The principle of least privilege

Concetti di sicurezza e gestione dei costi su AWS

Dev Bhosale

Principal Data & Cloud Architect

What is the principle of least privilege?

• Separate access to employees by department and capabilities
• Grant the narrowest set of privileges
• Do not grant more privileges than necessary to perform job responsibilities

Balancing the goal

Strategies for least privilege

Account security framework

• Root user security is critical
• grant least necessary privileges to users, groups, and computing resources
• Develop a process for credential sharing

Root user security

• Use a strong root user password
• Use multi-factor authentication
• Don't create access keys
• Use multi-person approval and group email

User and group security

• Enable MFA for all IAM users
• Use groups to assign permissions, not individuals
• Apply the principle of least privilege to all accounts
• Regularly rotate passwords and access keys

Resource security

• Improve visibility and control
• Maintain instance compliance against your patch, configuration, and custom policies
• Automate configuration and ongoing management of your applications

Credential security

• Manage database credentials securely
• Rotate secrets automatically
• Encrypt API keys
• Integrate with AWS services

Let's practice!

Concetti di sicurezza e gestione dei costi su AWS