Proper data security is always a concern, whether your data is on-premise or on the cloud. Here are some of the best practices for securing your data on Amazon Web Services (AWS). While this list is not comprehensive, this would be a good starting point for implementing basic security on the AWS platform.

Security is a shared responsibility between Amazon Web Services (AWS) and its customers operating a digital commerce business. AWS is responsible for the security OF the cloud, and the customer is responsible for the security IN the cloud. This model clearly defines who is responsible for securing the resources when using AWS.

Protect your Root Account

Enable root account with Multi-Factor Authentication (MFA).
Use root account to create IAM admin users, and AVOID using the root user account for actions that do not need the root account access.

Console Users

User AWS Single Sign-On or use your corporate identity solution to avoid creating multiple IAM user accounts.
Implement Password policies to enforce users to have strong passwords by defining minimum requirements for the password.
Enable MFA for all console users.
Rotate keys older than 90 days for all IAM users.

Enable AWS Config

The first step to securing your environment is to create an asset inventory. Config enables you to assess, audit, and evaluate configurations of the AWS services deployed in the account. Config continuously monitors and records your AWS configurations.

Enable AWS CloudTrail for all regions

CloudTrail enables governance, compliance, operational auditing of your AWS account and provides the event history of your AWS account activity for actions taken through the AWS console, AWS CLI, SDK.

Enable Multi-region CloudTrail
Send CloudTrail logs and alerts to an S3 bucket in a dedicated security account.