To maintain proper security and access to your AWS environment, it is important that we follow some basic security guidelines.  The following list is not all encompassing.

1.  Never user the root account except for setting up your AWS environment and creating initial IAM Administrators.

2.  Never create share accounts which are used by more than one user.

3.  Avoid assigning permissions to users directly and grant permissions via groups.

4.  Create groups for users and place each user in one or more groups.

5.  Ensure that you create a strong password policy which meets your organizational requirements.

6.  Ensure that you use roles to grant permissions to AWS Services.

7.  Ensure MFA is enabled for all users.

8.  Use only Access Keys for CLI/SDK connections.

9.  Audit unused permissions through IAM Access reports and IAM Credential reports and remove permissions not utilized.

10.  Do not share Access Keys or IAM User credentials.