Securing Your AWS Development Experience

Blunt Jackson
6 min readOct 17, 2019
Silly security graphic. Why not.

AWS Nomads #1. This is the first article in an ongoing series on AWS development for scrappy developers.

AWS can be a maze of services and options. This is a simple guide to developing securely on AWS. Future essays will discuss various aspects of developing secure applications on AWS, which has many more variations for different application and service types.

Step 1: Secure Your Root Account

Your “Root Account” is the login that has authoritative access to everything. Until you explore the mysteries of IAM, all you have is a root account. You need to keep a root account. Here’s how to secure it.

First of all, good old email and login are simply not secure enough. You can get away with it for years, and never have a problem: but it’s a matter of when, not if.

So, from your AWS console, go to your account name in the top bar, and select “My Security Credentials.”

You may need to get past a notice about IAM users. Don’t worry about that for now, we’ll come back to that.

You should land on a page that looks something like this:

The important configuration here is Multi-factor authentication (MFA). Everything below that section is more useful for developing secure applications, rather than simply securing your account. We’ll come to those in future essays.

You are already familiar with MFA. Anytime a login sends a code to your phone or email to make sure you are really you, that is MFA. However, Amazon goes with a considerably stronger MFA than that.

Let’s turn it on:

--

--

Blunt Jackson

Building web applications since 1992. Crikey, that’s a long time.