A recent tweet from Helen Anderson prompted me to think of a few things that I’ve done in the past when creating new AWS accounts for myself and others. So I’ve put together a list of five first steps — this is by no means an exhaustive list, but it should help those of you who now find yourselves with enough time and elbow room (I don’t know about you, but I prefer to experiment/fail in solitude) to finally play around with AWS.
Logging into the management console for the first time can be intimidating. At the time of this writing, there are a little less than 220 services available in AWS. You don’t need to worry about most of those services — you should only focus on the ones that are most relevant to you. If you’re new to AWS, you should review the free tier documentation to help you make a decision about the services you’ll be using. My suggestions for beginners: S3, EC2, IAM, CloudWatch, and Trusted Advisor (I’ll talk about the last 3 later on in this post).
You can modify your console experience a bit by pinning services to the toolbar at the top of the page. Here’s an excerpt from the console FAQs:
Select the pin icon beside the Resource Groups menu and drag and drop the service links you want to save as shortcuts. You have the option to display the service icon alone, the service name alone, or both together.
When you’re starting out with AWS, it can be tempting to use your root account to manage all of your resources — don’t. You should use the root account sparingly, keep the associated credentials safe, and create an IAM user. Here’s an excerpt from the IAM Best Practices documentation:
Create an IAM user for yourself as well, give that user administrative permissions, and use that IAM user for all your work.
I recommend you stick to the advice detailed in the IAM Best Practices docs. If some of the concepts in that doc seem unfamiliar or daunting, then I suggest you focus first on these: grant yourself and others only the needed privileges, enable multi-factor authentication (MFA), and configure a strong password policy for all users in your account. Follow this guide to setup an admin user, then set up other users, groups, and roles whenever you can.
You may not think you need to use the CLI initially, but I highly recommend installing it anyway. Once you get more familiar with AWS, you’ll find that it’s just more efficient to do certain things using the command line. For example: I sometimes have to create upwards of fifteen users for 757ColorCoded workshops. I could do that manually in the console, but it takes a fraction of the time for me to create those users with a simple BaSh for-loop. The CLI installation and configuration steps are well-documented. You might as well get it out of the way before you actually need to install it. That way you have it.
Even if you’re using the free tier — actually, especially if you’re using the free tier — you should set up a billing alarm in CloudWatch to make sure you’re not unknowingly spending money. It’s pretty easy to accidentally exceed some of the free tier usage limits, or forget about resources you’ve created. You might, for example, set up some beefy EC2 instances in Oregon for a high availability experiment and, hypothetically speaking of course, forget to shut down those instances for a few weeks. Then, in theory, you might get a shocking bill, because you usually use other regions for HA and don’t see any EC2 instances when you log into the console and go to those regions (I mean why in the world would you randomly spin up 2 ridiculously over-provisioned servers in the west coast for no good reason????). That could possibly happen to someone.
Trusted Advisor helps keep your account in line with AWS best practices. It makes recommendations about — among other things — security, performance, and cost optimization. The Basic Trusted Advisor support plan is included in all AWS accounts (read: IT’S FREE). I’ve found it to be especially useful.
That’s all I’ve got for ya. I’m going to be playing around with Athena Federated Query a bit over the next few weeks. If you’ll be doing the same, or if you have any questions about anything I’ve written, you can comment here or ping me on Twitter.