Identity and Access Management

IAM Password Policy

• Password should have at the least one character of - Uppercase, Lowercase, Symbol and Number.
• Minimum length of password - 14 or more
• No password reuse
• Password expiry - 90 days or less

aws iam update-account-password-policy \
--require-uppercase-characters \
--require-lowercase-characters \
--require-numbers \
--require-symbols \
--password-reuse-prevention 24 \
--max-password-age 90

Ensure a support role has been created to manage incidents with AWS Support

Get IAM user's ARN

aws iam get-user --user-name <USERNAME_OF_USER>

Trust policy

Save it as a file file:///tmp/TrustPolicy.json with the ARN of the user from previous step

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "<ARN_OF_THE_USER>"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Create IAM Role

aws iam create-role \
--role-name aws_support_iam_role \
--assume-role-policy-document file:///tmp/TrustPolicy.json

Attach role to AWSSupportAccess managed policy

aws iam attach-role-policy \
--policy-arn 'arn:aws:iam::aws:policy/AWSSupportAccess' \
--role-name aws_support_iam_role