This article outlines the processes and mechanisms that ensure a baseline security posture across TD SYNNEX Public Sector’s ecosystem of AWS Management account credentials.
Root Credentials Management
TD SYNNEX Public Sector's contractual obligations in our partnership with AWS requires us to maintain "root" credentials at the Management Payer account level. Customers and partnership will receive admin level access to their member accounts as they are requested and created.
For the Management Payer accounts, TD SYNNEX Public Sector follows three (3) principles for managing the root user in alignment with AWS best practices:
- Enable multi-factor authentication (MFA) on root user credentials
- Remove root user access keys
- Secure root user’s password
Root access is not to be used after account creation, with the exception of AWS Tasks that require AWS account root user credentials. These tasks would likely only be requested by customers who have shared access in the Management Payer account.
MFA Requirement for TD SYNNEX Public Sector and accounts:
MFA is required on all TD SYNNEX Public Sector managed accounts and must be established immediately prior to use of AWS resources, including root credentials on payer accounts.
Password Policy for TD SYNNEX Public Sector accounts:
TD SYNNEX Public Sector AWS Management Accounts have a password requirement that meet or exceed the following conditions:
- A minimum length of 20 characters.
- The use of each character types: uppercase, lowercase, numbers, and non-alphanumeric characters such as ! @ # $ % ^ & * ( ) _ + - = [ ] { } | '
- Not related or identical to the AWS account name or email address.
- Does not expire.
Comments
0 comments
Please sign in to leave a comment.