AUTHENTIFICATION
MFA - MULTI-FACTOR AUTHENTICATION
MFA is an authentication method that requires two different authentication factors to access an account or system. Commonly used authentication factors are a password and a code generated by an MFA app on a mobile device.
By enabling MFA functionality on AWS accounts, you greatly increase the security of your accounts, as the attacker would also need physical access to the MFA device associated with the account to log in. This greatly reduces the risk of password theft and account compromise.
MFA FOR ALL CONSOLE USERS
If you don't configure MFA on accounts with access to the AWS console, the accounts may be vulnerable to phishing or password theft attacks.
If attackers are able to obtain login credentials, they can gain access to the AWS console, where they can edit or delete data, launch instances, open ports, etc.
MFA - ROOT ACCOUNT
The root account is the primary administrative account on AWS, which has full access to all services and resources in the environment.
If the root account is compromised, it can lead to catastrophic consequences, including loss of sensitive data, configuration changes, service downtime, etc.
LOGIN ALERTS
Make sure you get an alert every time an account that is not using MFA logs in. Make sure you get an alert every time the root account logs in.
Documentations :
DETERMINE THE TYPE OF ACCESS PER USER
By default, no checkbox is selected in the AWS console when creating a new IAM user. When certifying the IAM user's credentials, you must determine the type of access the user needs.
Programmatic access: the user may need to make API calls, use the AWS CLI, or use the Windows PowerShell tools.
AWS Management Console Access: the user needs to access the AWS Management Console.
Documentation :
Last updated