Created
January 16, 2020 10:57
-
-
Save ross-humphrey/c9a9cda2ff758d57fdb921d732669612 to your computer and use it in GitHub Desktop.
π Best Practices for Managing AWS Access Keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Remove or do not generate account access keys | |
| > Best way to protect your account is not having one | |
| > Better to create one or more AWS Identity and Access Management users. | |
| Use temporary security credentials (IAM Roles) instead of Long-Term Access Keys | |
| > Create IAM roles and generate temporary security credentials | |
| > Security token associated with credentials has time to live | |
| Use an IAM role and temporary security credentials in the following scenarios: | |
| > AWS CLI scripts running on EC2 | |
| > Cross account access | |
| > Mobile App | |
| Federate into AWS and org support SAML 2.0 | |
| > Federate into AWS org has on prem identity support | |
| Manage IAM user access keys properly: | |
| > Don't embed access keys into code | |
| > Don't upload the AWS credentials file | |
| > Choose user env variables | |
| > Use different access keys for different applications | |
| > Rotate keys periodically | |
| > Remove unused access keys | |
| > Configure MFA |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment