Bootstrap AWS Root Account
-
Log into the AWS Root Account using the root account credentials from 1Password
-
Enable MFA on Root user credentials
Use 2 physical security keys
-
Generate an Access Keypair (https://console.aws.amazon.com/iam/home#/security_credentials)
-
Launch an AWS CLI Container
export AWS_ACCESS_KEY_ID="< Access Key ID from step 3 >" export AWS_SECRET_ACCESS_KEY="< Secret Access Key from step 3 >" docker \ run \ -it \ --rm \ --entrypoint /bin/bash \ --env AWS_DEFAULT_REGION="eu-west-2" \ --env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \ --env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \ --volume $( pwd ):/workspace \ --workdir /workspace \ docker.io/amazon/aws-cli
-
Validate AWS Identity
-
Create CloudFormation Stack
-
Delete Root Access Keypair (https://console.aws.amazon.com/iam/home#/security_credentials)
Updating
In case you need to perform an update to the root-account-bootstrap, repeat steps 1 to 5 and then