Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
AWS SysOps Cookbook

You're reading from   AWS SysOps Cookbook Practical recipes to build, automate, and manage your AWS-based cloud environments

Arrow left icon
Product type Paperback
Published in Sep 2019
Publisher
ISBN-13 9781838550189
Length 490 pages
Edition 2nd Edition
Tools
Arrow right icon
Authors (3):
Arrow left icon
Eric Z. Beard Eric Z. Beard
Author Profile Icon Eric Z. Beard
Eric Z. Beard
Rowan Udell Rowan Udell
Author Profile Icon Rowan Udell
Rowan Udell
Lucas Chan Lucas Chan
Author Profile Icon Lucas Chan
Lucas Chan
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. AWS Fundamentals 2. Account Setup and Management FREE CHAPTER 3. AWS Storage and Content Delivery 4. AWS Compute 5. Monitoring the Infrastructure 6. Managing AWS Databases 7. AWS Networking Essentials 8. AWS Account Security and Identity 9. Managing Costs 10. Advanced AWS CloudFormation 11. AWS Well-Architected Framework 12. Working with Business Applications 13. AWS Partner Solutions 14. Other Books You May Enjoy

Signing up for an AWS account

To follow along with the recipes in this book, you will need to set up an AWS account. Follow all of these steps to learn how to create an account that you will securely access with an IAM user and a Multi-Factor Authentication (MFA) device.

How to do it...

Follow these steps to create an AWS account:

  1. Create an account at https://aws.amazon.com/ by clicking on the Sign Up button and entering your details:
Creating an AWS account
Even though we will be taking advantage of the free tier wherever possible, you will need a valid credit card to complete the signup process. Go to https://aws.amazon.com/free/ for more information. Note that the free tier only applies for the first year of your account's lifetime.
  1. Before we get started using that shiny new account, let's go over some best practices regarding basic account security. The very first thing you should do as the owner of an AWS account is enable MFA on the root login:
Identity and Access Management
Protect your logins with MFA. Check out this article by Okta on why MFA is a good idea:
https://www.okta.com/identity-101/why-mfa-is-everywhere/.
  1. As you can see, when you first visit the IAM console, AWS recommends that you Activate MFA as the next step to improve your security status. Expand the Activate MFA section and click through it to get to your security credentials screen:
Managing the MFA device
  1. Choose the type of MFA device you prefer and complete the setup. If you choose to use a virtual device, note how the app on your phone saves your data. Some apps, such as Google Authenticator, don't back up your data to the cloud, so, if you lose your phone, you will no longer be able to log in to your account. Try apps such as Authy or LastPass Authenticator if you want your MFA device to be synced with an online account.

MFA is an essential extra layer of security that you should apply to all of your online accounts, not just AWS. Now that you have protected your root login with MFA, it's time to take your account security to the next level by creating an IAM account for routine access. Let's get started:

Never use the root login account for routine access. Secure the root credentials and the MFA device so that a very limited group of people have access to them, for use only when absolutely necessary. This will reduce the chances of a bad actor compromising your account.
  1. Expand the Create individual IAM users section and click Manage Users:
Manage Users
  1. Add a new user account:
Adding a new user account

This will be the user account that you use to complete the exercises in this book. On the next screen, you will be asked to create a group for this user.

  1. Create a group called Admins and select AdministratorAccess:
Creating a group

Once you have finished creating the new IAM user, make sure that you save these credentials so that you can access the CLI later.

  1. One last thing we will do before logging out of the root is apply a password policy to the account so that all the users are required to have strong passwords:
Password policy
  1. Once you have done this and see five green checkboxes under Security Status, log out of the root user and log back in as your newly created user.

How it works...

When you create an IAM user within your AWS account, you are addressing authentication, which answers the question, Who is this user? By itself, a user has no rights to accomplish anything in your account. Access management, or authorization, determines what the principal identities within your account can do. Authorization answers the question, What is this user allowed to do? In AWS, you create policies that define what those principals are allowed to do. Policies are attached to users, roles, and groups.

There's more...

Keep in mind that changes that are made to users, groups, and roles need to be consistent eventually. This means that those changes might not be immediately available across your entire account. AWS recommends that you do not include IAM changes in latency-sensitive code.

See also

  • Check out the AWS Organizations and AWS Control Tower recipes in Chapter 2, Account Setup and Management, for an in-depth look at setting up multiple accounts for your company's cloud-based applications
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image