Unwrapping a new AWS account, a checklist
Here’s a checklist of what I do when I unwrap a new AWS account.
I’m hoping to get some feedback on what else is being done out there.
I might create separate AWS accounts for these reasons:
– New Client (yay!)
– New Project
– New Environment
We begin cleaning up as root, right after registration is completed.
– User Setting: Password should be >= 32 char, max-miX3d! (generate programmatically, never re-use)
– User Setting: Enable MFA
– Account Setting: Enable IAM Billing Support (AWS Security Blog: “Don’t Forget to Enable Access to the Billing Console!“)
– IAM > Roles: Create role(s) for Vanilya’s admin(s) to use through role switching
– IAM > Account Settings: Disable unneccessary Security Token Service Regions
– IAM > Account Settings: Set password policy
– IAM > Dashboard > Give account a nickname for use in signin URL and other features.
– Root > Account Settings > Delete Access Keys. (added 12/08/2016)
Switch to an admin user, depending on account either local or through Role.
This switch has the added benefit of immediately testing if you got 4-7 correct.
– VPC > Delete “default” VPC
– CloudTrail > Enable
– Config > Enable
That’s all that comes to mind for now, happy cleaning!
What do you do first in a new account?