Essential first steps for a new AWS account

The basics

Secure the Root account
- New password
- Hardware MFA (if you lose/break/upgrade your phone, you lose your Google Authenticator mfa connection)
- No CLI access
Establish Billing Budgets and Alerts
Configure root login alerts
Establish and secure an Administrator account
Don't grant both console and cli access to any one user
Establish and secure a read-only account
Configure cross account roles for cli access
Configure local cross account access
Configure Chrome account switching cross-account access
Configure CloudTrail, logs, and retention
Disable regions
Enable AWS Config and basic rules pack