Some customers have asked how they should be using AWS Identity and Access Management (IAM) to help limit their exposure to problems like those that have recently been in the news. In general, AWS recommends that you enable multi-factor authentication (MFA) for your AWS account and for IAM users who are allowed to perform sensitive operations in your account. We also recommend that you use constrained, role-based access whenever practical, and that you do not use root credentials for everyday access to your account.
The list below provides links to best practices and how-to guides that show you how to help safeguard against the types of problems that people have asked about, and against many more.
- IAM Best Practices. A list of recommendations in the IAM documentation for managing your AWS access keys and passwords, using IAM users and groups, using roles and delegation, and turning on logging.
- Securing access to AWS Using MFA (Part 2, Part 3). A multi-part series that shows you how to use MFA to add security to your account. For a quick video, try Improve the security of your AWS account in less than 5 minutes.
- A safer way to distribute AWS credentials to EC2. A post that walks you through the process of making access keys available in a secure and convenient way to applications that are running on EC2 instances.
If you have any questions about these recommendations, or about how to help secure your AWS account, please post them to the AWS Forum.