Leah Erb

Breadcrumbs of a Data DevOps Engineer

Got a new AWS account? Do these 3 steps now.

  1. Protect master credentials (‘root’) by using multi-factor authentication (MFA)
  2. Create an Administrator user account, and avoid logging in as ‘root’.
  3. Setup Billing alerts, to avoid unexpected AWS charges.

1. Enable MFA

For more information: https://aws.amazon.com/iam/features/mfa/

(Cheatsheet coming soon. Meanwhile, follow these instructions.)

2. Create Administrator User

A new AWS account is granted, by default, a root user with root privileges. That means it has access to everything. Best practices dictate we avoid using root privileges whenever possible.

Instead of routinely logging into root to perform all your AWS tasks, create an Administrator user (within your new AWS account) to manage stuff. Then lock away the root privileges, dragging it out only when absolutely necessary.

Details here: Creating an Admin IAM user

Here’s a quick cheat sheet:

Create Group

  1. From the AWS Management Console, go to the IAM service page.
  2. Click Groups from dashboard, then Create New Group.
  3. Enter Group name (e.g. ‘Administrators’), then Next Step.
  4. Check box next to AdministratorAccess policy. Consider also adding the Billing policy if you want this Group to manage budgets.
  5. Click Next Step.
  6. Click Create Group.

Create User

  1. Click Users from dashboard, then Add user.
  2. Enter User name* (e.g. ‘Administrator’).
  3. Check box next to AWS Management Console access.
  4. Choose your password options, then Next: Permissions.
  5. Choose Add user to group.
  6. Click box next to Administrators (or, the Group name you created).
  7. Click Next: Tags.
  8. Add Tags (optional: Tagging IAM Entities), then Next: Review.
  9. Click Create user.
  10. Read the success message. Click Download.csv.
  11. Log out as root user, test logging into your new Administrator account.

Done! Now, let’s setup billing alerts so we don’t get surprised with charges.

3. Setup Billing Alerts

Since I’m using my new Free Tier account for experimenting and learning, I want to be alarmed if there are any charges made against my account. I set my billing alerts for $1.

Here’s a quick cheat sheet:

Enable Billing Alerts

  1. Log into the AWS Management Console as root, or as your new Administrator user if you delegated it access to Billing.
  2. Go to Services > Billing.
  3. On left column dashboard, click Billing preferences.
  4. Click the boxes next to your preferences, including Receive Billing Alerts. (I also click Receive Free Tier Usage Alerts).
  5. Save preferences.

Create Billing Alarm(s)

Follow instructions here: AWS – Managing Your Costs with Budgets

Done! Hopefully you will not be surprised by any inadvertent charges!

Reference

Example IAM naming standards (Harvard)

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll Up