SETTING UP A COST-EFFECTIVE AWS ENVIROMENT FOR A SMALL TECH COMPANY

INTRODUCTION

Migrating both human and computing resources to the cloud is one of the smartest moves a startup or a first-time founder can make. This approach boosts efficiency, enhances security, and fosters better collaboration and delegation across teams. However, it's crucial to get the setup right—any missteps in configuring your cloud infrastructure can spell trouble for your business. In this article, I’ll guide you through the best practices for setting up a cost-effective AWS environment to ensure your tech company starts on the right foot.

Overview: We'll cover AWS environment familiarization, Creating AWS account, Identity and Access Management(IAM) setup, cost management strategies(Budgeting). We'll be using Amazon free-tier account for this article.

Prerequisites

• Basic technical knowledge

• AWS Free-tier account

• Web Browser (Access to the AWS management console)

AWS MANAGEMENT CONSOLE
The AWS Management Console is a web-based platform that allows users to access and manage AWS services, such as S3 storage and IAM.

Step 1 Creating an AWS Free Tier Account
In your web browser, search for "AWS Free Tier" to get started.

Step 2
Signup to create a free-tier AWS account by clicking on any of the circled button as seen in the image to create an AWS account.

Step 3
Enter your email address and your AWS account name. Click on verify email address and wait for some seconds, a verification link will be pushed to your email. Check your email and copy the verification code

Step 4
Enter the code to setup your password.

Step 5
To create a free tier AWS account, you need to provide contact information, and specify the purpose of the account(in this case, it's business account), your full name, phone number, country, and address.

Step 6
Enter your Billing Information
AWS adopts the Pay-as-you-go method for billing its users. This means billing comes after usage of a resource. With the free-tier account, one can use some limited services for 12months and if usage is exceeded you'll be charged for extra consumption.

AWS CONSOLE HOME
This is the central hub for accessing and managing your Amazon Web Services which provides an easy-to-use web interface to access wide range of services that AWS offers. Located at the top of the page, the search bar allows you to quickly find AWS services like EC2, S3..

Overview of AWS Services

Identity and Access Management(IAM)
In AWS, IAM (Identity and Access Management) is a service that allows you to manage who can access your AWS resources and what they can do with those resources. It provides secure control over authentication (who can sign in) and authorization (what actions they can perform).

IAM Components
The Major IAM Components are USERS, GROUPS, ROLES AND POLICIES.
-User: Individual identities that represent people needing access to AWS resources. Each user has unique credentials and can have specific permissions.
-Usergroups: Collections of users that share the same permissions. Groups simplify permission management by allowing you to assign policies to multiple users at once.
-Roles: Identities that you can assume temporarily to access resources, usually by applications, AWS services, or users from trusted entities. Roles have specific permissions and do not have long-term credentials.
-Policies: Are set of permissions for users, groups, and roles. They specify what actions are allowed or denied on which AWS resources.

Creating Users And Grops In AWS IAM
IAM is essential for securing and managing access and permissions in AWS effectively. When an AWS account is created, a ROOT USER with full access to all resources is provided automatically. However, since we're migrating multiple teams to the cloud, resource usage will differ across departments. For instance, the I.T department might need access to services like EC2 for server management and CloudWatch for monitoring and logging I.T activities, while the Finance department would require access to services like BUDGET to track cloud expenses. It is best practice to create IAM groups with specific permissions (policies) tailored to each department's needs. This approach not only controls access but also supports cost-effective resource management and strengthens security.
Step 1
Search for IAM in the address bar and Click on Create group

Note:Creating groups simplify permissions management because you can grant, change, and remove permissions for multiple users at the same time. For example, you can create a user group named "Admins" and give that group administrative permissions. Any user in that group automatically has the permissions that are assigned to the group.
STEP 2
Create a name for the group e.g Admin

Step 3
Select a Policy
As shown in the image, you can see a few policies listed. You can select a policy by checking the box next to it or use the search function to find a specific policy, as demonstrated. I assigned administrative access to the Admin group, granting the group full access to all AWS services.

Create Group
Navigate to the end of the page to confirm the group creation.

ANALYSIS OF THE CURRENT CONSOLE
The image illustrates "Admin" group has been created and configured with defined permissions(AdministrativeAccess),but no USER is currently assigned to the group.

CREATE AN IAM USER
Let's name this User Joe,who is an Admin staff in this startup. Firstly we select USER on IAM console.
STEP 1: Select "Create User"

STEP 2: USER DETAILS
The image shows a section of the AWS IAM console during the process of creating a new IAM user. Here is the analysis of the configuration:
Username: The username "Joe" is specified in the text box at the top, indicating the new user being created.
Access Type:

• The option "Provide user access to the AWS Management Console" is checked, meaning this user will have access to log into the AWS Management Console.
• "I want to create an IAM user" – This option is selected, indicating that a traditional IAM user is being created rather than using the AWS Identity Center. Console Password Two options are provided for the password: Autogenerated Password: Not selected. Custom Password: This option is selected, allowing the user to set a custom password for the new user. The password requirements (minimum length and character mix) are listed below the input box. This setup shows that the user "Joe" is being configured with access to the AWS Management Console and a custom password. The configuration emphasizes the creation of a traditional IAM user rather than through AWS Identity Center, and the password is set directly rather than autogenerated. Step 3 At this stage, we are prompted to set permissions for the user. Instead of assigning individual policies directly, we add the user to the Admin group. By doing this, the user will automatically inherit all the permissions associated with the Admin group's policies. This approach simplifies permission management by ensuring the user has the same access level as the group, following best practices for access control and policy consistency. Step 4 Review the User details Final Step Download User credentials Use the downloaded details which contains the login URL for the User "Joe" to access his console.

SET UP AWS BUDGET
Security Best Practices: AWS recommends minimizing the use of the root account because it has unrestricted access to all resources but once the root user configures the initial budget and monitoring tools, regular account usage and management should be handled by IAM users with appropriate permissions
STEP 1
In the AWS console, find the search bar and type "Billing" or "Budget"; you'll see a suggestion for "Billing and Cost Management." Click and create your budget.

Step 2
Setup your Budget
The image shows the AWS Budgets interface for selecting the budget type. Here’s an analysis our selection elements:
Budget Setup
Customize (advanced):This option allows you to create a more tailored budget with specific parameters, such as the time period, accounts, or services to track.
Budget Types
Cost budget (Selected):This monitors the overall cost of your cloud usage. You set a dollar amount as your budget, and AWS alerts you when thresholds are met.
Scroll down and click "Next"

Scroll down to configure your AWS Budget; Naming, Periods and Renewal options.

The image below shows the AWS console’s budget creation page, where you set up a budget to monitor costs. Key details

• Budget Name: Allows you to name the budget, with "BudgetMonitoring" used in the example.
• Set Budget Amount:
  • Period: Set to "Monthly," tracking costs on a monthly basis.
  • Budget Renewal Type: Options include "Recurring Budget" (resets each period) and "Expiring Budget" (stops renewing after a set time). The example uses a recurring budget.
  • Start Month: Set to begin in September 2024. Budgeted Amount is $50
• Budget Preview: Displays a graph of costs from September 2023 to June 2024, showing actual versus budgeted amounts.

Budget Method
The console shows the AWS Budgets creation interface, specifically focusing on selecting a budgeting method. The options provided for budgeting include:

Planned:Our selection/choice allows users to specify the budgeted amount for each budget period individually.
Fixed: Sets a single budgeted amount that applies to every month or period within the specified range.
Auto-adjusting: Dynamically adjusts the budget based on the user’s historical spending or usage patterns.

Scope of options
Our budget scope selection allows us to track all AWS services in this account.

Alert threshold
To effectively manage cloud costs, we’ve set up our AWS budget with a total allocation of $50 for the current billing period. To stay proactive and avoid overspending, we’ve configured an alert threshold at 80% of the budget, meaning we will receive an alert when our spending reaches $40.

Budget Setup Review

Budget Created!

Congratulations! You've just built a fortress of cloud efficiency with just a few clicks, a couple of configs. And remember, managing AWS is a bit like riding a bike: wobbly at first, potentially painful, but once you get the hang of it, you’ll be cruising through cloud configurations like a pro. So, go forth and conquer the cloud, and may your startup be forever cost-effective and infinitely efficient.

If you found this article helpful, please like and follow me! If there's any part where you feel I could have explained things better, feel free to leave a comment, and I'll be happy to clarify.