How to protect access to Elastic Beanstalk resources + security advices?

Question

I'm using Elastic Beanstalk as well as the new features for automatically creating some environment resources (like SQS queues). This is really convenient, however this suffer from one problem : if I "terminate" the environment, all the associated resources are removed as well.

I find this really dangerous, although I'm the only one to manage this account, I can always be drunk (haha) or, typing the wrong command in CLI or, of course, someone could steal my account.

May be I'm a bit paranoid, but so far I've found some strategies, I'd like to know which one is best:

1) Create a new IAM user for myself with read-only access, and set up two-factors authentication for the main account (master), so that if I need to create resources, I absolutely need to log to the master account with better security.

2) Prevent termination from the main EC2 instance created by Beanstalk. If I do this, I cannot anymore terminate the Beanstalk environment by mistake. My question is: one of the advantage of the elastic load balancer is that it can shutdown unhealthy instances and fire up new ones. However, what happen if one instance is set as "disallow termination" ? Can the load balancer bypass this and still create a new instance ?

3) Do both ?

As a rule, what are best practices about this topic ?

Thanks for your answers !

Answer 1

Unfortunately SQS queues do not support Termination Protection.

Out of your two options I would definitely go with 1) since 2) does not fully protect the EB cluster from deletion.

Explanation:

1) I recommend setting up a separate IAM user for every-day tasks and protect the main account with two-factor authentication and use that to spin up/down new EB clusters.

2) Even if you protect the main EC2 instance(s) with Termination Protection other critical resources associated with the EB environment will still be terminated such as load balancers, auto-scaling groups, and SNS topics.

I think the simplest solution would still be to follow the "aim twice, shoot once" philosophy as well, though an IAM account with a policy that does not allow it to terminate instances, EB environments, delete EB applications, and similar would be your sure-fire protection against yourself in moments of temporary insanity.

Hopefully this helps!