Safeguard your AWS account with simple AWS account level settings. these configurations can be automated using Terraform as well
- S3 – block public access to S3 . By default public access is blocked for new buckets, access points, and objects. refer to this AWS documentation for more information
- EBS volume Encryption – Enable EC2 volume encryption by default for all the volumes, every time you launch an instance with a volume it will be encrypted automatically.
- IAM password policy – Enforce stricter password policy and password rotation policy for users through this global setting. refer to this AWS documentation for more information
Look at this article to learn how to use AWS System manager to connect into your Private VPC with-out having to go through the complicated process of setting up Bastion host