Recommendations and best practices
Here are a few key takeaways from this chapter:
Get rid of the Root Account, use IAM wherever necessary. Hide away the Root key and avoid using it unless it's the end of the world!
Create a separate IAM users for your organization, each with their own sets of access and Secret Keys. DO NOT SHARE YOUR KEYS OR PASSWORDS! Sharing such things is never a good idea and can cause serious implications and problems.
Create separate administrators for each of the AWS services that you use.
Use roles and groups to assign individual IAM users permissions. Always employ the least privilege approach wherein a particular group or role has the least amount of privileges assigned to it. Provide only the required level of access and permissions that the task demands.
Leverage multi-factor authentication (MFA) wherever possible. Although passwords are good, they are still not the best option when it comes to authenticating users at times.
Rotate your passwords and keys on a periodic...