DEV Community

Cover image for Creating a Budget-Friendly AWS Environment: A Step-by-Step Guide for Small Tech Startups
Izuchukwu Nwachukwu
Izuchukwu Nwachukwu

Posted on • Edited on

Creating a Budget-Friendly AWS Environment: A Step-by-Step Guide for Small Tech Startups

Introduction

Starting a tech startup is exciting, but keeping costs low while maintaining a robust IT environment can be challenging. Amazon Web Services (AWS) offers a powerful, scalable platform that can grow with your business without breaking the bank. In this article, I will be guiding you you through setting up a cost-effective AWS environment tailored to the needs of a small tech startup. We’ll begin with familiarizing you with the AWS Management Console, where it all comes together.

Before we dive into the AWS Management Console, let’s take a moment to understand the backbone of what we’re working with, the AWS Cloud.

AWS Cloud
The AWS Cloud is a global network of data centers that offer scalable and secure cloud services. With AWS, you can deploy applications in various regions and availability zones, ensuring they remain highly available and reliable.

Amazon Web Services (AWS) provides a wide variety of cloud-based services, with over 200 offerings spread across 26 categories. These categories encompass a wide range of solutions, including computing power, migration and transfer, storage, databases, networking, compute, machine learning, security, and more. This extensive portfolio allows businesses of all sizes to build, deploy, and scale applications efficiently on the cloud.

The AWS Cloud spans 108 Availability Zones across 34 geographic regions, serving 245 countries and territories, and has announced plans to add 18 more Availability Zones and six new regions in Mexico, New Zealand, the Kingdom of Saudi Arabia, Thailand, Taiwan, and the AWS European Sovereign Cloud.

1. AWS Environment Familiarization

a. Introducing the AWS Management Console

The AWS Management Console is your go-to web app for managing everything in AWS. Think of it as a central hub where you can access all the individual AWS service consoles, like EC2, S3, and IAM. It’s not just a place to launch and manage services; you can also easily browse services, create resources such as instances and databases, and monitor your costs with tools like Cost Explorer to track your usage and spending. Plus, you can search for what you need, check notifications, use AWS CloudShell, and keep track of your account and billing info.

The home page of the AWS Management Console is called AWS Console Home. This is where you can oversee your AWS apps and explore other service consoles. Plus, you can make AWS Console Home your own by adding widgets. These widgets can show you useful info about your AWS resources and services. You can easily add, remove, or rearrange widgets like Recently Visited or AWS Health to keep the info you need right at your fingertips. Let's dive into the essentials.

Getting Started with the AWS Management Console
So, you’ve read about AWS and want to get your hands dirty with cloud computing. Whether you’re new to tech or just curious about what AWS can do, the next part of this article will help you navigate the AWS Management Console, the control center for all things AWS. Ready to explore?

Your Dashboard
When you first log in, you’ll land on the AWS Management Console Dashboard. Think of this as your command center. From here, you can see a quick overview of your AWS environment, including recent activities, shortcuts to your most-used services, and a snapshot of your spending (Remember, staying on budget is key)

The Navigation Bar
At the top of the screen, you’ll find the Navigation Bar. It’s packed with useful tools to help you get around:

  • Search Bar: Quickly find services by typing in the name (e.g., "EC2" or "IAM"), and it’ll pop up instantly.

  • Services Menu: Click here to see the full list of AWS services, organized into categories like Compute, Storage, and Databases. If you’re new, don’t worry about exploring every service—just focus on the ones that match what you’re working on.

  • Region Selector: AWS has data centers all over the world. Use this to choose where your resources live.

  • Account and billing Info: Easy access to your billing information and cost breakdown. Additionally, you can manage your account settings and security credentials here.

Services Menu: Your AWS Playground
Clicking on the Services Menu opens up a treasure trove of AWS tools. Don’t get overwhelmed — AWS offers over 200 services, but you don’t need to learn them all at once. Some examples of a few key categories to get you started are, Storage, Databases, and compute.

Solutions section
The Solutions section on the AWS Console Home page offers easy-to-use workflows and guide that walk you through setting up various AWS services, making it simple to create the resources you need for your projects. It's a quick and practical way to learn AWS while getting your solutions up and running.

Personalized Widgets
With widgets, you can personalize your AWS dashboard to display exactly the information you need at a glance.

Using Markdown in the AWS Management Console
In the AWS Management Console, particularly with services like Amazon CloudWatch, you can enhance your reports and dashboards by using Markdown. Markdown is a lightweight markup language that allows you to format text in a simple and readable way. Here’s a breakdown of how you can use Markdown to customize your content:

  • Paragraphs, Line Spacing, and Horizontal Lines:
    Markdown makes it easy to separate text into paragraphs and control line spacing. You can also use horizontal lines to create visual breaks in your content.

  • Headings:
    Organize your text with various heading levels, which help in structuring your content and making it more readable.

  • Text Formatting:
    Apply bold, italics, or other text styles to highlight important information or add emphasis where needed.

  • Links:
    Insert hyperlinks to direct users to additional resources or related content.

  • Lists:
    Create ordered or unordered lists to present information in a clear and organized manner.

  • Tables and Buttons (CloudWatch Dashboards):
    In Amazon CloudWatch dashboards, you can use Markdown to create tables for structured data and include buttons for interactive elements.

By leveraging Markdown in the AWS Management Console, you can create well-organized, visually appealing, and informative content to better manage and present your AWS resources.

User Access: Who Gets In
AWS lets you control who can access your environment. With IAM (Identity and Access Management), you can set up users, assign roles, and define permissions. Think of it as managing the entry passes to your own little AWS kingdom.

AWS-Console-Overview
A descriptive photo of an AWS Management console

b. Navigating Through Different AWS Services

Once you're familiar with the console, let's explore some of the services you'll use most often: EC2 (Elastic Compute Cloud) for virtual servers, S3 (Simple Storage Service) for scalable data storage, and IAM (Identity and Access Management) for controlling access.

There are several ways to find and navigate the services you need in AWS. You can always click on the Services menu at the top to see a list of all the services, neatly organized by category, or just use the Search bar to quickly find what you’re looking for. On the Console Home page, you can also pick services from your Favorites or Recently visited widgets for quick access.

Navigating EC2 (Elastic Compute Cloud)

What is EC2?
Amazon EC2 is a web service that offers scalable compute capacity in the cloud. It’s designed to make scaling of capacity up and down easier for developers.

Steps to Access EC2 on the console:

  • Sign in to the AWS Management Console.
  • Use the search bar at the top, type “EC2”, and select it from the dropdown to open the EC2 dashboard.
  • In the EC2 Dashboard, you can launch new instances, view existing instances, monitor performance, and manage security groups.

EC2 navigation

In the AWS Console for EC2, you'll find several sections designed to help manage EC2 instances, including Services that list key EC2 components like Instances and Security Groups, Features highlighting tools such as Auto Scaling and Spot Instances, and Resources like Quick Start Guides and best practices. There’s also a New section for updates, Documentation for in-depth articles, Knowledge Articles for troubleshooting, and the Marketplace for pre-configured software. You can also access Blogs for insights, Events for AWS-related webinars, and Tutorials for step-by-step guidance on EC2 topics.

Navigating IAM (Identity and Access Management)

What is IAM?

AWS Identity and Access Management (IAM) is a web service that allows you to securely manage access to AWS resources. With IAM, you can define permissions that regulate which AWS resources users can access. It helps you control who is authenticated (logged in) and authorized (granted permissions) to use specific resources. IAM provides the framework to manage both authentication and authorization for your AWS accounts.

Steps to Access IAM in the console:

  • In the Console, go to the search bar, type “IAM”, and select the service or resource you need.
  • The IAM Dashboard lets you manage users, groups, roles, and permissions.
  • You can create new users, set permissions, or manage existing access policies.

IAM navigation

When you search for IAM (Identity and Access Management) in the AWS Console, you can access a variety of related resources, including: a list of Services and Features specific to IAM, various Resources, extensive Documentation and Knowledge Articles, related Marketplace offerings, numerous Blogs discussing IAM topics, upcoming Events related to IAM, and a Tutorial to help you get started.

Navigating S3 (Simple Storage Service)

What is S3?
Amazon Simple Storage Service (Amazon S3) is an object storage service renowned for its exceptional scalability, data availability, security, and performance. It is designed to accommodate customers of all sizes and sectors, allowing them to store and safeguard unlimited amounts of data for various purposes, including data lakes, websites, mobile apps, backup and restore, archiving, enterprise applications, IoT devices, and big data analytics. Amazon S3 also offers management features that enable you to optimize, organize, and control access to your data, ensuring it meets your specific business, organizational, and compliance needs.

How to Access S3 in the console:

  • Go to the search bar, type “S3”, and select it.
  • In the S3 Dashboard, you can create and manage storage buckets.
  • From here, upload files, manage object permissions, and configure bucket settings.

c. Important Settings and Information

  • Billing and Cost Management Dashboard - Track spending, set up cost alerts, and manage budgets.

  • Security Settings (IAM) - Create users, manage roles, and enforce Multi-Factor Authentication (MFA).

  • Region Selector - Choose geographic regions for resource deployment.

  • Monitoring (CloudWatch) - Set up alarms, track metrics, and create custom dashboards.

  • Network Settings (VPC) - Manage subnets, security groups, and route tables.

  • Instance Management (EC2) - Configure, launch, and manage virtual servers.

  • Storage Management (S3) - Manage buckets, versioning, access control, and lifecycle policies.

  • Database Configuration (RDS) - Set up backups, multi-AZ deployment, and read replicas.

2. Basic IAM Setup

As a small tech startup, managing your AWS environment efficiently is crucial for staying within budget while ensuring that your team has the right tools to succeed. One of the first and most important steps is setting up Identity and Access Management (IAM) properly. IAM helps you manage access to your AWS resources by controlling who can access what.

In the next part of this article, I'll walk you through the basics of setting up IAM for your startup, including creating users, groups, and assigning permissions. This will help you maintain a secure and cost-effective AWS environment.

a. Importance of Creating an IAM User with Privileges

When you create your AWS account, the default user is the root user, which has full access to all resources. However, it's a best practice not to use the root account for day-to-day tasks. Instead, you should create IAM users with specific permissions based on their roles. This limits the potential for errors or security risks.

How to create an IAM user with privileges:

  • Sign in to the AWS Management Console as the root user.
  • In the navigation bar, choose Services, then select IAM.
  • In the IAM Dashboard, choose Users, then select Add user.
  • Enter a username for your new user. For example, this could be "Admin" if the user needs admin-level privileges.
  • Under Access type, select Programmatic access if the user needs access to AWS CLI, or AWS Management Console access for the web console.
  • In the Permissions section, choose how you want to set permissions:
  • Attach policies directly (e.g., "AdministratorAccess" for full privileges or "PowerUserAccess" for high-level access without full root permissions).
  • Once created, the IAM user will have privileges that match their role without exposing the root account, ensuring better security and accountability.

b. Creating an IAM Group for General Users

IAM groups are useful when you need to manage permissions for multiple users with similar roles or access requirements. For instance, if your startup team includes developers who only need access to certain AWS services, placing them in a group ensures you can manage permissions in bulk, rather than assigning policies to each user individually.

Steps to create an IAM group:

  • In the IAM Dashboard, choose Groups, then click Create New Group.
  • Name the group, for example, "Developers" or "GeneralUsers".
  • In the next step, attach the appropriate policy, such as ReadOnlyAccess, which grants view-only access to AWS resources without the ability to modify them.
  • Review the settings and click Create Group.

By creating a group, you can easily add or remove users and modify their permissions as the team grows or changes. This simplifies user management and ensures a consistent application of permissions.

c. Assigning Basic Policies and Permissions

AWS IAM policies allow you to control what actions users can perform and which resources they can access. One of the most important steps in IAM setup is assigning appropriate permissions to ensure that users only have the access they need.

For example, providing ReadOnlyAccess to developers or testers ensures that they can view resources like EC2 instances or S3 buckets, but they won’t be able to accidentally modify or delete anything.

How to assign policies/permissions:

i) When creating a new user or group, select Attach existing policies to assign predefined permissions. For example:

  • ReadOnlyAccess: Grants users the ability to view AWS resources without making changes.
  • **S3FullAccess: **Grants full access to S3 resources if the user is responsible for managing cloud storage.
  • EC2ReadOnlyAccess: Grants view-only access to EC2 instances and related resources.

ii) For more advanced setups, you can create custom policies. This allows for fine-grained control over specific resources, such as only allowing access to certain S3 buckets or specific EC2 instances.

By applying the principle of least privilege, you ensure that each user only has access to the services they need, minimizing the risk of accidental changes or security breaches.

References

  1. Amazon Web Services. "AWS Management Console." AWS Documentation, 2024

  2. w3schools aws_cloudessentials.

  3. Amazon Web Services, "Intoduction to IAM" AWS Documentation, 2024

Top comments (0)