Detective Control Pillar

Logging & Monitoring

Pillar #2 Detective Control

AWS IAM Best Practices

IAM TopicDocumentation
Change Root User PasswordChange Root password AWS
AWS Root User GuideAWS Root Documentation
Start with Root UserTwo steps to start with the Root Account
IAM User PasswordsCredential Account Policy
Identify AWS AdministratorsGet All AWS Admins with Powershell
Adding MFA to IAM UsersUsing MFA on AWS MFA in 10 Steps
MFA on CLIMFA Token with CLI
IAM RolesGaining Access to a role via CLI
Access Key UsageTracking Access Keys
Auditing all IAM Access KeysList all access keys for an organization
Managing Access KeysManage Access Keys via SCP
Just in time Administration via STSAPI Overview of STS
Create Temporary STS Access Keysvia Powershell
AWS OrganizationsOrganizations User Guide
Service Control PoliciesSCP Overview
SCP Guardrails to get startedSCP for Org