In IAM you have a few best practices. Some of those are try not to use your root account, create an IAM admin account you can use. Try to enable MFA if you can on all accounts and use access advisor and credentials report to audit the accounts. If someone wants access to your AWS console, DO NOT GIVE THEM YOUR PASSWORD, if absolutely necessary create a new account for them. Be sure to protect the access keys you generate for console access as well. Keep this in mind and you will have no trouble at all! And now I will begin to focus on EC2 in my next few posts.