AWS CLI Essentials

Creating a Personal AWS Account

In this scenario, you work for a company that currently has no presence in the cloud. You have been tasked with creating the company’s employee directory application in AWS.

In this exercise, you will be creating and confirming a new AWS account. You will then log in to that account and do basic management tasks, such as choosing a support plan and setting up some account alerts.

iCloud account-mfaz = iphonelabraven@06312

Task 1: Signing up for an account

In this task, you will start the process of signing up for an AWS account.

Visit the Amazon Web Services home page.
Choose Create an AWS Account.
Note: If you signed in to AWS recently, choose Sign in to the Console. If Create a new AWS account isn’t available, first choose Sign in to a different account, and then choose Create a new AWS account.
Enter your account information, and then choose Continue.
Be sure that you enter your account information correctly, especially your email address. If you enter your email address incorrectly, you won’t be able access your account.
Choose Personal or Professional.
Note: These two account types are identical in functionality. You can choose personal for your personal projects. Choose professional for use within your company, an educational institution, or an organization.
Enter your company or personal information.
Read the AWS Customer Agreement, and then select the box.
Click Create Account and Continue.

Task 2: Adding a payment method

In this task, you will add a payment method to your account.
On the Payment Information page, add a payment method by entering the requested information about your payment method.
Choose Verify and Add.
Important: You can’t proceed with the signup process until you add a valid payment method.

Task 3: Verifying your identity

In this task, you will verify your identity for the account.
On the Identity Verification page, choose your country or region code from the list.
Enter a phone number where you can be reached in the next few minutes.
Enter the code that’s displayed in the CAPTCHA.
When you’re ready to receive a call or Short Message Service (SMS) text message, choose Contact me/Send SMS.
In a few moments, you should be contacted through the verification system.
Enter the verification code that you received and choose Verify Code.
Choose Continue.

Task 4: Choosing an AWS Support plan

In this task, you will select an AWS Support plan for your account.

On the Select a Support Plan page, select the Basic Plan that’s included in the AWS Free Tier.
Sign in to the AWS Management Console.

Task 5: Setting up an AWS Free Tier alert and custom billing alert

In this task, you will set up an alert for your AWS Free Tier usage. You will also set up a billing alert in Amazon CloudWatch.

First, you will create a usage alert.
In the search box, enter Billing and open it.
In the navigation bar, select Billing preferences.
Under the Cost Management Preferences section, select the check boxes for Receive Free Tier Usage Alerts and Receive Billing Alerts.
In the Receive Free Tier Usage Alerts box, enter your email address.
Choose Save preferences.

Task 6: Creating a billing alert in CloudWatch

You will now create a billing alert in CloudWatch.

In the services search box, enter CloudWatch and open the service.
If necessary, change the Region in the upper-right area of the console to US East (N. Virginia).
Billing metric data is stored in this Region, and this data represents worldwide charges.
In the navigation pane, choose Alarms, then choose Create Alarm.
Choose Select metric.
In the Metrics search box, enter Billing, choose Billing, and then choose Total Estimated Charge.
Note: If you don’t see Billing or the Total Estimated Charge metric, you might need to go back a few steps to enable billing alerts from the billing preferences page.
Select the EstimatedCharges check box, and choose Select metric.
Under Conditions, choose Static.
For Whenever EstimatedCharges is, choose Greater.
For than, enter the monthly amount that must be exceeded to start the alarm.
The number you enter should be an amount that you’re comfortable with, such as 10.
Choose Next.
You will now configure notifications for the alarm by setting up and subscribing to an Amazon Simple Notification Service (Amazon SNS) topic. Amazon SNS is a service that publishes messages to a topic, which delivers the message to all topic subscribers.
For Alarm State Trigger, select In alarm.
For Select an SNS Topic, choose Create new topic.
Enter a topic name.
The name must be unique.
Enter the email address where you want to receive the notification.
Note: You will get an email in your inbox that asks you to confirm your subscription to this topic. By confirming, you should get notifications when your estimated billing charges go over your threshold.
Choose Create topic and then choose Next.
Enter an alarm name and description.
The name must contain only ASCII characters.
Under Preview and create, confirm the information and conditions that you entered, and then choose Create alarm.

Scenario

Exercise 2: Working with IAM

In this scenario, you continue to set up your new AWS account by following some security best practices with IAM.

In this exercise, you log in to your AWS account, delete the AWS account root user access keys, and (optionally) set up multi-factor authentication (MFA). You then create an IAM user with administrator access (called Admin). Finally, you log in as the Admin user and create an IAM role.

Task 1: Logging in to the AWS Management Console

In this task, you will first log in to the console as the AWS account root user.

Visit https://aws.amazon.com/console/

Choose Sign In to the Console.

Choose Root user and for Root user email address, enter the email address you used to create the account.

Choose Next.

For Password, enter the password for the root user.

Choose Sign in.

Task 2: Enabling MFA (optional)

In this optional task, you will enable MFA on your account by using a virtual authentication app on your mobile device or on your computer.

At the top right, choose your account name, then choose Security credentials.

Expand Multi-factor authentication (MFA) and choose Activate MFA.

In the Manage MFA device window, choose Virtual MFA device and then choose Continue.

Note: To configure MFA for this exercise, you need to have a virtual MFA application installed on your device or computer. To see a list of MFA applications, in Step 1 of the Set up virtual MFA device window, choose list of compatible applications and scroll to Virtual MFA Applications. Before you continue to the next step, make sure you have installed one of the listed applications on your mobile device or on your computer.

Choose Show QR code and scan the code with your device.

Note: If you are using a computer, choose Show secret key. In your MFA application, enter the secret key.

In the MFA code 1 box, enter the first MFA code.

In the MFA code 2 box, enter the second generated number.

Choose Assign MFA.

You should see a window with a message that you have successfully assigned a virtual MFA device.

To close the window, choose Close.

Expand Access keys (access key ID and secret access key) and confirm that no access keys are listed.

Note: Your account shouldn’t have any listed access keys. If an access key exists (for your new account), delete the key: Locate the Actions column and choose Delete. In the Delete window, choose Deactivate. In the confirmation box, enter the access key ID. Choose Delete.

Task 3: Creating an IAM user

In this task, you will create an IAM user with administrator access.

In the Services search box, enter IAM, and open the IAM console.

In the navigation pane, choose Users.

Choose Add users and in the Set user details page, configure the following settings. User name: Admin Select AWS credential type: Access key - Programmatic access Password - AWS Management Console access Console password: Custom password and enter a password of your choosing Require password reset: Clear this option Choose Next: Permissions.

In the Set permission page, choose Attach existing policies directly.

In the Filter policies box, search for administrator.

Under Policy name, select AdministratorAccess.

Choose Next: Tags, and then choose Next: Review.

Choose Create user.

You can sign in with the new IAM admin user by choosing the URL at the bottom of the Success window.

Note: The sign-in URL should look like the following: https://123456789012.signin.aws.amazon.com/console.

Task 4: Setting up an IAM role for an EC2 instance

In this task, you will log in as the Admin user and create an IAM role. The role allows Amazon Elastic Compute Cloud (Amazon EC2) to access both Amazon Simple Storage Service (Amazon S3) and Amazon DynamoDB. You will later assign this role to an EC2 instance that hosts the employee directory application.

Now that you are logged in as the Admin user, use the Services search bar to search for IAM again, and open the service by choosing IAM.

In the navigation pane, choose Roles.

Choose Create role.

In the Select trusted entity page, configure the following settings. Trusted entity type: AWS service Use case: EC2 Choose Next.

In the permissions filter box, search for amazons3full, and select AmazonS3FullAccess.

In the filter box, search for amazondynamodb, and select AmazonDynamoDBFullAccess.

Choose Next.

For Role name, paste S3DynamoDBFullAccessRole and choose Create role.

Note: We don’t recommend that you use full-access policies in a production environment. In this exercise, you use these policies as a proof of concept to get your exercise environment up and running quickly. After you create your S3 bucket and DynamoDB table, you can modify this IAM role so that it has more specific and restrictive permissions. You will learn more about this topic later.

Bibliography

% Coursera AWS Cloud Technical Essentials
@electronic{
    author = {AWS}, 
    title = {AWS Cloud Technical Essentials}, 
    volume = {Exercise 1: Create an AWS Account}, 
    notes = {https://www.coursera.org/learn/aws-cloud-technical-essentials},
}