Article by: Obafemi Deborah
Hey there,
Are you looking for a Cost-Effective AWS environment for your startup? You've just found the right content to simplify the Processes.
Are you Ready? Let's go đâ
Prerequisite to help you get started
Have an AWS account
Have a working PC
Click Here to get the essentials and benefits of using cloud facilities for your startup.
INTRODUCTION TO AWS
Amazon Web Service (AWS) is a cloud service provider that creates opportunities for organizations to cut costs and save time by providing the platforms, applications, and infrastructures required to process and save data securely. It has over 200 services as at March 2024. Examples of these services include;
⢠IAM (Identity Access Managemnt); Manages access to AWS resources.
⢠EC2 (Elastic Compute Cloud); A virtual server in the cloud.
⢠S3 (Simple Storage Service); A scalable Storage in the cloud.
⢠Lambda etc
The Two basic Ways to Access AWS are:
Command-line Interface (CLI): A terminal with a black environment or interface. Interactions are based on commands.
Graphical User Interface(GUI) also called AWS Management console; Called ClickOps. It is user-friendly, allows clicking, and uses Icons/graphics.
To Use AWS, each user must have an identity. This Identity could be
⢠A user; AWS addresses Identity most especially as users
⢠A service
⢠An application
There are two Major types of users in AWS;
⢠Root user: This is the initial user that comes with AWS. He is the account owner. Please note that it is not a good practice to continually use the root account in case of a password breach, thus the need for an IAM user.
⢠IAM(Identity and Access Management) users; One of AWS services that allow you to migrate an Organizationâs architecture to the cloud and manage Access to AWS resources.
Migration in AWS
A cloud engineer moves an organizationâs architecture to the cloud. Before migration, as a cloud engineer, you must evaluate and categorize your tasks to make migration easy.
IAM components Mostly used are;
⢠Users
⢠Groups/User groups
⢠Policies
⢠Roles
Steps to Creating a User in AWS
Launch/Signin to your AWS account
On the search bar, type âIAMâ
On the left Pane, click on âUsersâ then click on âCreate userâ
Enter the User name, Check the âProvide user accessâŚâ box, select âI want to create an IAM userâ, and Create your âpassword.â Ensure to check the box to ensure user change password at login. Then click in âNextâ. It is not a good practice to save password over the browser, so click on âNeverâ when the prompt displays.
Next is to set permission. Choose the âAttach policy directlyâ option and click on âNext.â
Next, review the account, add a tag (Designation/Title) where necessary, and click âCreate user.â
Finally, Copy the URL and send it to the User. Save the Credentials if need be.
Next, the User copies and pastes his/her URL in a browser. On the login page, the User logs in with his/her account ID and password. (Note that all Users created under a root Account have the same ID.)
The user is then prompted to change his/her password based on the option selected at account creation.
Note: if you are following my steps to practice, ensure to open the new IAM created in another browser, as AWS allows only one account in a browser or use âNew Incognito window.â
NOTE:
Creating an IAM user that will be able to perform/have privileges like the root account, we must attach the âAdministratorAccessâ policy because by default, all users are denied access
USER GROUP in AWS:
This allows users to inherit the permission attached to a user group instead of individually attaching permission to users
Steps in Creating Groups in AWS
Select âUser groupâ on the pane on the left and select the âCreate groupâ button.
Enter a user group name and click on "Next
You can see that it has no user and Permission is not defined. This means that the users in the group does not have permission to do anything. Select the Group name âSupplyChainâ
Next, click on âUsersâ then select âAdd usersâ
Check the box of the users to be added and click on âAdd Usersâ
Next, select âPermissionsâ
Select âAdd permission,â then click on â Attach policiesâ
Check the box of the Policies you need and click on âattach Policyâ
Before Permission was attached
After Permission is attached
POLICIES IN AWS
Policies, when associated with an entity or resource, define their permissions. It is said to be a collection of permissions.
Some Basic Policies in AWS
There are a lot of policies in AWS that allow users some privileges.
Categories of Policy creation:
- Customer manages(Policies created by a user)
- AWS managed( Policies Created and managed by AWS)
- AWS managed-Job Function(Created by AWS but designed for a specific function or role e.g for billing, Readonly, Audit etc)
For example, the ReadOnly Policy can be assigned to an auditor who only needs to review an account. It helps restrict unauthorized modifications to sensitive files, reducing the risk of data tampering or malware attacks(https://www.lenovo.com/us/en)
AWS SECURITY:
Security must be considered when migrating to the Cloud for your startup. This is important for data Security and Integrity. AWS provides this feature using the IAM.
Looking at IAM in the Authorization and Authentication context, we consider the following:
WHO; Who has Access to what?
WHAT; What level of permission?
WHERE; Where to get what?
HOW; and how to get it.
One way to apply some level of security is "Enabling Multi-Factor Authentication(MFA)" feature. it checks for the following;
⢠Something u know( password/pin/signature)
⢠Something u have (token, OTP)
⢠Something u are(fingerprint, any biometrics)
Steps to enabling MFA
On your IAM account, click on the profile name and select "SECURITY CREDENTIALS" or from users, select the account name, then Click on "Enable MFA"
Select "ASSIGN MFA"
Download Google or MS authenticator on ur mobile phone. Select the authenticator app, then click "Next." Click on "Show QR code." Use your authenticator to scan the QR code and enter the two codes displayed. Then click on "Add MFA"
Billing and Cost Management in AWS
Using cloud facilities is not free, but it is affordable. For your startup, monitoring cost consumption for control and optimization is essential.
Steps to creating Budgets in AWS
On your IAM account, search for "budget", or on your profile name, click "Billing and Cost Management."
Next, click on "Create Budget"
You can create a Budget using a template or a Customized method
Select and fill in the necessary details then click "Create Budget"
Add alert threshold to notify you on your usage
"Review" and "create Budget"
When successfully created, we get this
Summary
Most startups are moving to the cloud because of its cost-effectiveness and ease of use. You won't have to break the bank to have your company migrate. This article has shown the ease of migration and ways to secure, optimize, and control costs using the budgeting mechanism. I'm looking forward to seeing you in the cloud.
References
Skill Africa
Achiever
Top comments (0)