ensure mutlifactor authorisation is enabled for all IAM users that have a console password. Without multi-factor authentication (MFA), antivirus software, firewalls, encryption technology, and vulnerability tests can be bypassed.
Minimum 1 LowerCase letter in password
To make your password stronger ensure that it contains a minimun of one lowercase letter.
Minimum 1 Number
To make your password stronger ensure that it contains a minimun of one number.
Minimum 1 Symbol
To make your password stronger ensure that it contains a minimun of one symbol.Minimum 1 UpperCase letter in password
To make your password stronger ensure that it contains a minimun of one uppercase letter.
Minimum Password Length
To make your password stronger ensure that it contains a minimun of one lowercase letter.
Password Reuse
Ensures IAM policy password prevents password reuse.
Root MFA Enabled
Ensures that mutlifactor authentication is enabled for root user access.
Root access key
Ensures no root account access key exists.