Creating Your AWS Account
Part 1 of the Complete AWS Boilerplate
This is the first tutorial in the series “The Complete AWS Boilerplate” for quickly building entire internet products on the Amazon Cloud.
Welcome to the Amazon Web Services Guide for Startups, Small Business and Solo-preneurs. Begin by creating your account by clicking here. You will need:
- An email account
- A valid credit card (you will not be charged as there is a generous free tier)
- A phone number (you will receive an automated phone call to verify your identity)
- If you a student, sign up with your University/College email to qualify for AWS Educate and get free cloud credits up to $100
Follow the steps on screen and within 2 minutes you will have your new AWS account! Login to your account and you will see the below screen, called the AWS Console. This is where you can access everything.
If you’re feeling overwhelmed, don’t worry. We will go over step by step which of these services you will actually need. By the time you finish this tutorial series, you will be comfortable diving into any of these. At the end of the day, they’re just an API call away.
Before we begin with any AWS service, we’re going to think about security from Day 1. Which of these best describes you?
1. I am a solo entrepreneur
2. I am part of a small business
3. I am part of a small startup
In any case, you will want to limit the scope of things a team member can do (in case someone accidentally deletes your entire business backend). Right now you are using the “Root Administrator” user account, which is allowed to do anything. This is of course very dangerous, and if this account is compromised, you are royally screwed.
Let’s create a user account with limited access to your AWS Cloud. We can accomplish this in IAM (Identity and Access Management). Simply type IAM into your AWS console search bar and click the first result.
You will be taken to this screen:
The only thing we are going to do in this article is set up a read-only teammate account so that we can allow another person in our organization to login to AWS and see things without the ability to edit. Further security setup will be explained in a future article. In the “Security Status” checklist, click “Create Individual IAM users” > “Manage Users”.
On this next screen click “Add User”.
Fill out the above fields. You will want the access type to be “AWS Management Console access” only, but if your team is comfortable with coding you can also enable “Programmatic Access”. The other options are up to you. Click “Next: Permissions” when you’re ready.
Next we reach the Permissions screen where we can add a user to a group, or attach/copy policies to this user. We won’t go into what each of these mean in this article, but conceptually, user security groups look like this:
You don’t want interns touching your security or infrastructure. You want your sales team to be able to see data but not change it. AWS lets you get very fine-tuned on exactly which users are allowed to do what. This can get tedious, so making “Groups” allows you to specify permissions for an entire team. When we create a new AWS user, we can easily add them to an existing group and if necessary, further specify their permissions.
For now, all we’re going to do is give our new user the ability to READ from all S3 buckets (in a later article we will remove this permission and only let this user see specific S3 buckets). Don’t worry if you do not know what an S3 bucket is, we will learn that in the next article. Click “Attach existing policies directly” and search for “AmazonS3ReadOnly”. Click “Next:Tags” when you’re done.
AWS allows us to tag all resources for easy categorization and search. Let’s add the tag “user-type” with the value “business-intern” to help us easily identify what type of user this account is associated with. Remember to stay consistent by tagging future user accounts with a “user-type”. Click “Next:Review” when you’re ready.
Everything looks good. Click “Create User” when you’re ready. You will reach the final screen.
Click “Send email” to conveniently onboard your new AWS team member!
Now let’s test out that sign-in URL in a private browser session.
Notice how that Account ID is automatically filled in (its provided by the URL).
Enter the IAM user name and password and you should see the AWS console. Let’s test the permissions by searching for EC2.
It will say “You are not authorized to _______” 😏 Nice. Let’s log out of this account and re-login to our “Root Administrator” account. Go back to the IAM console because we’re going to delete the user we just created.
You should make a good habit of keeping a clean Cloud, which includes deleting users when they’re no longer in use. Trust me, you do not want to deal with the anxiety of a messy AWS because it gets complicated and very stressful. Let’s build good habits from Day 1.
Let’s review what we learned today.
- Created a “Root Administrator” account
- Learned how to create additional users with limited access
Here’s what we’re going to learn in the next few articles:
- Host a static website using Amazon S3
- Setup further security with 2-factor authentication
- Create a “CTO” account on IAM
See you in the next tutorial!