Recommendations for configuring an AWS linked account
Initial account settings
- Login to the Amazon management console: https://<AWS_Account_ID>.signin.aws.amazon.com/console
- Note: Replace AWS Account ID with your actual account ID or DNS name.
- From the upper right pane, click on account name -> choose “My account”:
- Write down the “AWS Account ID” (it will be used in the next sections)
- Make sure the Contact information is up to date
- Under “Alternate Contacts” -> specify contact details for “Billing”, “Operations” and “Security”
- Configure “Security Challenge Questions”
Configuring the IAM policies and IAM administrator account
- Login to the IAM console:
- From the left pane, click on “Account settings” and set the following password policy:
- Minimum password length: 8 characters
- Require at least one uppercase letter (Selected)
- Require at least one lowercase letter (Selected)
- Require at least one number (Selected)
- Allow users to change their own password (Selected)
- Enable password expiration (Selected)
- Password expiration period in days: 90
- Prevent password reuse (Selected)
- Number of passwords to remember: 24
- Click on “Apply password policy”
- From the left pane click on “Users” -> review each and every account member of “admin” / “administrators” group -> click on “Security credentials” tab -> click on the pencil icon near “Assigned MFA device” -> select the MFA device to activate and follow the steps to active the MFA device
- It is strongly recommended that each and every privileged account will be configured with “AWS Management Console access” only – in case privileged account has Access keys, it is strongly recommended to make all keys inactive and create separate accounts for programmatic access