IAM Guidelines & Best Practices

  • Don’t use the root account except for the AWS account setup

  • One physical user = One AWS user

  • Assign users to groups and assign permissions to groups

  • Create a strong password policy

  • Use and enforce the use of Multi-Factor Authentication (MFA)

  • Create and use Roles for giving permissions to AWS services

  • Use Access Keys for Programmatic Access (CLI / SDK)

  • Audit permissions of your account using the IAM Credentials Report & IAM Access Advisor

  • Never share IAM users & Access Keys

PreviousIAM Security ToolsNextShared Responsibility Model for IAM

Last updated