Unwrapping a new AWS account, a checklist
Here’s a checklist of what I do when I unwrap a new AWS account.
I’m hoping to get some feedback on what else is being done out there.
I might create separate AWS accounts for these reasons:
– New Client (yay!)
– New Project
– New Environment
We begin cleaning up as root, right after registration is completed.
1) User Setting: Password should be >= 32 char, max-miX3d! (generate programmatically, never re-use)
2) User Setting: Enable MFA
3) Account Setting: Enable IAM Billing Support (AWS Security Blog: “Don’t Forget to Enable Access to the Billing Console!“)
4) Account Setting: Enable AWS Support [optional]
5) IAM > Roles: Create role(s) for Vanilya’s admin(s) to use through role switching
6) IAM > Groups: Create group for local-to-account Vanilya admins [edit: usually skip]
7) IAM > Users: Create users for local-to-account Vanilya admins (download & securely store as: name.lastname.account.aws.yyyy.mm.dd.csv) [edit: usually skip]
8) IAM > Users: Add users to Group created on step #4
9) IAM > Account Settings: Disable unneccessary Security Token Service Regions
10) IAM > Account Settings: Set password policy
11) IAM > Dashboard > Give account a nickname for use in signin URL and other features.
Switch to an admin user, depending on account either local or through Role.
This switch has the added benefit of immediately testing if you got 4-7 correct.
12) VPC > Delete “default” VPC
13) CloudTrail > Enable
14) Config > Enable
That’s all that comes to mind for now, happy cleaning!
What do you do first in a new account?