- Only utilise the SSL-secured / HTTPS endpoint for any AWS service and ensure that your client utilities perform proper peer certificate validation. A very small percentage of all authenticated AWS API calls use non-SSL endpoints, and AWS intends to deprecate non-SSL API endpoints in the future.
- Enable and use Multi-Factor Authentication (MFA) for AWS Management Console access.
- Create Identity and Access Management (IAM) accounts that have limited roles and responsibilities, restricting access to only those resources specifically needed by those accounts. Limit API access and interaction further by source IP, utilizing IAM source IP policy restrictions.
- Regularly rotate AWS credentials, including Secret Keys, X.509 certificates, and Keypairs. When utilising the AWS Management Console, minimize or avoid interaction with other websites and follow safe Internet browsing practices, much as you should for banking or similarly important / critical online activities.
- AWS customers should also give consideration to utilising API access mechanisms other than SOAP, such as REST / Query.
View Security News Archive