"Sooooooooooo Jimmy Boy Here we are!!!!""- Gary
Today we're gonna talk about the base of everything that we need to use AWS: An Account! Maybe that's the part that most beginners fear because it's when we make an AWS account, and everybody is afraid to get a bill of something like USD 500,00 in one day to another.
Btw, to get easier it's necessary to split this subject into topics:
- What's a Root Account and why does it seem like the "King" in a chess game
- What are organizational units, accounts, and I.A.M (a brief look)
- How to make your AWS account
What's a Root Account and why does it seem like the "King" in a chess game
Okay, maybe some people would say that's better to start by creating an AWS account, but NO! Before anything, it's necessary to understand some concepts about accounts in general.
The primary account that somebody (or some company) would have it's the "Root Account". This account has the power to do ANYTHING, but it's terrible to leave such responsibility to a single account for many reasons.
Imagine that we have a Team made of 10 people:
three guys use the account to deploy web apps
three other guys use the account only to check some data logs
Finally, the last four guys use the account to check the DynamoDB (or the no-SQL Amazon database).
Okay, everything is fine until one day one guy decides to delete an entire column from the database, can you guess who did it? No, you cannot, because who did it isn't from the team, the guy who did it it's just the company CEO who has full access to the root account, and one day because of some customer he decided to use the root account to verify a problem but he knows nothing about DataBases and just f*cked up everything.
The only responsibility that a Root should have is to create other accounts and pay the bills, everything beyond that is not recommended.
What are organizational units and accounts (a brief look)
So as I said before, the only responsibility that a root account should have it's to create other accounts, a good practice to organize it is by creating "Organizational Units" or just "O.U", don't worry, in the next post you will learn how to create both root account and organizational units, at this moment try to focus only in the fact that's possible to create a kind of "categories" for our accounts on AWS.
But why organizational units?
AWS is not just a "cloud" but a bunch of many services for many purposes. We could host a website, or a server, run LLM process, mine some Bitcoin, use it as a Database and the list goes on...
Because of that, it's common to see in many companies a team divided by "categories" inside of AWS. Usually, the web developer can only access the Staging server, the QA can access the staging and production servers. That's just a few examples.
Each organization unit has a product called "I.A.M" (Identity and Access Management), inside of this service the Root manager can give permissions to each organization unit. For example, someone from the development team usually has permission to access Amazon services like EC2, Elastic Beanstalk, and DynamoDB, but someday a junior developer joined the team and the Root manager thought that it was better to not give him anything except access to Elastic Beanstalk, so he created an organization unit for entry-level developers and the only permission that they have it's to access ElasticBeanstalk!
Okay, we talked about Root Account, O.U., and I.A.M, but only in concepts, it's time to put your hands on the work!
How to make your AWS account!
Go to aws.amazon.com and click on "Sign In to the Console"
Now click on "Create a new AWS account"
Proceed with every step because everything is like making an account on any other website. They will ask you about your address and your E-mail, and they'll ask if you wish to use your account for business or personal use. After all those steps, you'll reach the following form:
Every newbie got afraid only by looking at this screen. But be patient my boy! I'm gonna tell you a little secret:
For an entire year, a free account has 750 hours per month to use as you wish! But after one year of using it, they'll charge your credit card. But here we're all students and even if we use something from this 750 hours, it's gonna be the cheapest possible. So do not get afraid of adding your credit card at this point.
In the next post we're gonna see how to create organizational units and delegate permissions to every user, I hope you like it.
Top comments (0)