Which of the following are best practices to ensure your account using AWS IAM?
|
AWS Identity and Access Management (IAM) enables you to manage users and permission levels for staff and third parties requiring access to your AWS account. This service provides centralized access to manage access keys, security credentials, and permission levels. This service is particularly useful for organisations with complex workloads on AWS. Trend Micro Cloud One™ – Conformity monitors AWS
Identity and Access Management (IAM) with the following rules: Monitor AWS Account Root User Activity Ensure there are no IAM groups with full
administrator permissions within your AWS account. Ensure AWS account has an IAM strong password policy in use Ensure that all your SSL/TLS certificates are using either
2048 or 4096 bit RSA keys instead of 1024-bit keys. Ensure there are no IAM users with full administrator permissions within your AWS account. Set up, organize and manage your AWS accounts for optimal security and manageability. Ensure no access keys are created during IAM user initial setup with AWS Management Console. Ensure AWS IAM access keys are rotated on a periodic basis as a security best practice (30 Days). Ensure AWS IAM access keys are rotated on a periodic basis as
a security best practice (45 Days). Ensure AWS IAM access keys are rotated on a periodic basis as a security best practice (90 Days).
Ensure alternate contacts are set to improve the security of your AWS account. Ensure security challenge questions are enabled and configured to improve the security of your AWS account. Ensure that all access to the ECS Execute Command action is approved Ensure IAM policy for EC2 IAM
roles for app tier is configured. Ensure IAM policy for EC2 IAM roles for web tier is configured. Detects when a canary token access key has been used Ensure that all Amazon IAM users have group memberships. Ensure that Amazon IAM policies attached to IAM groups are not too permissive. Ensure there are no unapproved Amazon IAM users available within your AWS cloud account. Ensure that AWS IAM roles cannot be used by untrusted accounts via cross-account access feature. Ensure that unused AWS IAM credentials are decommissioned to follow security best practices. Ensure cross-account IAM roles use either MFA or external IDs to secure the access to AWS resources. Ensure that Multi-Factor Authentication (MFA) is enabled for all Amazon IAM users with console access. Ensure expired SSL/TLS certificates are removed from AWS IAM. Ensure hardware MFA is enabled for your Amazon Web Services root account. Ensure that IAM Access Analyzer feature is enabled to maintain access security to your AWS resources. AWS IAM configuration changes have been detected within your Amazon Web Services account. AWS IAM 'CreateLoginProfile' call has been detected within your Amazon Web Services account. Ensure AWS IAM groups do not have inline policies attached. Ensure that IAM Master and IAM Manager roles are active in your AWS cloud account. Ensure IAM policies that allow full '*:*' administrative privileges aren't created. Ensure AWS IAM policies do not use "Effect" : "Allow" in combination with "NotAction" element to follow security best practices. Ensure AWS IAM policies attached to IAM roles are not too permissive. Ensure AWS Identity and Access Management (IAM) user passwords are reset before expiration (30 Days). Ensure AWS Identity and Access Management (IAM) user passwords are reset before expiration (45 Days). Ensure AWS Identity and Access Management (IAM) user passwords are reset before expiration (7 Days). Ensure AWS IAM policies are attached to groups instead of users as an IAM best practice. Ensure there is at least one IAM user currently used to access your AWS account. Ensure that IAM users have either API access or console access in order to follow IAM security best practices. Ensure AWS IAM users that are not authorized to edit IAM access policies are decommissioned.. Ensure no AWS IAM users have been inactive for a long (specified) period of time. A Multi-Factor Authentication (MFA) device deactivation for an IAM user has been detected. Ensure that your server certificates are not vulnerable to Heartbleed security bug. Ensure that IAM users receive permissions only through IAM groups. Ensure that your AWS root account is not using access keys as a security best practice. Ensure that your AWS root account user is not using X.509 certificates to validate API requests. Ensure that root account credentials have not been used recently to access your AWS account. Ensure that Multi-Factor Authentication (MFA) is enabled for your AWS root account. Ensure AWS IAM SSH public keys are rotated on a periodic basis as a security best practice. Ensure IAM SSH public keys are rotated on a periodic basis to adhere to AWS security best practices. Ensure IAM SSH public keys are rotated on a periodic basis to adhere to AWS security best practices. Ensure SSL/TLS certificates are renewed before their expiration. Ensure SSL/TLS certificates are renewed before their expiration. Ensure SSL/TLS certificates are renewed before their expiration. AWS sign-in events for IAM and federated users have been detected. Ensure there is an active Amazon IAM Support Role available within your AWS account. Ensure there are no unapproved AWS Identity and Access Management (IAM) policies in use. Ensure there is a maximum of one active access key pair available for any single IAM user. Ensure there is a maximum of one active SSH public keys assigned to any single IAM user. Ensure AWS IAM groups have at least one user attached as a security best practice. Ensure unused IAM users are removed from AWS account to follow security best practice. Ensure valid IAM Identity Providers are used within your AWS account for secure user authentication and authorization. Which of the following are the best practices to secure your account using IAM?5 Advanced IAM Best Practices. Enable multi-factor authentication (MFA) for privileged users. ... . Use Policy Conditions for Extra Security. ... . Remove Unnecessary Credentials. ... . Use AWS-Defined Policies to Assign Permissions Whenever Possible. ... . Use Groups to Assign Permissions to IAM Users.. Which of the following are AWS recommended best practices in relation to IAM?Require multi-factor authentication (MFA)
We recommend using IAM roles for human users and workloads that access your AWS resources so that they use temporary credentials.
Which of the following are best practices to secure your AWS account?Short description. Safeguard your passwords and access keys.. Activate multi-factor authentication (MFA) on the AWS account root user and any users with interactive access to AWS Identity and Access Management (IAM). Limit AWS account root user access to your resources.. Audit IAM users and their policies frequently.. Which of the following are recommended security best practices for the AWS account root user?Best practices to protect your account's root user. Enable AWS multi-factor authentication (MFA) on your AWS account root user. ... . Never share your AWS account root user password or access keys with anyone.. Use a strong password to help protect access to the AWS Management Console.. |
