AWS Series — IAM-Securing Root Account
IAM — Identity Access Management
It allows you to manage users and their level of access to the AWS console.
- Create users and grant permissions to those users
- Create groups and roles
- Control access to AWS resources
It is very important to understand this IAM as this is related to security.
What is Root Account?
The root account is the email address you use to sign up for AWS. The root account has full administrative access to AWS. For this reason, it is important to secure this account
To go into IAM, just search in the search bar for IAM after logging into the AWS console. or you can go to the Security Identity & Compliance > IAM
We use us-east-1 which is the primary region and has more usage.
By default it shows we have to add MFA which is Multi-factor Authentication to the root user which is the recommended security best practice.
We can also click on the user name and Security Credentials will also take to the page where we can add MFA
Click on Assign MFA
we can use Any one of the authentication methods which you are comfortable with. Here I have chosen the Phone but most used is the Google Authenticator.
I can download the app and click on show QR code which will give me QR code to be scanned by the app and which gives me 2 codes to be entered
MFA is successfully assigned to the device.
Finally, for securing the AWS root account
- We have to enable multi-factor authentication on the root account.
- We create an admin group for your administrators, and assign the appropriate permissions to this group.
- We create user accounts for your administrators
- We can add the users to the admin group.
AWS Identity and Access Management (IAM) is a service that allows AWS customers to manage user access and permissions for their accounts, as well as available APIs/services within AWS. IAM can manage users and security credentials (such as API access keys), and allow users to access AWS resources. In this lab, we will walk through the foundations of IAM. We’ll focus on user and group management, as well as how to assign access to specific resources using IAM-managed policies. We’ll learn how to find the login URL, where AWS users can log in to their account, and explore this from a real-world use case perspective.
