DevOps: AWS setup
• Mark Eschbach
Alrighty, time to setup a new AWS account. Following their standard security setup is fairly straight forward. The policy right now is any dev can do anything so I created a group Dev
with the policy AdministratorAccess
, should be easy enough. Next up is enforcing MFA requirements to make life easy on all of us. I’m a noob when it comes to AWS security policies so I found Improving the AWS Force MFA Policy for IAM Users which walks you through it without additional guff like EC2 policies. Fairly straightforward document:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"NotAction": "iam:*",
"Resource": "*",
"Condition": {
"Null": {
"aws:MultiFactorAuthAge": "true"
}
}
}
]
}