things you have to keep in mind:
1. AWS account is not your IAM account
2. IAM service is global. The AWS service is available for worldwide.
3. root user should not be used for daily tasks and understand when to use the root user.
The AWS root account owns super-power to manage all the AWS service under this account.
Before we start using the AWS services, we have to:
Protect your AWS account - root user (this is not a IAM user! IAM will be explained later...)
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
1. login the AWS management console with your root account. (email and password)
2. click on services and choose IAM.
3. it would show something like the below figure. please focus on Security Status and ensure all 5 are green ticks)
1. delete your root access key or don't create access keys for the root user.
2. activate MFA (multi-factor authentication) - you need to have an app for that.
Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
IOS: https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8
3. Create IAM users. (we will show you how to create your first IAM user later)
4. Use groups to assign permission
5. apply an IAM password policy
Important
We strongly recommend that you do not use the root user for your everyday tasks, even the administrative ones. Instead, adhere to the best practice of using the root user only to create your first IAM user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks. To view the tasks that require you to sign in as the root user, see AWS Tasks That Require Root User. For a tutorial on how to set up an administrator for daily use, see Creating Your First IAM Admin User and Group.
When do we need to use Root User?
link: https://docs.aws.amazon.com/general/latest/gr/aws_tasks-that-require-root.html
留言列表
