Security issues have always been a challenge to cloud adoption. That’s why vendors such as Amazon go to great lengths in educating cloud consumers on security best-practices.
However, despite all the information made available by AWS on cloud security, sometimes the basics are overlooked with quite unpleasant results.
Let’s take a quick look at one AWS best-practice that if properly applied, ensures more secure cloud computing as well as smooth management and operations.
AWS Account Credentials and IAM
When signing up with AWS, customers receive their account credentials – the keys to their cloud kingdom – with which they can control every aspect of their deployment. These master account credentials are good for getting started, but provide too much access for employees who only need to interface with limited areas of the cloud.
To facilitate secure and easy access for multiple users – each with their own permission level – AWS provides limited access credentials, known as Identity and Access Management or IAM. With IAM, IT managers can configure the permissions and access levels for each and every user, thereby ensuring that everyone can get their work done without posing a risk to the larger cloud environment.
To limit security risks as well as human error, Amazon strongly encourages their customers to minimize use of their AWS Account credentials and instead use the more limited IAM user credentials for all general cloud interactions.
Not only does using IAM help eliminate any wide-reaching accidental or rogue activity by users, it also helps detect more serious security breaches. Following AWS best-practices, some 3rd party service providers, like Cloudyn, use only IAM credentials for all their clients, when accessing AWS.
Of course, the IAM credentials should be as restrictive as possible while still allowing the user to perform any necessary tasks. For example, if a cloud broker (or employee) needs to launch instances, then the credentials should allow for that, but not more. If cloud monitoring and analysis is being provided, the credentials should be read-only and no more.
Simplified IAM Generation
Amazon has also created a simple way to generate IAM credentials: Cloud Formation templates. Using these templates you can easily specify the required level of credentials and generate them with virtually one-click.
Cloudyn will soon be incorporating this “one-click” feature into our account set-up process. This will make it much easier for our users to generate the correct read-only credentials necessary for monitoring their cloud consumption and cost.
To discover how you can securely optimize your cloud consumption – get started with our FREE 30-day trial now!