Skip to main content

[[TOC]]

1. Creating the General AWS Account

Notes:

Create Management Account

1 Go to aws.amazon.com and click on sign up. 2. Enter in email address (remember it has to be unique), password and confirm 3. Enter in your Account name and click Create 4. Enter in your personal contact information 5. Enter your Credit Card info 6. Confirm your identity 7. Select Basic Support (or if you want to pay a lot more, pick another one) 9. Wait for the account to be created.

Log In as Root User

  1. Log in using the root email and password

Account Key Personnel

Add the names of the key personnel to the AWS account.

Enabling IAM Users' Billing Information

  1. On the settings page, click Activate under the IAM User and Role Access to Billing Information tab.

2. Securing your AWS Account

  1. Download an app on your phone- Authy, Google Authenticator, etc.
  2. Click on Account dropdown and select My Security Credentials
  3. Click on the MFA dropdown and select Activate MFA
  4. Select Virtual MFA Device
  5. Open the app and scan the code
  6. Enter in the two codes consecutively and click Assign MFA
  7. Test by logging out and then logging back in again. You should be prompted for your MFA token

3. Creating Billing Alerts

Set Up Email Notifications

  1. Log into account as root
  2. Click on account name at the top and select My Billing Dashboard
  3. Click Billing Preferences
  4. Tick all the boxes
  5. Click Save Preferences

Create Billing Alarm in CloudWatch

  1. Navigate to the CloudWatch console.
  2. Click Create Alarm
  3. Click Select Metric > Select Billing Metric
  4. Select the Total Estimated Charge and check the box next to US and click select Metric
  5. Under Conditions, Set to static, and then set Greater Than to whatever you'd like it to be.
  6. Click Next
  7. Configure Notifications - set the trigger to In Alarm
  8. Under Select an SNS Topic, Click Create New Topic and name the topic
  9. Enter your email and add. Click Next
  10. Name and preview and create the alarm. image.png
  11. Check your email - there should be one in there for the SNS topic creation

Allow Billing Information Access to Users

  1. Click on the account dropdown and go to My Billing Information
  2. Scroll down, edit and update IAM User and Role Access to Billing Information image.png

3. Adding an IAM Admin User

  1. Log into the IAM console as the root user

Customize the Sign In URL

  1. Click Customize on the Sign-in URL
  2. Enter in a valid url and click Save
  3. Copy this URL down for later. Maybe save as a favorite.

Creating Admin User

  1. Click Users, then Add User
  2. Name the user
  3. Select the Access type a. Programmatic b. Console access
  4. Set password and untick the Require password reset box.
  5. Click Attach existing policies directly
  6. Select AdministratorAccess policy a. Review the policy summary to understand what this is granting
    b. Allow * (all) on resources * (all) image.png
  7. Click Tags and enter tags if applicable.
  8. Click Create User
  9. Log out of the root account

Log In As The New User

  1. Navigate to the URL you copied down earlier. image.png
  2. Enter in the username and password you just created
  3. Navigate to MFA and set MFA on this user.
  4. Log out and log back in to test MFA

4. Adding an IAMAdmin user to the Production account

Follow the same steps as above.