🔷

IAM Guidelines & Best Practices

Avoid using the root account except for initial account setup or emergency tasks.

Maintain a one-to-one mapping between real people and IAM users; never share credentials.

Organize users into groups and assign permissions to groups instead of individual users.

Enforce a strong password policy to enhance account security.

Require and enforce Multi-Factor Authentication (MFA) for all privileged accounts.

Use IAM Roles to grant permissions to AWS services or between accounts instead of sharing long-term credentials.

Use Access Keys only for programmatic access via CLI or SDK, and rotate them regularly.

Audit account permissions regularly using IAM Credentials Report and Access Advisor.

Never share IAM user credentials or access keys with others.