In the last post for AWS we began to secure the root user account. We have already deleted the root access keys and activated MFA on our root account. In this post we will look at the final three items listed on the IAM Dashboard Security Status list.

We will start by clicking the down arrow next to Create individual IAM users and then click Manage Users

We will redirected to the Users screen and will click the Add user button.

Enter the following details in the Add user screen:

• Username: labuser
• Access Type: Check the Programmatic access and AWS Management Console access boxes
• Console password: Enter a random password that will be easy for you to remember
• Require password reset: Uncheck this box

Click the Next: Permissions button on the bottom right side of your screen. Our next step will be to configure the labuser account permissions.

• Click the Create group button

• Enter admin as the Group name
• Check the box next to the AdministratorAccess policy
• Click the Create group button

• Click the Next: Tags button

• Click the Next: Review button

Review the settings we have configured and then click the Create User button.

You will see a green box with a check mark if the labuser is created successfully. Click the Download.csv button to download the user account’s Access Key ID and Secret Access Key. We will discuss these with more detail in another post and also use them when we configure the AWS Command Line Interface in another post.

Click the Close button at the right hand corner of your screen. You will see the labuser listed in the list of IAM users.

Click on the Dashboard link to return to the IAM Dashboard. The third and fourth lines in the Security Status list will now have green checkmarks.

We will finish this post by completing the final line item. Click the down arrow next to Apply an IAM password policy and then click Manage Password Policy

Press the Set password policy button.

A best practice recommendation from AWS is to set the following values:

• Minimum password length: 15
• Require at least one letter from Latin alphabet (A-Z)
• Require at least one lowercase letter from Latin alphabet (a-z)
• Require at least one number
• Require at least one non-alphanumeric character (!@#$%^&*()_+-=[]{}|’)
• Enable password expiration: 90 days
• Allow users to change their own password
• Prevent password reuse: 5

Please set the above listed values. Click the Save changes button to finish setting the password policy.

You will see a green box with a checkmark and message stating that the password policy has been updated. Below this will be a list of the settings for the AWS account.

Click the Dashboard link to return to your IAM Dashboard. There will be a green checkmark by each of the items in the Security Status list if you have completed all of the steps in these two posts.

We have now completed each of the tasks to secure our Root user account. It is recommended that you login into the labuser account to complete the exercises in future posts.

We recommend AWS: The Complete Beginner’s Guide to Mastering Amazon Web Services by Stephen Baron (https://amzn.to/2Lz5eBF) as a supplemental resource for this blog series. You do not need to purchase this book in order to “credit” our account. Any purchases that you search or make from anywhere in Amazon after clicking on the provided link, will credit this blog and support the continued growth of the library. We are truly grateful for each of our readers and appreciative of those who will help us. There is no cost to you for using our links and they provide an easy way for you to support us.