Return to Well-Architected Framework Guide
How do you manage authentication for people and machines?
- Use strong sign-in mechanisms
- Use temporary credentials
- Store and use secrets securely
- Rely on a centralized identity provider
- Audit and rotate credentials periodically
- Leverage user groups and attributes
How do you manage permissions for people and machines?
- Define access requirements
- Grant least privilege access
- Establish emergency access process
- Reduce permissions continuously
- Define permission guardrails for your organization
- Manage access based on life cycle
- Analyze public and cross account access
- Share resources securely
Top comments (0)