First step in your AWS hands on should start from here. I assume you already created a personal account using your email address.
Account created using email address is called as root user, by default this user has full access to all AWS resources (No restrictions)
Important considerations for AWS account:
- An AWS account is a container for identities(users) and resources
- Using an email address, you can sign up for AWS account
- Personal use of creating AWS account by default it created as free-tier account and some of the services free for 12 months. Check this link for complete details (https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc&awsf.Free%20Tier%20Types=tier%2312monthsfree&awsf.Free%20Tier%20Categories=*all)
- Create AWS account by simple registration process and anyone who is having valid credit card and check this link for more details (https://aws.amazon.com/premiumsupport/knowledge-center/accepted-payment-methods/)
- By linking your credit card AWS account is created and by default root user has full access for all AWS services
- Single credit card can be used for many AWS account creation process
- AWS account creation process can be the same for all environments (Development, testing, production & DR) using different email addresses
- It’s not recommended to use root user for day-to-day operations of using AWS services
- Using root account user create new Admin users (with proper roles/policy attached) with Full administrator access (and Billing module access)
- With root user login, “Enable IAM User & Role access to billing”
- If you didn’t assign any policy/roles to new user creation, by default user is no access to any of the AWS resources
- After Admin user is created, then we can create multiple users based on the role/policy (Developers, testers, DBA’s etc.,,)
- Best security policy is to enable MFA (Multi Factor Authentication) for all the users including root user
- Recommended best practice is create groups and attach policies/roles to it and users should be mapped to groups (this process makes easier on managing roles/policies for all users)
- Pay-as-you-go model is whatever the services you are using it will be charged per min/requests and charges is deducted from your payment method (Credit card)
- If the user doesn’t belongs to any group/role/policy by default no access to any of AWS resources
- As a best security practice, set password rotation policy for the users
- AWS Account IAM user can be assigned always with only one username & one password
- An IAM user can have TWO access keys (Active) o Access Key ID: SYAWLASKCORSWAACCESS o Secret Access Key: SYAWLASKCORaws/5SE5CR5ET5ACC3ESS5kEY
Top comments (0)