Theres plenty of guides out there that give you 10 steps to securing your AWS account, but securing your account isn’t something that can be done with a 10 step list alone – you need to have a clear plan for your changes. AWS’s own guidance consists of references to some good documentation, but that’s only getting you part of the way there. As a result, the aim of this post (and subsequent posts) is to provide you with clearer guidance to reduce the risk and impact of someone gaining access to your AWS environment. Simply put, we’re trying to enable your AWS accounts to be more secure.
With that said, please do not confuse “more secure” with being “completely secure”. There’s no guarantees with security as no one can predict the future, so you’ll never receive complete assurance that you’re safe from a determined person or group that’s targeting you. The point of implementing AWS account security is to increase the complexity (and time taken) to gain unauthorised access, so that you have time to detect and react to an event. Additionally, we want to try to mitigate damage (if they are in any way successful) and gather any intelligence we can, so we know what to look for in future. What you don’t want to happen, is to be hacked and have someone delete all your data because there was no risk mitigation in place.