Tips of AWS Account Security
Root Account Protection
AWS root account is especially important to protect with MFA, as it holds access to anything and everything. CIS also recommends enabling alarms to detect when the root account is used and having separation of roles, which involves setting up different accounts for different tasks .Organization should create an AWS root account that belongs to an internal user group and not a specific user account. Never use a standard personal Amazon.com shopping account as the AWS root account, and don’t use the root account for everyday work.
Password security
Practice good password security. Use unique passwords on all sites and use a password manager. Have training with your users on the importance of having strong passwords and not reusing passwords on multiple websites.
Credential security
AWS Access Keys as securely as passwords. Never hardcode them into source code or documentation. Never email them or let them escape outside of the organization.
Network Security
Enable your operating system firewall along with the AWS Network Security Group ingress rules.
- Develop strong allow or block listing rules to apply to your firewalls to limit service access and exposure.
- Run anti-virus and monitoring products on your virtual machines.
- Perform vulnerability scans to find possibly exploitable vulnerabilities before the attackers do.
- It is also a good idea to run an intrusion prevention product to detect and stop attackers. You can even run the newly created Amazon Web Application Firewall, in order to target some attacks, such as protecting against the OWASP
Inhouse alert / sensitive information .
Enable various monitoring tool like cloud watch , cloud trail and monitor the behaviours . These can help with insider threats and escalation of privileges via alerting on unauthorized API calls and IAM policy changes .
Security Strategy
We can consider the usage of AWS inspector as well .DoS attacks can be mitigated using the AWS Shield managed denial of service protection. This should be investigated, so that you are prepared to react in the case of an expensive denial of service attack.
Backup strategy should also be reviewed, specifically regarding offline backups. An attacker who gains access to your control panel can remove your backup data storage just as easily as your primary.one benefit to virtualized infrastructure is the ability to easily roll out patched and updated capacity when you detect a compromise. Ensure your DevOps chain is capable of instantly deploying your required servers.
