030 iam guidelines

Don’t use root account except for AWS account setup

One physical user = One AWS user

Assign users → groups, permissions → groups

Create a strong password policy

Use and enforce MFA

Create and use roles for AWS services

Use access keys for programmatic access (CLI, SDK)

Audit permissions of your account using IAM credentials report & IAM access advisor

Never share IAM users & Access Keys