In this video, you will review the items to consider when preparing for an IT audit. This includes a review of how you are managing root credentials, Identity and Access Management (IAM) policies, IAM groups, IAM users, IAM roles, security controls in other services, external authentication stores for federated users, and CloudTrail logs.
- [Voiceover] Maintaining the security of your AWS account…is crucial to effective,…sustainable operations in AWS.…So is maintaining security within your account.…Let's explore tasks you will want to keep in mind,…as you audit your use of AWS.…The first thing you will want to do…is review the status of your root account credentials.…Verify that you have organizationally separated…knowledge of the root account password…from the Multi-Factor Authentication device…you used to access the AWS console.…
In addition, verify that the root account access keys…for use with AWS APIs have been disabled.…With IAM being widely available…across AWS service offerings,…the need from programmatic root account activities…should be very rare.…Root account access to the web console…can be devastating in the wrong hands.…In 2014, a company was forced to shut down it's operations,…due to compromised access to its AWS console.…You'll want to have a comprehensive understanding…of the IAM policies being used in your account.…
Confirm that IAM policies conform…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor