•  Create an AM role for the account administrator with the highest privileges. Do not store the root password, but when the root account is needed reset the password on the root account via email confirmation and repeat this procedure.
  •  Store your randomly generated password in your organizational secrets database using a service such as 1Password or LastPass, and only grant access to this secret to the DevOps team.
  • Create IAM accounts for your administrators and attach the Administrator Access policy to their accounts. Disable the root account in the user settings.
  •  Create an IAM role for the account administrator with the highest privileges and do not use the root account in day-today operations. Enable two-factor authentication on the root account

By Neha S

Leave a Reply

Your email address will not be published.