If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS). When I started using AWS I was completely new to the offering and I really didn’t know what it was, how it worked or what to do once I had access. This article will cover some of the main points to be aware of that may help you when you first start out using the Services they provide.
thing you will want to do is to create an account, AWS offer you the ability to use some of their services for free for a year as long as it falls within their specific ‘free tier’ limits. I used my own personal account for self study and learning and I found these service limits to be perfectly fine for what I wanted to do and test. By default you will have access to ALL services that they provide, and you will only be charged for any services that you use that fall outside of the initial free tier.
The complete service limitations on what the free tier offers can be found here
. The main services that feature within this and the most common that you will initially use are:
- 750 hours worth of EC2 Compute Capacity for RHEL, Linux or SLES t2.micro instances
- 750 hours worth of EC2 Compute Capacity for Windows t2.micro instances
As an example, you could run a single Windows instance constantly for 1 month, or 2 Windows instances for half a month, etc.
Database (DynamoDB - NoSQL)
- 5GB of S3 (Simple Storage Service) Storage
- 20,000 Get requests
- 2,000 PUT requests
- 25GB Storage
- 25 units of write capacity
- 25 units of read capacity
This can handle up to 200M requests per month
To create your free AWS account go to https://aws.amazon.com/
and click Create Account. You will then need to follow some simple on screen instructions to set it up. You will be asked to enter your card details for payment in case you deploy services that fall outside of your ‘free tier’. Without your card details you will not be able to complete the creation of your account. Later in this article I will discuss how to configure your account with a billing alert so you get notified by e-mail if your AWS bill goes above $0.00, trust me it’s nice to have this reassurance when starting out.
Once you have completed your account and signed in to the AWS Console, you will be presented with a screen that looks similar to this
This is the AWS Console Dashboard screen. From here you can select which AWS service you would like to use. It is logically split into different sections, such as Compute, Database, Security & Identity etc.
My suggestions to you from this point are purely from experience and should help you feel a little more comfortable about your account and avoiding any unnecessary spending you may inadvertently expose yourself too.
To start with I suggest you secure your root account that you logged in with by means of Multi-Factor Authentication (MFA). Your initial account is classed as the Account Owner and as such will have Administrative privileges allowing you to do anything within your AWS environment. As such, additional security should be put around this account as best practise to reduce the chance of your account being compromised.
Setting up MFA for your root account
For detailed instructions on how to set up MFA, please view my other article here
and scroll to the bottom where MFA is explained and covered in detail.
Your account owner has full access to all billing information, so my next suggestion would be to set up a Billing Alert to monitor any unexpected costs. This will notify you by e-mail if your expected bill increases above $0. This will give you time to go back into your account and stop any service that is causing the expense.
Activating your Billing Information
Initially the Billing information is not visible, so before you can set up the alerts you must activate the Billing information. To do so, follow the below steps:
1. Log into AWS Console as the AWS account owner (root)
2. Select your account name in the top right and select ‘My Account’
3. Select ‘Edit’ next to IAM User Access to Billing Information and select the check box to activate
Now this is active you can access the & Cost Management from within the console.
At the top of the screen within the Console you will see your username/account, select this and choose Billing and Cost Management
. This allows you to view information such as your bills and payment history, among other useful Billing information.
Setting up a Billing Alert
- Open the AWS Console
- Select ‘Billing and Cost Management’ from your username/account in the top right corner
- Select ‘Preferences’ and check the box ‘Receive Billing Alerts’
- Click Save Preferences
- Select ‘Manage Billing Alerts’ under ‘Receive Billing Alerts’
- This will then open CloudWatch which is a monitoring service within AWS. More information on CloudWatch can be found here. Click ‘Create Alarm’
- You will see a window similar to the above, select ‘Billing Metrics’
- Tick the box for USD currency with the EstimatedCharges Metric Name
- This will display a screen like the above. From here you can specify the time range for this Alarm to be in effect. Leave the ‘To’ box within the Time Range as 0 and this will continue to monitor on an on-going basis
- Select ‘Next’
- Give the Alarm a name and Description as you see fit. You can also specify when you want the alarm to alert you, I have selected for when my estimated charges are greater than $0
- Under the ‘Actions’ section you can specify who you want to be notified by this Alarm. Under the ‘Send notification to” dropdown box add the people who you want to be notified by e-mail. You can create a list of people or just select your own e-mail address
- Click ‘Create Alarm’
Your alarm will now appear in the Dashboard of Cloudwatch and will notify you when your estimated Bill exceeds $0.
Now you have configured your Billing Alerts for any unexpected costs, I suggest than you create a New User and use these new credentials to continue deploying your services.
It’s best practise not to use your root account for your day to day administration. Instead you should set up a new user with the specific permissions you need. Even though you can configure this user to have Admin rights, the Account Owner can still perform higher privileges in certain conditions that other Admins cannot.
Setting up a new User within IAM
To manage users and permissions, you need to use a service called Identity & Access Management, more commonly known as IAM. This is used to manage access to your AWS resources primarily via user accounts, groups and roles and more information can be found here
on the IAM Service.
You will find the IAM Service under Security & Identity within the IAM Dashboard.
Follow the instructions within my article here
on IAM on how to set up New Users and granting permissions. I would also suggest you use MFA for your new Admin user account too.
Now you have set up a new user with the necessary privileges (probably Admin) and implemented MFA on both your root account and this account you should rest assured that access to you environment from a user perspective is now pretty tight.
Simplifying your AWS URL for your account
If you plan on creating and allowing other IAM users to access your AWS environment then you may want to customise the AWS URL that is linked to your account to a more readable version. You may or may not have noticed but from the homepage of IAM there is a section called ‘IAM users sign-in link’. This allows you to send the URL to people who you have IAM accounts and allows them to log in to your AWS environment with those credentials.
Your URL will probably consist of a number of alphanumeric characters and not make much sense at all, it’s certainly not something that is easily remembered. You can customise this URL to something more meaningful to you. To do so, select Customise and follow the on-screen instructions.
Now you have set up a lot of the boring admin side of things, you will probably want to get ahead with starting to deploy some services, let’s start with EC2.
Creating Free EC2 instances
Being new to AWS, I have assumed you will want to stick to the ‘free tier’ initially until you gain a further and deeper understanding on AWS and your environment.
When launching your instances through the EC2 Service, there is a checkbox on Step 1 that allows you to only select the instances that are included within the ‘free tier’
This will then filter all of the eligible instances that you can use. Remember, you need to keep within the 'free-tier' limits for your EC2 usuage.
If you have issues connecting to your EC2 instances over SSH/RDP (and you probably will as most people do) then I recommend visiting my article
on Experts-Exchange that covers the most common causes of this and how to resolve them.
Virtual Private Cloud (VPC)
It is worth understanding the differences between a Default VPC and a Custom VPC as this will help you deploy other services and teach you a great deal about creating your own environment. I suggest trying to create your own VPC as soon as you can to make the most from AWS and its services. Read more about VPCs here
What are Regions and Availability Zones?
I would also suggest you get an understanding on what Regions, Availability Zones and Edge Locations are too as this will help you customise and design your VPC when it comes to it. I have written an article on Experts-Exchange here
that examines this.
Help with Storage options?
There are a number of different storage options available, and it can be a bit of a mine field initially, to help you with this, click here
where I discuss the different storage options and the differences between them.
Additional Security Measures
If you are interested in further security measures for your AWS environment you can read my AWS Security Series here
that covers a wide variety of services and security measures.
I hope this article has helped you to set up your account, given you peace of mind with some cost preventative measures with the alerts and also given you some confidence with the security into your account.
AWS is a huge HUGE topic and there are many service to learn and many architecting features, feel free to contact me using the details in my profile for further information or drop me a message on Experts-Exchange and I will be happy to help where I can.
If you liked this article or found it helpful please click the 'Good Article' button at the bottom of this article, it would be very much appreciated.
I look forward to your comments and suggestions.