How to Set Up an AWS Account and Get Started
Who is this article for?
Whether you are a beginner or have some basic knowledge of AWS, this article will help you to get familiar with the fundamentals of AWS account and its best practices for security measures.
There are different cloud providers available to start with your cloud journey, however which cloud vendor to choose, is a challenge in itself.
Amazon Web Services (AWS) is the oldest and one the most popular cloud service provider since 2006. It offers more than 200+ services to its users. (We will learn about most of the services in upcoming blogs).
What is an AWS Account and How to setup one?
An AWS account is a container for your AWS resources, and provides administrative capabilities for access and billing. In order to create an account you need two things to start with:
- a unique email address (obviously, we cannot use same email address twice)
- a debit/credit card (though it’s a free account but this card will be used for billing if usage of service exceeds the free-tier limit)
Now, go to link https://aws.amazon.com/ and click to top right button “Sign in to the Console”, then on sign in page click on button “Create a new AWS Account”, select ROOT USER radio button and follow all steps by providing your email address and mode of payment in billing page, and signup for Basic Support Plan (Free). Once your details are verified you will get a confirmation page for account creation same as below and you can access your account within few minutes:
You are the root user of this AWS account, in easier terms Owner of the AWS account. In addition to that, we will create Identity Access Management (IAM) users for that root user. Using an IAM user, enable us to handle different users and different range of access to the AWS console. We can create an organization or a user hierarchy when handling a team for AWS account access. Login to your account and you can see account details in top right same as shown in below screenshot:
Protecting your AWS Account: What you need to know
AWS offers many tools to help you secure your account, some of them are added by default and for some you need to implement them. Now, like any other billing account it is recommended to add additional measures to secure your AWS account so as to avoid any unauthorized access, forged or scam payments. Below are the list of few best practices in securing your account and its resources:
- Shielding your passwords and access keys (Password Policies)
- Activate Multi-Factor Authentication (MFA)
- Limited use of Root User, instead use attached IAM users to access your resources
- Monitoring your account and its resources (Budget and Alert)
Shielding your passwords and access keys
Adding a strong password and changing it regularly with minimum repetition is the best way to boost the cyber security for your account. To achieve this, Password Policy comes in handy, as you can set rules for your account for using passwords. Once the policy is set, all associated IAM users or newly created IAM users have to follow these rules to configure their account passwords.
As you can see in below screenshot, AWS provides IAM default policies and Custom policies where user can select any one from the both to safeguard their account.
Activate Multi-Factor Authentication
Multi-Factor Authentication or MFA is an electronic authentication method which acts as an extra protective layer to secure data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity to grant access it.
For better security, it is recommended to configure MFA to help protect your AWS resources. You can enable MFA for the AWS account root user and IAM users, as both are distinct identities with their own credentials. There are different methods to configure MFA in an AWS account:
- Virtual MFA device like Google Authenticator App
- FIDO Security Key
- By using hardware TOTP token
We will configure Virtual MFA device (Google Authenticator App) to our AWS root user and enforce this implementation to all IAM users of that account. You can use a phone or any other device to install it. Once installed, this app generates six-digit authenticator code which can be added in AWS account to enable MFA. In below screenshots you can get an idea on MFA registered to a AWS root user account.
Limiting use of Root User
AWS root user account or the owner account has unlimited access of all resources and services available, i.e., root can create any limit of compute services, S3 storage, or even launch high capacity EC2 instances, or even can delete an existing running resource. This is for sure can be a problem when the account is used by more than 1 person. So to avoid any unnecessary billing or loss of data/application, it is advised to create IAM users and assign them required policies and roles to perform tasks.
Set up Budget and Alert
We know that AWS charges pay-as-you-use its resources and services, and when you are dealing with an organization or a team one should also have an estimate on the monthly/yearly charges for the account. For one of the security measures, it is advised to monitor your account and its resources regularly to detect any false/unusual activity in your account.
There are various services available in AWS for monitoring overall charges and saved as metric data or as reports (we will learn these services in details in upcoming blogs). Right now we will learn how to create a basic Budget and setup an Alert to monitor expense matrix. The alerts gets triggered when your current charges exceeds the specified threshold of the created budget.
You need to follow following steps to create a budget:
1. Login to using your Root user credentials
2. Go to AWS Billing > Budgets (you can search :AWS Billing or click on right top user id and select Billing Dashboard)
3. Click on button “Create budget”. Now you can see some steps to for configuration, follow these steps according the budget setup type: using a template or customized.
4. Here you will get to configure alerts for certain thresholds of the budget, e.g. 50%/70%/90%.
5. You can add actions to each alerts which is assigning IAM user having billing access to handle required actions/tasks related.
After billing alerts are enabled, we can view billing history i.e., budget history and monthly cost history after 15 minutes.
For an account we should turn on logging for all Regions not just one that we use regularly, as for different Regions billings/ policies are different. In the next blog we will learn more about Regions, Availability Zones and Edge Locations.
P.S. If you read it till the end, Thank you!…
This article is part of AWS Career Growth Program (AWS-CGP) by Pravin Mishra
For more AWS related content please visit the website.
