A Safer AWS Organizations Management Role
ACM.156 Altering the AWS Organizations Default Management Role to Reduce Risk
Part of my series on Automating Cybersecurity Metrics and IAM. The Code.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
We figured out in our last post that we don’t want to leave the default AWS Organizations Role hanging around as it is a bit risky.
How could we modify that role to reduce the risk that it could be abused?
Let’s think through some scenarios.
Change the Role Name
Although we cannot change the permissions for the default management role, we can change the name:
At least by changing the name it will be harder for someone to guess the name because it was left as the default and try to abuse it somehow.
Root account credentials compromised
Let’s say our root account credentials are compromised. Our organization is pretty…