Review the items to consider when preparing for an IT audit. Learn how to manage root credentials, Identity and Access Management (IAM) policies, IAM groups, IAM users, IAM roles, security controls in other services, external authentication stores for federated users, and CloudTrail logs.
- Maintaining the security of your AWS account…is crucial to effective, sustainable operations…in AWS.…So is maintaining security within your account.…Let's explore tasks you will want to keep in mind…as you audit your use of AWS.…The first thing you will want to do is review the status…of your root account credentials.…Verify that you have organizationally separated knowledge…of the root account password from the…Multi-Factor Authentication device used to access…the AWS console.…
In addition, verify that the root account access keys…for use with AWS APIs have been disabled.…With IAM being widely available across AWS service offerings…the need for programmatic root account activities…should be very rare.…Root account access to the web console can be…devastating in the wrong hands.…In 2014, a company was forced to shut down its operations…due to compromised access to its AWS console.…You'll want to have a comprehensive understanding of the…IAM policies being used in our account.…
Confirm that IAM policies conform to the…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Configuring IAM users, groups, and policies
- Granting temporary access
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor