Still, the fact that one is a beginner, and he has to manage an AWS environment all of a sudden without disturbing its flow is a terrifying thought. This article explains the most common kinds of problems a developer has to face when a situation like this arises. Also, some of the rare cases are discussed in this article.
Root User not to be used
Developers must stop using root user entirely. They need to make sure that nothing else is using the root user programmatically, and then they need to create an MFA token for the account they will lock in a safe. The steps for the process is as follows:
- One must log in as a root user, probably for the last time.
- They must determine if anyone or anything is using the root users account via the API by checking the root user’s security credentials manually.
- The developer must track down any keys they are likely to find. With any in-use credentials, usually, they are to see in-use access keys within the last 24 hours usage.
- If the keys are found, that have not been used in a reasonable time frame, they must delete them, and if you are unsure when it was used, then they must need to fix it as soon as possible.
- Also, enable MFA on the root user account from the same page. Developers must take a screenshot of the QR code given and the key material, and save it in their safe.
- They can share the key with their trusted team members and must not save the QR code on any device that can be accessed by people other than themselves, such as phones or computers. They also need to get the initialization codes and delete it immediately.
Keep Billing Information Updated
Developers must make sure that they do not get into any kind of digital stalemate as the previous owner of the AWS account might try to claim ownership of the existing AWS account because of their credit card being registered in the bill.
So, developers must bring it to the knowledge of their finance department and also identify and recover their accounts once they get the correct billing information. They must add and remove any other payment methods, including bank accounts and credit cards present in the statement.
Once the billing information is changed, developers must logout from the root account and switch to using the IAM user created by them previously.