DevPanel manages your AWS account for you.
That means that you'll always have full control over your own account. However, we recommend that you strictly limit access to your AWS account. Only grant access to experienced sys admins, and that's it. Do not let developers work directly in your AWS account as they may accidentally interfere with DevPanel's operations.
And although you'll have Admin access to your account, we recommend that you DO NOT run any other applications in that account and just let DevPanel manage that entire account.
Here are some good practices to follow when you're managing your own AWS account.
Password manager are great at generating strong random passwords and keeping them secure. We recommend using BitWarden because it has a built-in MFA/2FA/TOTP manager.
https://bitwarden.com/
Even if you're the only one in that email group... this allows you to assign someone else to manage that account in the future. Also, when you're not available (think vacation), you can add other people to the group so they can recieve account notifications and act on them.
MFA, or Multi-Factor Authentication, also known at 2-Factor Authentication, is highly recommended for all your AWS accounts.
Use the following guide to enable MFA on your accounts:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html
Do not use your root account for everything. Create a user account even for yourself and use that.
Use the following guide to create user accounts using IAM:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
Most regular users do not need programatic access to their accounts. Account access keys pose an unnecessary risk and should be disabled or deleted entirely.
This goes without saying but just in case -- DO NOT SHARE ACCOUNTS! Each user/admin should have their own account.
If you're giving out access to different people in your organization, make sure to review the IAM Users section of your account and disable/delete accounts regularly.
This will keep an audit trail of who did what in your account. Enable it in all regions.
https://aws.amazon.com/cloudtrail/
Here's how DevPanel works with your AWS Account...
DevPanel uses AWS Best Practices to access and manage your account. We use Cross-Account IAM Role based access to connect our account with your account.
Here's an article from AWS that explains this in more detail:
https://aws.amazon.com/blogs/apn/securely-accessing-customer-aws-accounts-with-cross-account-iam-roles/
You should ensure that
Only DevPanel should be running in this account.
If you violate any of these rules, then you're putting your own account and applications at risk.
Once it has access to your account, DevPanel uses Hashicorp's TerraForm to create infrastructure in your AWS account.
To learn more about TerraForm, see: https://www.terraform.io/
Here's a simple diagram of the base infrastruture that DevPanel will create in your account.
Depending on the client's needs, this infra can (and often is) customized.
All your sites and applications run on top of this infrastruture.