jldugger
commented
7 years ago - [ ] Lock away your AWS account (root) access keys
- [X] Create individual IAM users
- [ ] Use AWS-defined policies to assign permissions whenever possible
- [ ] Use groups to assign permissions to IAM users
- [ ] Grant least privilege
- [ ] Configure a strong password policy for your users
- [ ] Enable MFA for privileged users
- [ ] Use roles for applications that run on Amazon EC2 instances
- [ ] Delegate by using roles instead of by sharing credentials
- [ ] Rotate credentials regularly
- [x] Remove unnecessary credentials
- [ ] Use policy conditions for extra security
- [ ] Monitor activity in your AWS account
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html