Once you've created a new account with Amazon Web Services, you will want to configure it properly. I'll briefly cover the basics like contacts, billing, and security preferences.
To start with, sign in to the AWS Management Console:
- Go to https://aws.amazon.com/
- From the "My Account" menu at the top, click the "AWS Management Console" link
Note - if you instead find yourself on a sign-in page that has fields for "Account", "User Name", and "Password", it means AWS has remembered that you recently signed in as an IAM user for another AWS account. Since you don't want to do that now, click on the link (in very small print below the form) that says "Sign-in using root account credentials"
- In the "E-mail or mobile number" field enter the email address you used for this account
- Select the "I am a returning user and my password is:" option, and in the field below enter the password you designated for this account
- Click the "Sign in using our secure server" button
- My Account
- Billing & Cost Management
- Security Credentials
My Account
Here you will find the following sections:- Account Settings - this displays your numerical 12-digit "Account Id" (which uniquely identifies your account and should be recorded), the "Account Name" (which you can use to easily distinguish this AWS account from others you might have), and a reminder that the "Password" (for the account root user) can be modified here; click the "Edit" link to alter the last two items (you will receive an email from Amazon if you do make any modifications here, and you may have to sign out and in again to actually see the changes)
- Contact Information - how you can be reached if Amazon needs to contact you by ways other than email; click the "Edit" link to alter any of this information
- Local Currency Preference - if you use a currency other than USD, you may want Amazon to perform the conversion instead of your credit card service; click the "Edit" link to alter the preference
- Alternate Contacts - if an alternate contact is set for a certain type of communications, those notifications will be sent only to the email address specified (and not to the primary account email address); click the "Edit" link to update values ("Full Name", "Title", "Email Address", "Phone Number") for any of these communication types:
- Billing: e.g., invoices and dunning communications
- Operations: e.g., those from Trusted Advisor
- Security: e.g., SSL certificate rotations and abuse reports
- Configure Security Challenge Questions - if you ever need to contact Amazon customer service for help, they will use these to help identify you as the owner of your AWS account (see the next article for details)
- IAM User Access to Billing Information - since it's important to sign in with the root user as little as possible, you will almost certainly want to enable this (see the next article for details)
- Reserved Instance Marketplace Settings - if you have a high volume of EC2 usage, with Reserved Instances Amazon lets you reserve an EC2 instance for entire year or three, for a price discount of up to 75%; however, if you find you have overallocated and need to sell excess reservations, this is where to manage that
- Communication Preferences - allows you to control which (if any) categories of marketing email Amazon will send you; click the "Click here" link to go (in a new tab) to the "AWS Email Preferences" page
- Cancel Services - this poorly labeled section is actually the place to inspect and modify the support plan attached to your account; click the "Click here" link to go (in a new tab) to the "Support plans" page
- GovCloud (US) - AWS GovCloud (US) is an isolated AWS region designed to host sensitive data and regulated workloads in the cloud, ensuring that this work meets the US government's compliance requirements; if this were needed, one can click the "Sign up for AWS GovCloud (US)" button to go to the GovCloud sign-up page
- Close Account - if you are truly, permanently finished with an AWS account, and need to close it entirely, this is the place to do it; be careful, once closed there's no "undo"
Billing & Cost Management
Since you're just starting out, everything should show $0.00; there are many, many areas under this page (some of which I will cover in future articles) - feel free to poke around and explore.Security Credentials
Note - you will be asked to verify that you really want to go to the security credentials page for your AWS account; since you do, click the "Continue to Security Credentials" button; (and don't worry, IAM Users will be addressed in the following article)Here, you can see various security-related items associated with your AWS account (click the "+" to expand each section):
- Password - this is where you can change the password, name, or email address for the root user, the "Click here" link goes to same page as the "My Account" / "Account Settings" / "Edit" link mentioned earlier
- Multi-Factor Authentication (MFA) - this is how to add a second authentication factor for the root user (which will be detailed in the next article)
- Access Keys (Access Key ID and Secret Access Key) - you should probably never create API access keys for the root user
- CloudFront Key Pairs - only needed for Serving Private Content through CloudFront (Amazon's content distribution network); unfortunately, CloudFront key pairs can be created only by the root user
- X.509 Certificates - only needed if, for some reason, there is a desire to make SOAP-protocol requests to certain AWS services (not common)
- Account Identifiers - this is where you can find the very long "Canonical User ID" which is used to configure Amazon S3 access control lists (ACLs); you will also see your "AWS Account ID" here
(Jump to Part 3, Secure It)
No comments:
Post a Comment