Amazon Web Services (AWS) is one of the most popular cloud computing platforms. It provides everything from Object Storage (S3), Elastically Provisioned Servers (EC2), Databases as a Service (RDS), Payment Processing (DevPay), Virtualized networking (VPC), Content Delivery Networks (CDN), Monitoring (CloudWatch), Queuing (SQS), and many more.
In this article we’ll go over some tips and general advice for getting started with AWS.
1. Enable MultiFactor – Authentication (MFA) for root user
Your root user grants access to every part of your AWS account from launching virtual machines to deleting databases. The first thing you should do after creating your AWS account is enable MFA for your root user. You can use a virtual device (mobile application on your smartphone) or a hardware token. After enabling MFA, you have to enter your email, password and a one-time password from your MFA device to log in.
How to Enable MFA for root user :
- Open the IAM Console
- Choose Dashboard and under Security Status expand Activate MFA on your root account
- Choose Manage MFA
- Choose A virtual MFA device and then choose Next Step.
- Confirm that a virtual MFA application is installed on the device, and then choose Next Step.
- Use the virtual MFA application to scan the QR code.
- In the Manage MFA Device wizard, type the one-time password in the Authentication Code 1 box that currently appears in the virtual MFA device. Wait up to 30 seconds for the device to generate a new one-time password then type the second one-time password into the Authentication Code 2
- Choose Next Step, and then choose Finish
2. Create a Billing Alarm
AWS uses the pay-per-utilize pricing model for its services.
For Example : If you launch a virtual machine, you have to pay for it per hour or you’re billed for every GB of data stored in the object store.
Unwanted costs may occur if you forget to terminate unused virtual machines or delete data that you no longer need from S3. To avoid an unexpected billing amount on your monthly invoice from AWS you should create a billing alarm.
A billing alert will send you an email if the costs for the current month exceed your limit.
How to create a Billing Alarm :
- Open the CloudWatch Console
- Change the region on the navigation bar to US East (N. Virginia). The billing metric data is stored in this region, even for resources in other regions.
- On the Navigation Pane Under Alarms Choose Billing
- Create Alarm
3. Get Familiar with Identity and Access Management (IAM)
AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
To get started using IAM, or if you have already registered with AWS, go to the AWS Management Console and get started with these IAM Best Practices.
4. Make use of the Free Tier
AWS offers a Free Tier for the following :
- Virtual Machine for 750 hours per month during your first year on AWS
- 5 GB on the object store during your first year on AWS
- NoSQL database to store up to 25 GB
5. Choose a Region
AWS operates data centres all over the world, we can choose the region according to our convenience based on availability of service, latency (which region is closest to customers), compliance and cost.
6. Enable CloudTrail
With CloudTrail, you can log, continuously monitor, and retain events related to API calls across your AWS infrastructure. CloudTrail provides a history of AWS API calls for your account, including API calls made through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
i.e, Whenever you or one of your team members changes your cloud infrastructure a log event is stored for Security Purpose
7. Learn about essential services
- Amazon Elastic Compute Cloud (EC2)
- Amazon Virtual Private Cloud (VPC)
- Amazon Simple Storage Service (S3)
- Amazon Relational Database Service (RDS)
8. Install and configure the AWS Command Line Interface (CLI)
The AWS Management Console allows you to manage AWS services by clicking through a web interface. The AWS Command Line Interface (CLI) allows you to access AWS services from your command line.
9. Aim for Automation
One of the biggest advantages of using AWS is that the API allows you to automate every part of your cloud infrastructure; from launching and provisioning virtual machines to creating the whole networking infrastructure.
10. Consult the Trusted Advisor
AWS Trusted Advisor provides real time guidance to help you reduce cost, increase performance, and improve security by optimizing your AWS environment