IAM - Password Policy
- Always use Strong Password: Strong password = higher security for your account
- In AWS, You can setup password policy:
- Password length should be minimum
- Required specific character type
- Include uppercase letter
- Include lowercase letter
- Include number
- Include non-alphanumeric character
- You have provision to allow all IAM user to change their own passwords.
- Password Expiration Time: Require users to change their password after some time
- You can prevent password re-use
Note: Password policy is always helpful to prevent outside attacks.
Multi Factor Authentication - MFA
MFA authentication is very useful to protect your IAM Root & IAM Users account which you hold. Because MFA authentication require combination of your IAM Root account / IAM user account + MFA device password.
Best Example, In case you lost your password or MFA device then your account are secure it's not going to compromise by anyone by any chance.
- User have access to your account and can possibly change configuration or delete resources in your AWS account
- You want to protect your Root Account and IAM users
- MFA = password you know + security device you own
- Main Benefit
- If a password is stolen or hacked but your account is not compromised.
Multi Factor Authentication (MFA) device option in AWS
- Virtual MFA device
- Google Authenticator (Phone only) - You can configure in Phone
- Authy (multi-device) Support for multiple tokens on a single device.
2. Universal 2nd Factor (U2F) Security Key
- U2F is a physical device developed by YubiKey by Yubico (3rd Party)
- This device support for multiple root and IAM users using a single security key
3. Hardware Key Fob MFA Device
- Provided by Gemalto (3rd Party)
4. Hardware Jey Fob MFA Device for AWS GovCloud (US)
- Provided by SurePassID (3rd party)
No comments:
Post a Comment