The AWS services we’ll be covering in this lesson include:
- IAM (Identity and Access Management)
At the end of the lesson you will be able to:
- Establish a new AWS root account
- Understand the means of accessing AWS services including Access Keys and Identity credentials.
- Understand the difference between an identity and an access permission
- Create a user Identity
- Assign the user Identity to an Administrators Group
Step One: Setup an AWS Account
Good news! You probably already have an AWS account. “What?! How’s that?” you ask. If you’ve ever created an account with Amazon to order something that account is capable of utilizing AWS.
Simply head over to http://aws.amazon.com and try logging in with your account.
If you want to start from scratch simply click the “Create New AWS Account” button to start the wizard
You will need to supply your email, a password, and a name for your AWS account.
Once that’s been entered you are one step away from being able to actively use AWS services. You will need to supply a billing method before Amazon will actually start letting you use services.
They bill monthly so you will accumulate charges through the end of the month and then Amazon will automatically charge your selected billing method.
To access your billing options select Services and then select Billing from the list of services. This will bring up the billing console. Click the Payment Methods link and enter a credit card to use as your default payment method.
Viola! You’re all set to start using AWS.
Ways to Access Services in AWS
There are two ways to access services available in your AWS account. You can either use Access Keys which allow programmatic access to your account or User Credentials with a login and password.
Access keys are very powerful. If you decide they are needed and create them be very careful to protect them. If they are discovered by someone with bad intentions they can be used to very quickly create services and run up extremely high bills on your account. For this course we won’t be covering Access keys.
Instead, we will use Identities with logins and passwords. These are familiar to use and can be restricted through groups and security policies so that even if they are exposed the amount of damage that can be done is limited.
Creating an Identity with IAM
Using root credentials to log into AWS is a dangerous proposition. You could accidentally take an action that has permanent effects or broader action than you had intended. Or, worse, you could expose those credentials to someone with less than scrupulous character that can use them to get up to all kinds of mischief with your account.
This exercise will walk you through creating an administrative account that doesn’t expose the keys to the kingdom.
- Log into AWS with your root access account
- Choose the “IAM” (Identity and Access Management) service from the list of services
- Click the “Users” link
- Click the “Add User” button
- Enter a user name for the user that describes what they do
- Check the “AWS Management Console access” checkbox. This will create a user that can log into the management console.
- Either allow the system to generate a password or select the custom password radio button and enter a password of your own choosing.
- If you want the user to select a new password on their next login leave the “User must create a new password at next login” checkbox checked
- Click the “Next: Permissions” button to move on to selecting permissions for the new user identity.
- We will be creating an “Admins” group to hold our administrative users and grant them the permissions they need.
- Click the “Create Group” button.
- Enter “Admins” in the group name text box.
- Check the box next to the “AdministratorAccess” AWS policy.
- This sets the permissions for the group to allow anyone in the group access to all AWS services.
- Click the “Create Group” button
- Click the “Next: Review” button
- Make sure everything is correct and click the “Create User” button.
- You will be presented with an option to download the newly created user credentials.
- This will be the only time those credentials are made available to you.
- Be sure to download them and put them in a secure location.
- Log out of your root access account and log in with your newly created administrator account.
What you’ve accomplished
At this point you’re on the road to success with AWS.
You’ve created an account that you will use throughout this course to master the skills that will be presented. You’ve secured your root access account by adding a new user identity and you’ve made that identity a member of an administrators group to grant it the privileges it needs to access AWS services.
At this point you are growing more familiar with the AWS interface and starting to navigate it more proficiently. You’ve acquired a skill for administering security at the account level in AWS.
You’re at the starting line, ready to take on the next AWS challenge heading your way.