In his article “Easy IAM Security Best Practices for a Secure AWS Cloud,” Anderson Patricio provides an excellent resource that explains several tasks that will bolster IAM security in AWS:
- Removing the root access key
- Using users and groups
- Defining a password policy
- Managing multifactor authentication
- Checking IAM user utilization
These are fantastic best practices, but when a company is running at scale in public cloud with tens if not hundreds of accounts in AWS to try to implement and maintain IAM best practices manually is incredibly hard.
DivvyCloud understands this pain, and our solution provides customers with an accessible way to understand your IAM security posture across all your AWS accounts. In addition, we provide an easy-to-use automation platform that allows you to use our GUI to configure one or more IAM security best practice policies to detect violations and to automatically take actions that you define in the case of said violation. With DivvyCloud you can automate and enforce all of the best practices documented by Anderson, For example, you can detect and take action on the following checks:
- Audit if root keys exist
- Identify that users and groups exist and that users are not getting direct permissions
- Compliance with company password policy
- Users who do not have MFA enabled
- Validate IAM user utilization and disable/remove inactive accounts
This just scrapes the surface of how we can help customers go big and go fast in AWS, Azure, and GCP, but stay secure and compliant. In essence, DivvyCloud provides virtual guardrails for all of your public clouds and cloud accounts. Providing a single place to write a single policy and automate its enforcement across all your cloud accounts. You can read more about the hundreds out-of-the-box best practices related to security, compliance (e.g., NIST CSF and HIPAA), and governance (e.g., tagging).