Best practices for securing AWS account: Difference between revisions

From PUBLIC-WIKI
Jump to navigation Jump to search
(Created page with "== Changing IAM user password == In-order to avoid potential compromise of credentials, it is recommended to replace every IAM user’s password, every 90 days. * Sign in to t...")
 
No edit summary
Line 12: Line 12:
* If you choose the option to generate a password, choose Show in the New password dialog box. This lets you view the password so you can share it with the user.
* If you choose the option to generate a password, choose Show in the New password dialog box. This lets you view the password so you can share it with the user.
* Log off the AWS Management Console.
* Log off the AWS Management Console.
== Changing IAM user access keys ==
In-order to avoid potential compromise of credentials, it is recommended to replace every IAM user’s access keys, every 90 days.
* While the first access key is still active, create a second access key.
:* Sign in to the AWS Management Console and open the IAM console at
:: https://console.aws.amazon.com/iam/
:* In the navigation pane, choose Users.
:* Choose the name of the intended user, and then choose the Security credentials tab.
:* Choose Create access key and then choose Download .csv file to save the access key ID and secret access key to a .csv file on your computer. Store the file in a secure location. You will not have access to the secret access key again after this closes. After you have downloaded the .csv file, choose Close.
* Update all applications and tools to use the new access key.
* Determine whether the first access key is still in use by reviewing the Last used column for the oldest access key. One approach is to wait several days and then check the old access key for any use before proceeding.
* Choose Make inactive to deactivate the first access key.
* Use only the new access key to confirm that your applications are working.
* After you wait some period of time to ensure that all applications and tools have been updated, you can delete the first access key:
:* Sign in to the AWS Management Console and open the IAM console at
:: https://console.aws.amazon.com/iam/
:* In the navigation pane, choose Users.
:* Choose the name of the intended user, and then choose the Security credentials tab.
:* Locate the access key to delete and choose its X button at the far right of the row. Then choose Delete to confirm.
* Log off the AWS Management console.

Revision as of 16:54, 13 April 2020

Changing IAM user password

In-order to avoid potential compromise of credentials, it is recommended to replace every IAM user’s password, every 90 days.

  • Sign in to the AWS Management Console and open the IAM console at:
https://console.aws.amazon.com/iam/
  • In the navigation pane, choose Users.
  • Choose the name of the user whose password you want to change.
  • Choose the Security credentials tab, and then under Sign-in credentials, choose Manage password next to Console password.
  • Choose whether to have IAM generate a password or create a custom password:
  • To have IAM generate a password, choose Autogenerated password.
  • To create a custom password, choose Custom password, and type the password.
  • To require the user to create a new password when signing in, choose Require password reset. Then choose Apply.
  • If you choose the option to generate a password, choose Show in the New password dialog box. This lets you view the password so you can share it with the user.
  • Log off the AWS Management Console.

Changing IAM user access keys

In-order to avoid potential compromise of credentials, it is recommended to replace every IAM user’s access keys, every 90 days.

  • While the first access key is still active, create a second access key.
  • Sign in to the AWS Management Console and open the IAM console at
https://console.aws.amazon.com/iam/
  • In the navigation pane, choose Users.
  • Choose the name of the intended user, and then choose the Security credentials tab.
  • Choose Create access key and then choose Download .csv file to save the access key ID and secret access key to a .csv file on your computer. Store the file in a secure location. You will not have access to the secret access key again after this closes. After you have downloaded the .csv file, choose Close.
  • Update all applications and tools to use the new access key.
  • Determine whether the first access key is still in use by reviewing the Last used column for the oldest access key. One approach is to wait several days and then check the old access key for any use before proceeding.
  • Choose Make inactive to deactivate the first access key.
  • Use only the new access key to confirm that your applications are working.
  • After you wait some period of time to ensure that all applications and tools have been updated, you can delete the first access key:
  • Sign in to the AWS Management Console and open the IAM console at
https://console.aws.amazon.com/iam/
  • In the navigation pane, choose Users.
  • Choose the name of the intended user, and then choose the Security credentials tab.
  • Locate the access key to delete and choose its X button at the far right of the row. Then choose Delete to confirm.
  • Log off the AWS Management console.