How to Implement Top 10 AWS Security Best Practices

In this recorded session from AWS Pop-up Loft in San Francisco, John Martinez highlights the top 10 security best practices and actionable steps that you can implement right away to help ensure your success on AWS:

  1. Disable root API access key and secret key
  2. Enable MFA tokens everywhere
  3. Reduce number of IAM users with Admin rights
  4. Use Roles for EC2
  5. Least privilege: limit what IAM entities can do with strong/explicit policies
  6. Rotate all the keys regularly
  7. Use IAM roles with STS AssumeRole where possible
  8. Use AutoScaling to dampen DDoS effects
  9. Do not allow in any EC2/ELB security group unless you mean it
  10. Watch world-readable/listable S3 bucket policies

Promo Zone