What are some best practices regarding IAM in AWS?
Answer
- Delete root account access keys and don't use root account regularly
- Create IAM user for any physical user. Don't share users.
- Apply "least privilege principle": give users only the permissions they need, nothing more than that.
- Set up MFA and consider enforcing using it
- Make use of groups to assign permissions ( user -> group -> permissions )