AWS Accounts:
An AWS account is a container for your AWS resources. You create and manage your AWS resources in an AWS account, and the AWS account provides administrative capabilities for access and billing
First step in your AWS hands on should start from here. I assume you already created a personal account using your email address. If not please check AWS sign up section.(https://portal.aws.amazon.com/billing/signup?type=enterprise#/start/email)
Account created using email address is called as root user, by default this user has full access to all AWS resources (No restrictions)
Account generally covers the below provided sections:
Below is the architecture diagram of AWS account and in general with the role or policy user will be assigned to some specific services.
Important considerations for AWS account:
Ø An AWS account is a container for identities(users) and resources
Ø Using an email address, you can sign up for AWS account
Ø Personal use of creating AWS account by default it created as free-tier account and some of the services free for 12 months. Check this link for complete details (https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc&awsf.Free%20Tier%20Types=tier%2312monthsfree&awsf.Free%20Tier%20Categories=*all)
Ø Create AWS account by simple registration process and anyone who is having valid credit card and check this link for more details (https://aws.amazon.com/premiumsupport/knowledge-center/accepted-payment-methods/)
Ø By linking your credit card AWS account is created and by default root user has full access for all AWS services
Ø Single credit card can be used for many AWS account creation process
Ø AWS account creation process can be the same for all environments (Development, testing, production & DR) using different email addresses
Ø It’s not recommended to use root user for day-to-day operations of using AWS services
Ø Using root account user create new Admin users (with proper roles/policy attached) with Full administrator access (and Billing module access)
Ø With root user login, “Enable IAM User & Role access to billing”
Ø If you didn’t assign any policy/roles to new user creation, by default user is no access to any of the AWS resources
Ø After Admin user is created, then we can create multiple users based on the role/policy (Developers, testers, DBA’s etc.,,)
Ø Best security policy is to enable MFA (Multi Factor Authentication) for all the users including root user
Ø Recommended best practice is create groups and attach policies/roles to it and users should be mapped to groups (this process makes easier on managing roles/policies for all users)
Ø Pay-as-you-go model is whatever the services you are using it will be charged per min/requests and charges is deducted from your payment method (Credit card)
Ø If the user doesn’t belongs to any group/role/policy by default no access to any of AWS resources
Ø As a best security practice, set password rotation policy for the users
Ø AWS Account IAM user can be assigned always with only one username & one password
Ø An IAM user can have TWO access keys (Active)
Access Key ID: SYAWLASKCORSWAACCESS
Secret Access Key: SYAWLASKCORaws/5SE5CR5ET5ACC3ESS5kEY
Best Practices for AWS personal account
- First created account called is as root user and create new admin account and use only admin account (Root user is not recommended for using AWS services)
- Created admin user should have the Full Administrator & billing module access
- Enable MFA on root / Admin / normal accounts for added security
- Create Budgets to not fall into see surprised billings (Set an alert if the budget reached USD 10 then email notification)
- Opt for monthly email statement to receive on your email (Under Billing preferences à Enable on Receive PDF Invoice by Email
- Keep always have a look on cost explorer (At least weekly once) just to monitor your spending's
- Cost explorer is the good option to view your usage based on many filer conditions (Usage, Region, service based etc.,) Hope you gone through the AWS basic concepts, and I assume that you are ready to jump into deep dive on AWS services.
Ok. Let’s watch out this space for more upcoming AWS service knowledge sharing.
Connect with me for more knowledge sharing.
Top comments (0)