DevOps 7.1 : AWS Initial Setup
"Empower Your AWS Journey: From IAM User Creation to Billing Alarms and Website Certificate Setup"
Creating IAM User:
Creating an IAM user instead of directly using the root user enhances security by adhering to the principle of least privilege. IAM users allow you to assign specific permissions needed for tasks, reducing the risk associated with using the powerful and all-encompassing root user credentials. This practice improves access control, traceability, and overall security posture within AWS services
STEP are as follows:
Search for IAM user in the search bar. And Click the IAM service.
Click on the Add MFA visble on the screen.
Give your device name e.g. myphone and select the Authenticator app option.
Open the APP and click on the plus button on the app.
Scan the QR and enter the two MFA codes consecutively refresh after 30 seconds each.
Now go to Users (it is present in the sidebar) and creat IAM user by clicking Create User.
Set the below details as shown.
Click on the required fields to set permission for IAM User. And Click Next
Click next again and the click on create user. Now download the .csv file shown in the page.
This .csv file contains username and password to login in to the Console sign-in URL option shown in the page. Now click on Return to users list.
Let's setup MFA for the above user we had created. Click on itadmin (The user we just created).
Click on security credentials and the click on Assign MFA device.
And follow the same process we did for the root user.
Let's Login through IAM User:
Go to IAM service and click on dashboard.
In the right side click on create alias. Give a alias name and click on create alias.
Now copy the url sign-in url below. And sign in with credentials present in the .csv file.
So now you are logged in with itadmin.
Now you can explore the option for the itadmin user.
Let's Setup the Billing Alarm:
Setting up a billing alarm is crucial for cost management in AWS. It helps you monitor your usage, avoid unexpected charges, and ensures that you stay within budget constraints. This step is fundamental to maintaining financial control and optimizing your AWS resources. We will using cloudwatch service for it.
Steps are as follow's:
Click on your username and select Billing and Cost Management.
In the sidebar click on Billing preferences.
Click on Edit option in Invoice delivery preferences. And checkmark the field and click update
Click Edit on Alert preferences and select the below option and click update.
Now in the search bar search for an service called CloudWatch.
In the sidebar click on All alarms and then click on Create Alarm.
Click on Select Metric on what you want set the alarm.
Click on Billing -> Total Estimated Charge. Select the currency USD. And Click on Select Mertric.
Give the threshold value up to which you want set. And then click on Next.
Click on Create Topic, give topic name and email address. And then click on Create Topic and then click on Next.
Enter name and description of message and click Next. And then click on Create Alarm.
Confirm the subscription which is sent to your email.
Now you set your billing alarm.
Create a Certificate:
We will be generating a secure certificate using AWS Certificate Manager service, enhancing the security and trustworthiness of our system.
NOTE: This part is required only if you have purchased a domain otherwise you can skip this part.
Steps are as follow's:
Search for Certificate Manager in the AWS search bar and click on the service.
Click on the Request a Certificate button.
And then click on request a public certificate and click next.
Go to tags set key as Name and value as your domain name e.g. example.xyz
Refresh and click on the id.
In the domains part you will see cname and cname value. Copy the value and add it to record in your domain registrar.
If the status shows issued then validation is completed.
So that's how add certification to your website.
Conclusion:
In this comprehensive guide, we've covered the essential steps for securing and optimizing your AWS environment. From creating a dedicated IAM user for enhanced security to setting up a billing alarm for financial control and ensuring trust with SSL certificates for your website. Empower your AWS journey with these foundational practices.