I dont administrate AWS but have the root user account. I need to let an external user setup a nodejs project in a container. Whats the recommended approach to provide a developer temp access to the environment? Im assuming they should not get access to root user account. Any ideas most appreciated.
2
Answers
Never share root access details, in fact it’s best practice to not use root at all, and if it’s needed ensure you have MFA enabled.
https://docs.aws.amazon.com/accounts/latest/reference/root-user-mfa.html
As for access to a user for a given project, you should create a User and assign only the necessary permissions needed to complete their task. Always work on the practice of least priviledge. You can follow these docs to help you get started:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
Like Lee mentioned, its always recommended to follow least privileges method. You can ask dev what all AWS services would be needed for him to develop the project & grant access to only those particular services (eg: ec2/ s3/ ecs, etc..).
Furthermore, you can restrict the dev to particular region also so that he/she do not create any unnecessary resources in different regions & you incur charges.
All this can be done using IAM policy. Look for those on google or official aws docs.
Hope this helps.