Account Best Practices

  • Operate multiple accounts using Organizations

  • Use SCP (service control policies) to restrict account power

  • Easily setup multiple accounts with best-practices with AWS Control Tower

  • Use Tags & Cost Allocation Tags for easy management & billing

  • IAM guidelines: MFA, least privilege, password policy, password rotation

  • Config to record all resource configurations & compliance over time

  • CloudFormation to deploy stacks across accounts and regions

  • Trusted Advisor to get insights, Support Plan adapted to your needs

  • Send Service Logs and Access Logs to S3 or CloudWatch Logs

  • CloudTrail to record API calls made within your account

  • If your Account is compromised: change the root password, delete and rotate all passwords/keys, contact the AWS support

  • Allow users to create pre-defined stacks defined by admins using AWS Service Catalog

PreviousSummaryNextBilling and CostingTools

Last updated