Introduction

This article serves as the introductory entry on my “Automated Cloud” series, as well as covers the first task of setting up an AWS account.

Motivation

I’m currently aiming to get certified for the AWS Solutions Architect - Associate examination, and have been using various materials (courses, whitepapers, blogs, etc.) to prepare. Absorbing the theory has been fine, but I feel that I need to supplement it with some hands-on experience. That’s when I came by this wonderful Reddit post by u/SpectralCoding and thought this would be a perfect set of exercises to get my hands dirty and apply my theoretical knowledge.

I plan to do all the tasks manually, using the AWS Console, to fully appreciate how to operate the required resources. Upon satisfaction of this manual setup, I would try to automate the provisioning and configuration using appropriate tools, most probably Terraform and Ansible.

Do note that I do have experience deploying applications on AWS, as well as managing them using Terraform and Ansible. But I think that the iterative “from-scratch” approach that I’ll be doing with these tasks could yield a lot of learning potential.

The Tasks

  • Account Basics (this article)
  • Web Hosting Basics
  • Auto Scaling
  • External Data
  • Web Hosting - PaaS + S3
  • Microservices
  • Serverless
  • Continous Delivery

Task #1 - Account Basics

This series assumes the use of a new AWS account operating under the 1 year Free Tier. The tasks to accomplish for this article is as follows:

  1. Create an IAM user for your personal use.
  2. Set up MFA for your root user, turn off all root user API keys.
  3. Set up Billing Alerts for anything over a few dollars.

Personal IAM User

The “root” AWS user is the one you access when you first login to a fresh AWS account. This user has all the elevated controls for all available resources, so it is paramount to not use this user aside from the initial setup. We use the AWS IAM service to manage the users and permissions for an AWS account.

I created a personal user for this project with access to the Billing and AdministratorAccess policies. The IAMUserChangePassword is there as well since the account needs to change its own password upon logging in the first time.

MFA, disable root API keys

To further lockdown the root user, enabling Multi-Factor Authentication is considered best practice. To do this, you go to My Security Credentials > Multi-factor Authentication (MFA) > Assign MFA Device.

As for the root API keys (Access Keys), a fresh account should not have any keys generated yet. If you have keys already on a root account, you can disable them by going to My Security Credentials > Access keys (access key ID and secret access key).

Billing Alerts

Billing alerts, or Budgets in the AWS console, is a great way to track your cloud spendings and not be surprised when the monthly invoice comes. Given that our account operates under the Free Tier, it is also the perfect way to keep our costs to a minimum when utilizing AWS resources that are not covered / exceed the Free Tier limit.

To create a new Budget, go to Billing > Budgets > Create Budget.

That should do it for the first task!

Automation

How do I automate all of this? At this point, I think this is a “meta-task” that precursors the rest of the project, and automating it would not yield many benefits. I’m curious about your thoughts on this, so please comment below if you think otherwise.

The automation starts on the next task where we provision an EC2 instance and serve a simple web page.

I’ll see you on the next part.


Got any feedback or suggestions? Feel free to send me an email or a tweet.
Ciao!