of AWS Organizations • Federated cross-account access with single sign-on/IdP • Per account security policies • Per account cost attribution • Compartmentalization limits blast radius • Centralized control with explicit trust relationships
credentials • Services must use roles • Never use the root account • Share root account password, MFA in password manager • AssumeRole for third parties
Save it as a SecureString in SSM Parameter Store 3. Add policy to read the Parameter Store value 4. Assign policy to a role used by an ECS task/instance 5. Read password from Parameter Store at run time