top of page

SEC 5. How are you limiting automated access to AWS resources? (e.g., applications, scripts, and/or third-party tool or service)


Systematic access should be defined in similar ways as user groups are for created for people. For Amazon EC2 instances, these groups are called IAM roles for EC2. The current best practice is to use IAM roles for EC2 and an AWS SDK or CLI, which has built-in support for retrieving the IAM roles for EC2 credentials. Traditionally, user credentials are injected into EC2 instances, but hard-coding the credential into scripts and source code is actively discouraged.


Best practices:
ï‚· IAM roles for Amazon EC2
ï‚· IAM user credential is used, but not hardcoded into scripts and applications
ï‚· SAML integration
ï‚· AWS Security Token Service (STS)
ï‚· OS-specific controls are used for EC2 instances
ï‚· AWS Marketplace solution is being used

© 2023 by Name of Site. Proudly created with Wix.com

  • Facebook App Icon
  • Twitter App Icon
  • Google+ App Icon
bottom of page