These days we have many platforms that allow us to deploy all sorts of infrastructure from Serverless Functions to databases and more with easy to use workflows.
Often these specialty platforms are built on top of AWS using the pieces of infrastructure AWS offers to build higher level platforms.
Today we’re going to create an AWS account of our own, so that we can start taking advantage of the same powerful components to build our own applications.
First we’ll head off to aws.amazon.com and click either “Create an AWS Account” or “Create a Free Account”.
Creating an account is free but you will need to enter credit card information during this process. You won’t be charged for anything unless you deploy infrastructure.
The first account we’ll be creating is the same sort of account you get anywhere. It has access to everything inside of AWS including your billing details and the ability to deploy new infrastructure.
AWS is slightly different though. We have the ability to create additional sub-accounts that can have access to as much or as little of our AWS account as we want.
When we work day-to-day with AWS we’ll use one of these sub-accounts, so the Root Account we’re creating now won’t actually be used very often.
Enter an email address and an account name for the Root Account.
If you’re bad at captchas, like me, you might have to pass one to create an account.
AWS will send a verification code to your email, which needs to be input on the next page.
This will validate your email address, at which point we can choose a password, and on the next page some contact information.
This is when you’ll have to enter your credit card information.
After that, your phone number for another verification and possibly another captcha.
AWS will then ask you to pick a support level. We’ll opt for the free tier as we won’t be needing AWS support and complete our sign up.
With signup completed we can sign in with our root user account.
and of course, maybe some more captchas.
After logging in you’ll see the AWS dashboard. There won’t be much here now but as you use more services they will tend to end up here.
Since the Root Account has access to everything we’ll secure it using Multi-Factor Authentication.
Go to the Security Credentials in the top right account dropdown.
Open the Multi-Factor Auth tab and click Activate MFA.
We can use the Virtual MFA option to allow us to use software like 1Password as our second factor.
In 1Password we can create a new “One Time Password” field, and reveal the secret key. Copy and paste the secret key into the 1Password field and save.
Then we’ll see the one time codes start to pop up. We’ll need to copy two of them into the AWS form and then “Assign MFA”.
After assigning MFA, we’ll hop over to IAM.
IAM stands for Identity and Access Management. In more humany terms, this is “user accounts and what they can do”. This is how we’ll create the sub-account that we’ll use for our day-to-day work with AWS.
First, we should go to the top-right dropdown menu, click Account and scroll down to “IAM User and Role Access to Billing Information”.
Read the paragraph if you like, then click “Edit” in the top right and check the “Activate IAM Access” box and click “Update”. This will allow us to access billing information from the user we’re about to create.
After enabling IAM access for billing information, go back to the IAM panel.
Click on Users in the left hand sidebar, and create a new user.
Enter a username. This will be the user you use all the time.
Check the boxes for Password access and the access key. The password will let you log in to the AWS website and the access key will let you programmatically access AWS through the CLI or other programs.
I’d suggest checking the radio button for Custom Password and dropping one in from your 1Password or such.
You can also choose to make the new user reset their password when they next log in, but since we’ve just generated a password and the user is our own, I’ll uncheck this box.
Click “Next: Permissions” and we’ll set up what this user will have access to.
AWS IAM likes when we set up groups, attaching permissions to those groups, and then placing users in the groups. It’s a bit much for a just us, but it does make sense if you have to make a bunch of accounts to give other people access.
We’ll give the group the name “admins” and give the group the “AdministratorAccess” set of permissions. This gives the users in the “admins” group access to do pretty much anything.
Why then, are we creating a second account if it can do basically anything? Well, for example, if you accidentally commit the credentials for the second account to github, you can use the root account to disable the second. When it comes down to it, the root account is your failsafe. If anything goes wrong, if you lose access to the other accounts, etc, those other accounts cannot manage the root account so you can always use the root account to recover.
Add the user to the admins group and click next to get to the tags page.
We won’t add any tags, although it won’t hurt anything if you do want to add tags.
Finally we can review it and click “Create User”.
The next page is very important, it is where you’ll find the new user’s access key and secret key. Copy these values out and store them in 1Password or another password manager.
Also make note of the URL on this page. It’s the one we’ll use to log in with this user.
Finally we can sign out of the Root Account, and go to the URL from the previous page.
Enter the new username and password to log in, note that this login page also has a number at the top. The URL we copied earlier includes this number if it wasn’t auto-populated for you already.
The username in the top-right should be the new user we created.
You can now go between various AWS services, like DynamoDB if you want to.
Congrats, you now have a functioning AWS account and a backup plan just in case anything ever goes wrong.