17 AWS security issues I spot in almost every infrastructure audit

I've been doing cloud infrastructure audits for a while now - different companies, different industries, tiny teams and huge ones. And almost every time I open an AWS account, I run into the same set of problems. They're not exotic zero-days or clever multi-step attack chains. They're basic misconfigurations that stick around because no one ever circles back to clean them up. Here are the 17 checks I run every time. Most are 10-minute fixes. A lot of them have been sitting there for months. IAM, the stuff everyone avoids IAM is boring. Reviewing policies is tedious. So it gets messy fast. 1. Root account without MFA This one always makes me uneasy. The root user can do everything : billing changes, closing the account, changing the support plan - things even an IAM user with AdministratorAccess can't do. And yet… I still find root accounts protected by just a password. No MFA. Sometimes the password is literally in a shared spreadsheet. Fix: 5 minutes. Go to IAM → Security credentials