The Awesome Framework - Commutatus’ definition of awesome
The Awesome Framework - Commutatus’ definition of awesome
AWS-IAM Management
🌐

AWS-IAM Management

Created
Apr 8, 2022 8:17 AM
Department
Engineering
Category
Security
Technology
AWS
Tags
Date
URL

AWS Accounts are very sensitive and hence IAM accounts must be created for different parts of the application with specific naming conventions.

We follow prefixes in the name of the IAM users to identify the type of IAM accounts they are

  1. Developer - dev_
  2. Deployment - deployment_
  3. Application - application_

Developers

  1. Never use the root account, but create an IAM account with just the amount of permissions that are required for you to use the platform.
  2. Your secret keys must only be used on your local system and must be organized using the standards defined in AWS credential management.
  3. Never use your keys in an application or share them with another developer.
  4. Examples of naming convention - dev_mani, dev_mkv, dev_aditya_tiwari
  5. All developer IAM accounts must have 2FA enforced.

Deployment

  1. IAM accounts starting with deployment_are used by CI/CD platforms such as Github Actions, Travis, or Cloud66.
  2. These IAM accounts must not have console access and their permissions must be granular. An example of Cloud66’s requirements can be found here.
  3. Examples of naming convention - deployment_cloud66, deployment_gh_actions, deployment_travis

Application

  1. IAM accounts starting with application_ are keys that are for the application.
  2. Each environment of the application must have a different IAM account.
  3. These IAM accounts must not have console access.
  4. Examples of naming conventions - application_development, application_staging, application_production