AWS IAM & Billing and Cost Management

AWS Identity and Access Management (IAM) is used to enhance security and manage access effectively in AWS, it's crucial to avoid using the root user account for regular operations due to its broad permissions. Instead, creating IAM Users with specific permissions is recommended. IAM (Identity and Access Management) in AWS involves Users, Roles, Groups, and Policies:

• Users: Individuals within your organization who need access to AWS resources.
• Roles: Used to delegate access to resources securely between AWS services.
• Groups: Collections of users. Policies are attached to groups to define permissions for multiple users at once.
• Policies: Documents defining permissions. For instance, the "Administrator Access" policy grants full AWS control.

To enhance security in AWS, avoid using the root account for daily tasks. Create IAM users for individuals needing access and group them based on roles, applying appropriate policies. This ensures controlled access and minimizes security risks associated with unrestricted account use.

Here are the steps to create an IAM (Identity and Access Management) user in AWS:

Step 1 - Sign in to AWS Management Console:
Here are the steps to follow:

• Go to the AWS Management Console and sign in with your root user credentials.
• Type "IAM" in the search bar and select the IAM service from the list.

Step 2 - Access IAM Dashboard:

• In the IAM dashboard, click on "Groups" in the left-hand menu.
• Click on the "Create group" button to begin creating a new IAM group.
• Enter a suitable name for the group, such as "AdminGroup" or any other descriptive name.

Step 3 - Attach Policies:

• In the "Attach permissions policies" step, search for and select policies such as "AdministratorAccess" and "Billing" from the AWS managed policies list. These policies provide permissions for administrative tasks and billing management.
• Review the policies that are attached to the group.
• Click on "Create group" to complete the creation of the IAM group.

Step 4 - Add User:

• Click on the "Add user" button to start creating a new IAM user.
• Enter a suitable name for the user, such as "Admin" or another descriptive name.
• Choose the type of access for the user:
  • Programmatic access: Allows interaction with AWS services via APIs, SDKs, and CLI.
  • AWS Management Console access: Enables sign-in to the AWS Management Console with a custom password. Ensure the option "User must create a new password at next sign-in" is selected.
• Add the user to the IAM group created earlier with defined permissions.
• Review the user details, permissions, and tags (if applicable).
• Click on "Create user" to complete the creation of the IAM user.

Step 5 - Sign-in with IAM User:

• If it's your first time logging in, you'll be prompted to set a new password. Ensure to choose a secure password.
• Access the AWS Management Console either with the provided console login link or by visiting the AWS Management Console homepage directly.
• Once logged in, you can manage AWS services based on the permissions assigned to your IAM user.

Step 6 - Enable Multi-Factor Authentication (MFA):

• Go to the AWS Management Console.
• Navigate to the IAM (Identity and Access Management) service.
• Select "Users" and then your username.
• Under the "Security Credentials" tab, click "Activate MFA" and follow the instructions to enable MFA using a virtual MFA device like Google Authenticator.

Billing and Cost Management

AWS Billing and Cost Management offers tools and resources for monitoring, managing, and optimizing AWS spending and usage. It enables setting budgets, tracking costs, analyzing usage patterns, and accessing detailed billing reports to effectively manage AWS expenses.

Here is the documention on AWS Billing and Cost Management.

Let's configure billing alarm to ensure compliance with AWS Free Tier limits and avoid incurring charges. Below are the steps to achieve this:

Step 1: Navigate to AWS Billing Dashboard
Sign in to the AWS Management Console, then navigate to the "Billing and Cost Management" dashboard under your user account.

Step 2: Access Billing Alarms
In the left-hand menu, go to the "Preferences and Settings" section and click on "Billing Preferences." Next, enable "Invoice delivery preferences" and "Alert preferences" by entering your email ID, and ensure all three options are selected to receive alerts via email.

Step 3: Setup CloudWatch Alram
Now under services, locate the CloudWatch service (which is a monitoring service). Ensure you are in the "N. Virginia" region to create a billing alarm and monitor your bills effectively.

In the left-hand menu, navigate to the "Alarms" section and click on "All Alarms" to view existing alarms or "Create Alarm" to set up a new one.

Now click on "Select Metric", choose "Billing" as the service, then select "Total Estimated Charge", ensure the currency is set to "USD", and click "Select Metric" to proceed.

Step 4: Define Alarm Threshold
Set the alarm threshold just below the Free Tier usage limits to receive alerts before incurring charges. For example, set the alarm when estimated charges exceed $5 if applicable.

Step 5: Configure Notification
Create an SNS topic to receive notifications when the alarm threshold is reached, then click "Next" to proceed.

Step 6: Confirm and Create
Give the alarm a name, then click "Next" to review your settings. Finally, click "Create Alarm" to activate the billing alarm.

You will receive an email to confirm your subscription and start receiving alerts.

Regularly monitor your AWS usage and configure billing alerts to notify you when your usage nears or exceeds the free tier limits. Ensure responsible and secure account management at all times!

Learn how to set up your AWS Free Tier account and access essential cloud services without incurring initial costs here.