I have been using the platform as a service for a long time, since 2019, when I built my own Django server on DigitalOcean for both dimasmukhlas.com and notafra.id.
And now I want to play the real game, which is using AWS. But I want to do it properly. In Digital Ocean, I feel that I can directly jump into the development of my server. And well, it costs a lot for 6 years of use. But the knowledge in terms of the server is not that much.
I have been using the APACHE server since 2002, when I was working in the University, and it was really fun to set up your own virtual machine.
I AM best practices
- Don't use the root account except for AWS account setup
- One physical user = One AWS user
- Assigns users to group and assign permission to groups
- Create a strong password policy
- Use and eforce the use of Multi Factor Authentication (MFA)
- Create and use Roles for giving permission to AWS services
- Use Access Keys for Programmatic Access (CLI / SDK)
- Audit permissions of your account using IAM credential report and IAM Access Advisor
- Never share IAM users and access keys
Ok, so, what I learn related to IAM policy in AWS
- Users: mapped to a physical user, has a password for the AWS Console
- Groups: contains users only
- Policies: JSON document that outlines permissions for users or groups
- Roles: foe EC2 instances or AWS services
- Security: MFA + Pawword policy
- AWS CLI: manage your AWS services using the command line
- AWS SDK: manage your AWS services using a programming language
- Access Keys: access AWS using the CLI or SDK
- Audit: IAM credential Reports & IAM Access Advisor
0 Comments