To further lockdown the root user, enabling Multi-Factor Authentication is considered best practice. To do this, you go to My Security Credentials > Multi-factor Authentication (MFA) > Assign MFA Device.
As for the root API keys (Access Keys), a fresh account should not have any keys generated yet. If you have keys already on a root account, you can disable them by going to My Security Credentials > Access keys (access key ID and secret access key).
Billing alerts, or Budgets in the AWS console, is a great way to track your cloud spendings and not be surprised when the monthly invoice comes. Given that our account operates under the Free Tier, it is also the perfect way to keep our costs to a minimum when utilizing AWS resources that are not covered / exceed the Free Tier limit.
To create a new Budget, go to Billing > Budgets > Create Budget.
That should do it for the first task!
How do I automate all of this? At this point, I think this is a “meta-task” that precursors the rest of the project, and automating it would not yield many benefits. I’m curious about your thoughts on this, so please comment below if you think otherwise.
The automation starts on the next task where we provision an EC2 instance and serve a simple web page.
I’ll see you on the next part.
Got any feedback or suggestions? Feel free to send me an email or a tweet.