Most users start AWS with a one-year free tier account. There have been many hacking incidents for such accounts which ended up in huge monthly bills. This happens because of many reasons — for example, committing code to a public repository with AWS access and secret keys. A hacker would get access and launch high-capacity instances, resulting in enormous bills.
We can avoid accounts getting hacked by applying a few security policies and following best practices:
Create an IAM user with admin privileges even if you have root access. Do not use your root account except for billing purposes.
Put a strong password of more than 10 characters for your root account.
Enable strong password policy with password expiration for IAM users.
Enable MFA (Multi-Factor Authentication) for the root account and all IAM user accounts.
Do not create AWS access keys unless needed. Make existing keys inactive when not in use.
Never hard code your access keys in your code.
Never store access keys in EC2 instances or any other cloud storage. Use IAM Roles instead.
Never allow all ports in security groups. Allow only required ports for your applications.
Make use of NACLs to provide an additional security layer.
Create separate subnets for each application layer (Web, DB, Backend) and open required ports only on each Security Group.
Never share your AWS credentials through email. If you do, change the password immediately.
Use a Jump Box or VPN (like OpenVPN) to connect to instances in your VPC.
Do not launch instances in public subnets unless required. Use NAT instances to patch private instances.
Set billing alerts and resource monitoring using CloudWatch and SNS.
Enable CloudTrail to log all activities including API requests. Use CloudWatch with CloudTrail to get notified of suspicious activity.
Configure WAF on top of your CloudFront or Load Balancer.
Use AWS Organizations if you are managing multiple accounts.
These are the basic preliminary security measures you should take to secure your AWS accounts. If you are using AWS for production workloads, go through all AWS security whitepapers and follow the best practices mentioned in them.