User Tools

Site Tools


aws

This article gives you a short introduction into using AWS for small setups like hosting a private web server or mail server. You will require network knowledge, system administration knowledge and the AWS documentation to follow the article.

Registration

The first thing you need to do is register an AWS account. Everything you will do is related to this account: creating users, configuring networking, launching instances and reading your bills.

User and account management

Creating users

The AWS account is comparable to a root account on a Linux system, it has wide-open privileges and is therefore not suited for your day-to-day work. For this reason the first two things you should do is securing your AWS account and creating user accounts with just the right amount of permissions. You do this via the IAM (Identity and Access Management) service.

Note that your account is identified by a long number that you will come across in multiple places when using AWS.

To improve security for the AWS account and your user accounts you should use two factor authentication. You will need a dedicated MFA device or software for a mobile device. I recommend the first variant because it is much more secure.

It is also a good idea to apply a password policy which will forces users to chose passwords with reasonable entropy. That said, any password policies can be circumvented if your users are lazy enough.

Creating an administrative user

As we discussed administering your AWS resources with the AWS account is not a good idea. We are therefore going to create an administrator

To create a user:

  1. “IAM” > “Users”
  2. Click “Create New Users”
  3. Enter “admin”
  4. Click “Create”
  5. Save the ID and key ID in a key ring (it will only be displayed once!)

You might find this strange but by default the new user has no password associated. This does not mean the user can sign in without password. It means the user cannot sign in at all.

To add login credentials:

  1. “IAM” > “Users”
  2. Click the list entry “admin”
  3. In the section “Security Credentials” find “Sign-in Credentials”
  4. Click “Manage Password”
  5. Choose “Auto generated password” for a secure random password
  6. Display and save or download the password.

Note that the generated password will comply to the password policy you set earlier. Another reason why the policy should be strict.

I recommend adding an MFA device for the user too. Consult the AWS documentation on MFA for details

Creating groups

Creating an administrator group

To create the admins group:

  1. “IAM” > “Groups”
  2. Click “Create New Group”
  3. Enter the group name “admins”
  4. Click “Next Step”
  5. Attach the “Administrator Access” policy
  6. Click “Next Step”
  7. Click “Create Group”

Now we need add our “admin” user to the “admins” group:

  1. “IAM” > “Users”
  2. Click the list entry “admin”
  3. In the section “Groups” click “Add User to Groups”
  4. Select the “admins” group
  5. Click “Add to Groups”

Signing into your account

Your users login to the account via the following link

https://<aws account number>.signin.aws.amazon.com/console 

Since this link is quite hard to remember, you can set an alias.

  1. IAM: Dashboard → Customize (next to “IAM users sign-in link”)
  2. Enter a human readable account alias

So if you entered “my-example” as account alias, the link will be

https://my-example.signin.aws.amazon.com/console 

Checking you expenses

To check your expenses:

  1. Sign-in with your AWS account
  2. Use the drop-down menu next to your account name and click “Billing & Cost Management”

Note that you have a free tier which is useful for getting to know AWS without having to pay immediately. Be careful though with what services you use, the free tier can be exceeded in no time if you for example use bigger computing instances.

Creating a billing alarm

Billing alarms are useful to inform you if you accidentally configured something on AWS that produces higher cost than anticipated.

Check the AWS documentation on billing alarms for details.

Note that you come in contact with a new service when you create a billing alarm - CloudWatch. CloudWatch is AWS' integrated monitoring and alarming service.

Services

  • S3 - a distributed object store
  • EC2 - virtual compute nodes
aws.txt · Last modified: 2015/09/05 16:19 by sebastian