Security best practices for AWS account administrators - AWS Sign-In

Security best practices for AWS account administrators

If you’re an account administrator who has created a new AWS account, we recommend the following steps to help your users follow AWS security best practices when they sign in.

  1. Sign in as the root user to Enable multi-factor authentication (MFA) and create an AWS administrative user in IAM Identity Center if you haven't already done so. Then, safeguard your root credentials and don't use them for everyday tasks.

  2. Sign in as the AWS account administrator and set up the following identities:

  3. Add permissions to grant access to those identities. You can get started with AWS managed policies and move towards least-privilege permissions.

  4. Save and share information about How to sign in to AWS. This information varies, depending on the type of identity you created.

  5. Keep your root user email address and primary account contact phone number up to date to ensure that you can receive important account and security-related notifications.

  6. Review Security best practices in IAM to learn about additional identity and access management best practices.