AWS Trusted Advisor

Amazon EC2 instance usage report

Amazon CloudWatch

AWS CloudTrail Logs

All users should have the same baseline permissions granted to them to use basic AWS services

Users should be granted permission to access only resources they need to do their assigned job.

Users should submit all access request in written form so that there is a paper trail of who needs access to different AWS resources

Users should always have a little more access granted to them than they need, just in case they end up needed in the future.

Choose AWS services which are PCI Compliant

Ensure the right steps are taken during application development for PCI Compliance

Ensure the AWS Services are made PCI Compliante

Do an audit after the deployment of the application for PCI Compliance.

Create user credentials using Identity Access Management, IAM

Use Amazon Cognito for web-identify federation

Create temporary access roles using IAM

Use a third-party Web ID, federated access provider

AWS Artifact

AWS Resource Center

AWS Service Catalog

AWS Directory Service

After gathering information on their access needs, the administrator should allow every user to access the most common resources and privileges on the system.

The administrator should grant all users the same permissions and then grant more upon request.

The administrator should grant all users the least privilege and add more privileges to only to those who need it.

Users should have no access and be granted temporary access on the occasions that they need to execute a task.

AWS CloudWatch

AWS CloudTrail

AWS EC2

AWS SNS