Congratulations, If you have signed up for the AWS cloud.
You will be seeing a plethora of services. Along with your utilization, here are few things that should be done after signup for aws cloud services, some of them are must do to keep the AWS account maintained, however, you can do these things at any stage or any point in time. So if you already have an account, just validate.
- Add MFA for the root user. [MUST DO]
- Add another IAM user and assign Administrator access to that user. use that user to do rest of the task. [MUST DO][https://docs.aws.amazon.com/polly/latest/dg/setting-up.html]
- search IAM service
- Click on users > add a user
- add username, console access to login, set password
- “Attach existing policy directly” and select Administrator Access
- The administrator access can not see the billing, that permission should be given separately. [https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_billing.html]
- Make sure, Root user has no active access keys. If there is any access key associated with the root account make than inactive. Use IAM user for the same. [MUST DO]
- Add account Alias [SHOULD DO].
- On IAM dashboard , in the right side , you can set up alias name for your AWS account so that you do not need to remember the account id while login as IAM.
5. Create a trail IN AWS Cloudtrail service to log the events for your account. By default, aws provide 90 days event period, but you can create trail and put the logs on S3 to keep that for a longer period. This is an auditable logs system for all activities in aws account. [SHOULD DO][https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html]
6. Make a Budget and Budget Alarm for your account expense. This can make you to take pro-active action in case budget threshold cross. [https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/budgets-create.html]