AWS re:Invent is the annual AWS conference held in Las Vegas, which this year celebrates its 10th anniversary. re:Invent is back as an in person event for 2021, after the 2020 event ran online only due to Covid 19. I was unable to attend the event in person this year, but I live streamed the […] View PostWhy Should you Care About Amazon Keyspaces (Managed Apache Cassandra Service)?**Updated 24th April 2020 when Amazon Managed Apache Cassandra Service went GA as Amazon Keyspaces** Last week at re:Invent 2019, AWS CEO Andy Jassy announced the launch of the preview for the new Amazon Managed Apache Cassandra service (launched in GA as Amazon Keyspaces). But what exactly is it, and why should you care? Apache Cassandra […] The AWS Account Root User is the first identity created with the AWS Account and has the highest level of privileges. The Root User account has unrestricted access to all AWS services and resources and is used for account and service management tasks, to create a new account for administrative, and other tasks. We recommend you minimize the use of the Root User account by adopting the Principle of Least Privilege for access management. This reduces the risk of accidental changes and unintended disclosure of highly privileged credentials. Fix - Runtime Procedure Replace usage of the AWS root with IAM users with minimal set of permissions necessary to access and manage just the required AWS resources and services. For example, you can add an MFA enabled user that can perform a limited set of privileged activities. Consider also using the IAM Administrator Managed Policy. Fix - Buildtime Consider using AirIAM, an open source project that enables creating least privilege IAM manifests that replace existing over-permissive IAM settings. As we all know it is AWS best practice to not use the root user. However, there are certain Tasks which requires root credentials. But why? The root user gives full access to all your resources for all AWS services, including your billing information. Moreover there is no way to reduce the permissions associated with your AWS account root user access key. Additionally it is required from compliance perspective to enable multi-factor with a Hardware MFA device for root. So please remember:
🚨 If you do have an access key for your AWS root user, delete the access key.
🚨 Enable MFA for root user with a Hardware MFA device and lock it in a safe.
🚨 Create an IAM user for yourself that has administrative permissions and use the root user just for the following tasks. 1. Change your account settings (account name, root user password, email address and enable MFA)How to change your Account Name, Root User Password, and Root User Email Address - Sign in to your AWS Account with root credentials.
- Open the Billing and Cost Management console.
- On the navigation bar, choose your Account and then then choose My Account.
- On the Account Settings page, choose Edit.
- Next to the field to update, choose Edit.
- Enter your changes and choose Save changes.
- Choose Done.
How to enable MFA for root user - Sign in to your AWS Account with root credentials.
- Open the Billing and Cost Management console.
- On the navigation bar, choose your Account and then then choose My Security Credentials.
- Expand Multi-factor authentication (MFA)
- Click Activate MFA
- Follow the instructions in the Activate MFA box.
2. Change your AWS support planHow to change your AWS support plan - Sign in to your AWS Account with root credentials.
- Open the Billing and Cost Management console.
- On the navigation bar, choose your Account and then then choose My Account.
- Scroll to the Manage AWS Support Plans section.
- Click on the Click here to manage AWS Support plans button.
- Choose your new AWS Support Plan and click Change Plan.
3. Closing an AWS Account.How to close your AWS Account - Sign in to your AWS Account with root credentials.
- Open the Billing and Cost Management console.
- On the navigation bar, choose your Account and then then choose My Account.
- Scroll to the end of the page to the Close Account section.
- Select the check box to accept the terms and then choose Close Account.
- In the confirmation box, choose Close Account.
4. Submit a Reverse DNS for Amazon EC2 request.
How to submit a Reverse DNS for Amazon EC2 request. 5. Request removal of the port 25 email throttle on your EC2 instance.How to request removal of the port 25 email throttle on your EC2 instance 6. Configure an Amazon S3 bucket to enable MFA (multi-factor authentication) Delete.How to enable MFA delete for an S3 bucket Unfortunately it is currently not supported to enable MFA delete via Console. You need to use the following command to enable MFA delete for a bucket:
Which of the following is an AWS best practice for using the AWS account root user credentials?
Enable MFA on the AWS account root user
We recommend that you follow the security best practice to enable multi-factor authentication (MFA) for your account. Because your root user can perform sensitive operations in your account, adding an additional layer of authentication helps you to better secure your account.
Which term applies to a person or application that uses the AWS account root user?
Principals. A person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS. Principals include federated users and assumed roles.
Which of the following should be done by the account root user?
Which of the following should be done by the AWS account root user. Changing the AWS support plan can only be done by the AWS account root user.
There are specific tasks that are restricted to the AWS account root user. For example, only the root user can close your account. If you must perform a task that requires the root user, sign in to the AWS Management Console with the email address and password of the root user.
| 
