IAM Best Practices

Don’t use the root account except for AWS account setup

One physical user = One AWS user

Assign users to groups and assign permissions to groups

Create a strong password policy

Use and enforce the use of Multi Factor Authentication (MFA)

Create and use Roles for giving permissions to AWS services instead of setting Access Keys in env

Use Access Keys for Programmatic Access (CLI / SDK)

Audit permissions of your account using IAM Credentials Report & IAM Access Advisor

Never share IAM users & Access Keys