AWS Best Practices
Manage identity and access using the principles of least privilege
Authenticate via single sign-on (SSO) & enable MFA within the SSO provider.
If not using SSO & MFA, set complex local passwords.
Separate admin accounts from normal user accounts.
Limit cluster creation rights/permissions.
Store and use Personal Access Tokens (PAT) securely.
Cross-account IAM role configuration.
Protect data in-transit
Use AWS Private Link
Secure your EKS cluster & network
Use enable external ingress to Clusters only for required users/IPs
Use EKS Authorized Networks to provide EKS management API access only to e6data IPs.
Implement network exfiltration protections.
Enable S3 access logging
Apply EKS service controls.
Use VPC endpoint policies.
Configure PrivateLink
Use EKS best practices when deploying workspaces
Add tags for cost monitoring
Last updated