AWS Security Checklist
This checklist provides customer recommendations that align with the
Well – Architectured Framework Security Pillar.
1
3. Use multiple AWS accounts to separate workloads
and workload stages such as production and non-
production.
Multiple AWS accounts allow you to separate data and resources, and
enable the use of Service Control Policies to implement guardrails.
AWS Control Tower can help you easily set up and govern a multi-
account AWS environment.
4. Store and use secrets securely.
Where you cannot use temporary credentials, like tokens from AWS
Security Token Service, store your secrets like database passwords
using AWS Secrets Manager which handles encryption, rotation, and
access control.
Identity & Access Management
1. Secure your AWS account.
Use AWS Organizations to manage your accounts, use the root user
by exception with multi-factor authentication (MFA) enabled, and
configure account contacts.
2. Rely on centralized identity provider.
Centralize identities using either AWS Single Sign-On or a third-
party provider to avoid routinely creating IAM users or using long-
term access keys—this approach makes it easier to manage multiple
AWS accounts and federated applications. authentication (MFA)
enabled, and configure account contacts.
1
