Best Practices for Amazon Web Services

Best Practices for Amazon Web Services

Amazon Web Services is a business solution for cloud-based storage. Information that is both in transit and at rest needs to be protected from attackers and bad actors. Amazon Web Services is a global solution to the issue of cloud security. AWS offers analytics, web services, application devleopment, and more depending on the packages you purchase for your organisational needs.

AWS operates on a shared responsibility model which means that users and Amazon alike take on partial responsibility for operating in a safe and secure manner when creating and using AWS. This is known as the shared responsibility model. AWS takes responsibility for the integrity of all of it’s services on offer, and the customer must configure the appropriate security settings required for each service they use.

As a customer you have a responsibility to protect your data. AWS cannot account for what exactly you will use the services for. It’s important to ensure that you are following best practice protocols when it comes to using Amazon Web Services.

The effects of a cyber attack can be devastating, resulting in total organisational shut-downs. Below are some of the best practices practices that can be employed to protect your organisation.

Best Practices for Using Amazon Web Services

Identity access management is one of the first lines of defence when it comes to ensuring that one compromised employee account does not result in all accounts becoming compromised.

When creating new user accounts use minimal provisions traced back to a role or group to ensure users don’t have any more privileges than they need.

All accounts should implement multi-factor authentication to minimise the risk of compromised accounts.

Create and enforce data loss prevention policies A DLP can help to identify weak points in your cloud-based applications and further security.

Check on your CloudTrail security settings – attackers disable CloudTrail before they do anything else. Ensure that you have CloudTrail enabled across all geographic locations to minimise loss of log files for post-incident forensics.

Rarely, if ever, use the AWS root account your root account is too important to use in your everyday business dealings. Ensure you have created IAM accounts with restricted privileges for everyday use for yourself and employees.

According to Forrester, 80% of data breaches occur because of privileged access credentials. When administrative accounts are compromised they can cause huge problems. Always restrict privileges to the lowest access necessary for users to complete their tasks.


Cogito Group is an award-winning cybersecurity company specialising in authentication, cloud security, identity management and data protection. Cogito Group protect the authentication methods used to access information through the use of Identity and other security technologies.