The principle of least privilege

AWS Security and Cost Management Concepts

Dev Bhosale

Principal Data & Cloud Architect

What is the principle of least privilege?

  • Separate access to employees by department and capabilities
  • Grant the narrowest set of privileges
  • Do not grant more privileges than necessary to perform job responsibilities

The principle of least privilege

AWS Security and Cost Management Concepts

Balancing the goal

Balancing the goal

AWS Security and Cost Management Concepts

Strategies for least privilege

Five step implementation plan

AWS Security and Cost Management Concepts

Account security framework

  • Root user security is critical
  • grant least necessary privileges to users, groups, and computing resources
  • Develop a process for credential sharing

Account security framework

AWS Security and Cost Management Concepts

Root user security

Root user security

  • Use a strong root user password
  • Use multi-factor authentication
  • Don't create access keys
  • Use multi-person approval and group email
AWS Security and Cost Management Concepts

User and group security

  • Enable MFA for all IAM users
  • Use groups to assign permissions, not individuals
  • Apply the principle of least privilege to all accounts
  • Regularly rotate passwords and access keys
AWS Security and Cost Management Concepts

Resource security

  • Improve visibility and control
  • Maintain instance compliance against your patch, configuration, and custom policies
  • Automate configuration and ongoing management of your applications

Systems manager

AWS Security and Cost Management Concepts

Credential security

Secrets manager

  • Manage database credentials securely
  • Rotate secrets automatically
  • Encrypt API keys
  • Integrate with AWS services
AWS Security and Cost Management Concepts

Let's practice!

AWS Security and Cost Management Concepts

Preparing Video For Download...