Videos

How to Implement Top 10 AWS Security Best Practices

In this recorded session from AWS Pop-up Loft in San Francisco, John Martinez highlights the top 10 security best practices and actionable steps that you can implement right away to help ensure your success on AWS:

  1. Disable root API access key and secret key
  2. Enable MFA tokens everywhere
  3. Reduce number of IAM users with Admin rights
  4. Use Roles for EC2
  5. Least privilege: limit what IAM entities can do with strong/explicit policies
  6. Rotate all the keys regularly
  7. Use IAM roles with STS AssumeRole where possible
  8. Use AutoScaling to dampen DDoS effects
  9. Do not allow 0.0.0.0/0 in any EC2/ELB security group unless you mean it
  10. Watch world-readable/listable S3 bucket policies

Promo Zone