SEC 8. How are you enforcing AWS service level protection?
Another best practice is to control access to resources. AWS Identity and Access Management (IAM) allows various resource level controls to be defined (e.g., use of encryption, time of day, source IP, etc.) and various services allow additional techniques to be used (e.g., Amazon S3 bucket policies, etc.). Additionally, customers can use various techniques within their Amazon EC2 instances.
Best practices:
ï‚· Credentials configured with the least privilege.
ï‚· Separation of duties.
ï‚· Periodic auditing of permissions.
ï‚· Resource requirements are defined for sensitive API calls, such as requiring MFA authentication and encryption.
ï‚· Service-specific requirements are defined and used.
ï‚· AWS Marketplace solution is being used.