- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hi,
You can create an IAM user with Administrator privileges. When you create an IAM User and assign the 'AdministratorAccess' policy, that user gets access to all resources within your AWS account. So when you login using the credentials associated with the Admin user, you will still be able to view and interact with the resources created by the root user.
You can further manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. You can choose to create custom IAM policies for your users/groups if there are only a subset of permissions you'd like them to have or attach existing policies to IAM identities (example- attaching AWSLambda_FullAccess to an identity grants them full access to AWS Lambda service, AWS Lambda console features, and other related AWS services.
AWS strongly recommends that you use the root user only for two things:
Create the first administrator user in AWS Identity and Access Management (IAM) - Reference Link
Perform those tasks that can be performed by only the root user - Reference Link
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
Here are some other areas to know about as you mentioned you have recently started with AWS - https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/
This is a straight forward solution.
Am I accepting a level of risk in leaving the services originally created under the root user as is? If I am intent on removing that risk, what would be my options then?
In case you were using access keys (access key ID plus secret access key) to make programmatic requests to AWS for resources created then make sure that you don't embed access keys directly into code. And you should rotate your access keys periodically and remove unused keys whenever applicable. Also configure MFA for most sensitive operations.