09 Feb 2019
By Mohammed Abubakar
Working with a variety of AWS clients, both large and small at AltoStack, we have heard a common concern about running their infrastructure on a public cloud. Most companies understand the benefits of running their infrastructure in the cloud such as development agility, pay-as-you-go pricing, and reducing system management overhead. However, they are worried that there is a higher security risk of running their infrastructure on a shared platform.
AWS offers a variety of tools and methods to secure your AWS account that will give you the peace of mind about securing your cloud infrastructure. In the past year, my focus was to ensure that clients’ infrastructure is well-architected and secure on AWS. I have identified 3 easy steps to increase your AWS account security posture and significantly reduce the risk of having a major security event.
When users create a brand-new AWS account, the initial email address and password combination provides you with full super-admin privileges to your new account. These credentials are the “root” login and have no restrictions on actions that can be taken in the AWS account. Once the account is created, it is strongly recommended to enable MFA and from then onwards access the account only via IAM users.
Using IAM user accounts ensures that each individual has their own login which prevents team members from sharing credentials in addition to it providing the ability to log each user’s AWS activity in AWS CloudTrail. In the unlikely event of a major security breach, having a IAM user account compromised is less terrifying than having your root account compromised.
Therefore, it is important to create IAM users (or federated users) and use those accounts to manage your AWS infrastructure instead of the root account. In addition, ensure that you have a strong password for your root account (and your IAM accounts as well) and that the password is stored securely.
As mentioned earlier, it’s imperative to enable Multi-Factor Authentication (MFA) on the root account to provide an additional layer of security in protecting your root account. MFA forces the user to provide a not only a password but also a security token to confirm the user’s identity which means that in the unlikely event that your root credentials get compromised, the bad actor still won’t be able to get into your account because they won’t have access to the security token.
It may not seem related but AWS customers who keep a close eye on their expense more more closely, usually have a better security posture and are able to identify threats much faster. Setting up billing alerts allow the proper personnel to be notified immediately of the abnormal activity in the account in case of a breach where the bad actor spins up hundreds of servers. Instructions on how to setup billing alerts in your AWS account can be found here.
Not using the root account, enabling MFA on the root account, setting up billing alerts, are 3 steps to significantly increasing your security posture on AWS.
This is not an exhaustive list. There are additional methods, tools, and strategies that can be leveraged to provide automation and secure your AWS infrastructure even more based on your business requirements. AltoStack works closely with clients to ensure that their existing and future AWS infrastructure is well-architected.
If you have further questions on how we can help increase your AWS account security posture, click here to schedule a consultation with the team.