Immediately change the password, enable two-factor authentication, rotate any API keys, update the recovery email and contact details to your own, and set billing alerts. These five steps put the account fully under your control.
Securing a newly received cloud account is quick and essential, and it should be the very first thing you do after logging in. Start by changing the account password to a strong, unique one stored in a password manager. Then update the recovery email, phone number, and any contact or security questions to your own details, so that account recovery and notifications route only to you. This single step transfers practical control of the account to you.
Next, enable multi-factor authentication (MFA/2FA) on the root or primary login. Every major provider supports an authenticator app, and AWS, GCP, and Azure strongly recommend MFA on the top-level account. If the account includes any pre-existing API keys, access keys, or service-account credentials, rotate or delete them and generate fresh ones tied to your own identity — this ensures no prior key can access your resources. For AWS specifically, create an IAM user for day-to-day work and avoid using the root account except for billing tasks.
Lock down access and visibility. Review IAM users, roles, and permissions and remove anything you do not recognize. Apply the principle of least privilege so each user and service has only the access it needs. Check the account’s security center or trust advisor for open ports, public storage buckets, or exposed resources, and close anything unnecessary. Configure logging (CloudTrail on AWS, Cloud Audit Logs on GCP, Activity Log on Azure) so you have a record of all activity going forward.
Finally, protect yourself financially and operationally. Set billing alerts and a budget so you are notified before spend climbs unexpectedly, and review the credit balance and expiry so you can plan usage. Take a snapshot or backup before deploying anything important. If you ever run into an access or configuration issue, our 7-day replacement guarantee and 24/7 Telegram support are there to help — but following this checklist on day one means the account is securely and fully yours from the start.
Keep Reading