Let’s suppose you just finished creating an AWS account. Since during this process you were asked to insert your card details (let’s say that for now you don’t have any critical data stored in your cloud account), it’s important to prevent any unwanted access that can launch hosts or create unwanted resources that could empty your wallet.
In order to boost your account security, we strongly recommend you to spend the necessary time to understand the concept and to activate Multi-Factor Authentication (MFA) for all root users you intend to create. In that way, you can use a mobile application, a smartphone or a hardware token as a supplementary security layer. Keep in mind that you should configure this thing for all accounts, and not only for the root user.
Another configuration detail that should be done immediately after the sign up is done is to activate the audit, by enabling Cloud Trail. In that way, on any occasion you or anyone else has access on your account does a change in your account (creates a resource, modifies an access policy, etc), an event is persisted somewhere. In that way, whenever it’s necessary, you can debug an issue or inspect a security incident. We wish you not to need this information! 🙂
And the last thing to add: if you haven’t done yet, don’t forget to setup a billing alarm!