VMware recommends:

• Minimizing use of primary account credentials by creating an IAM role and instance profile with the minimum required EC2, VPC, and EBS credentials.

• Following AWS account security best practices such as disabling root keys, using multi-factor authentication on the root account, and using CloudTrail for auditing API actions.

For more Amazon-specific best practices, see the following topics in the AWS documentation:

• IAM Roles Best Practices

• AWS Security Best Practices Whitepaper

• AWS Well-Architected Framework