Setting Up Basic First Time Security Tasks in IAM Dashboard

Problem: 

After you create your account in AWS, you will need to do some basic security steps to secure your account. 

Solution Summary: 

After you create a new account, you need to do some basic security steps such as: activate MFA, create IAM User and group, create password policy. 

Prerequisites: 

It would be good to read at least first three notes from the book getting-started-aws-part-2-security-basics-iam.

 

Solution: 

After loggin in for the first time, you have to to go to the IAM page and you need to complete all items under security status:

Task 1 should be already completed by now.

 

Task 2 - Activate Multi Factor Authentication (MFA) on your root account

To activate a virtual MFA device, you must first install an AWS MFA-compatible application on the user's smartphone, PC, or other device. For Android phones, you can install Google Authenticator along with Barcode Scanner.

Steps:

  1. Click ‘Activate MFA on your root account’

  2. Click ‘Manage MFA’

  3. Select ‘A Virtual MFA Device’

  4. Click Next on the message for installing MFA-compatible application, if you have installed Google Authenticator along with Barcode Scanner.

  5. Scan the barcode shown in screen using Google Authenticator. Enter two consecutive codes.

  6. The MFA device was successfully associated.

 

Task 3 - Create individual IAM users

Create IAM users and restrict them only the permissions they need. The root account provides unrestricted access to your AWS resources.

Steps:

  1. Click on ‘Manage Users’

  2. Click on ‘Add User’

  3. Enter Username and Access Type (Programmatic access and/or AWS Management Console access). Programmatic access enables an access key ID and secret access key for the AWS API, CLI, SDK, and other development tools. Select both options for Access Type and leave other options as is.

  4. Leave all options as is on further screens, clicking next until the end.

  5. You will see the success message asking to download to credential csv.

  6. Download credentials.csv.You can also email instructions.

Success message has below text:

You successfully created the users shown below. You can view and download user security credentials. You can also email users instructions for signing in to the AWS Management Console. This is the last time these credentials will be available to download. However, you can create new credentials at any time.

Users with AWS Management Console access can sign-in at: https://<>.signin.aws.amazon.com/console.

Now you can go back to IAM dashboard by clicking on dashboard on the sidebar and refresh page to see the updated page.

 

Login With Custom URL

  1. Customize your user signin link (available in the main page) by clicking on the customize link alongside it.

  2. Logout and login with a user created in previous step using the customized login link.

Note: This is not a checklist requirement that needs to be completed, but good to do always.

 

Task 4 - Use groups to assign permissions

  1. Click on ‘Manage Groups’

  2. Click on ‘Create New Group’

  3. Give a group name (e.g. development)

  4. Select one or more policies to attach (e.g. IAMUserChangePassword).

  5. Review the information, then click Create Group.

Now you can go back to IAM dashboard by clicking on dashboard on the sidebar and refresh page to see the updated page.

 

Task 5 - Apply an IAM password policy

  1. Go to ‘Account Settings’ page from left sidebar.

  2. Select appropriate options for Password Policy.

  3. Click on ‘Apply Password Policy’

 

Final Security Status

Now you can go back to IAM dashboard by clicking on dashboard on the sidebar and refresh page to see the updated page. You should now see all Security Status Items as green.

Comments

lijovklm's picture

Completed

Contact

We learn together, do innovations and then document them at cloudericks.com.

Offline Contact
We connect physically only in Bengaluru currently, but most of our activities happen online. Please follow us here or in social media for more details.
WhatsApp (Primary): (+91) 7411174113
Phone (Escalations): (+91) 7411174114

Business newsletter

Complete the form below, and we'll send you an e-mail every now and again with all the latest news.

About us

Team Cloudericks is a community started by Heartin Kanikathottu to learn about and master cloud computing. Our current focus is on Amazon Web Servivces.

Cloudericks.com aims to document what we learn. We believe that knowledge is useless unless you share it; the more you share, the more you learn.

Recent comments

Photo Stream

,
,