How to Secure an AWS Account

In the previous chapters, we gained a detailed insight into how the IAM service works and its various aspects. This is the basis of all security inside AWS as this service controls who can access the account and what is allowed. As of the shared responsibility model, configuring IAM properly is our responsibility, and any shortcomings in the policies make the account less secure.

Security in an AWS account

Unfortunately, security is not a solved problem, and there is no single best way to configure access. There are best practices as there is no fail-safe process that guarantees that a system won’t be hacked. As shown by the constant stream of breaches from large tech companies, even money can’t solve this problem properly.

Securing an account, therefore, is not about reaching an imaginary “absolutely secure” state but making sure that hacking it is as hard as economically possible, considering the cost of implementing the defenses. The so-called Pareto principle (also known as the 80-20 rule) applies here. It states that most of the results come from a few actions, but also as we near perfection the efforts get disproportionately hard. Aim for the low-hanging fruits first.

Next, we will study some practical tips to secure an AWS account.