You finally want to get your feet wet and play around with Cloud Technology. For this Article Series, I will use Amazon Web Services (AWS). This is intentional as AWS is not only the most popular Cloud Provider out there, but it also comes with a lovely free tier that you can play around with for an Year.
Let's get started by creating an account on AWS. You need a credit card to create an account. Do not worry, you'll not be charged for creating an account. AWS will however take 1 USD and return it after a few hours, just to ensure that the credit card is functional, nothing fishy.
Step 1: Create a Root Account
The root account / root user has complete access to all AWS service and resources. We will however not use the root account for day to day activities. We will use it instead to create another user, called an IAM user. We shall discuss the differences between the accounts later in the article. But first, let's create an account on AWS.
Head on over to The AWS Homepage
Click on the Get Started for Free or Create an AWS Account at the top right
Click on the Create a Free Account or Create an AWS Account at the top right
Fill in the Form with your details as directed. You'll be sent a confirmation URL to your email, the usual processes that take place with any account creation. I already have an account so I'll wait for you to finish the steps and sign into your AWS Root Account.
Once you've signed in, you'll be presented with The AWS Console! It simply your dashboard; where you get to spin up servers, provision resources, etc.
Click on Switch to the new Console Home
Your console might look a little different from mine, but that is because I have used some AWS Services as you can see in the image.
Step 2: Create an IAM User
IAM (pronounced "eye-yam") is a service that allows you to create 'mini-users' that have specific controlled access to AWS Services/Resources. For example, you have a user in your organization that deals with data storage (AWS provides a storage service called S3). You want this user to only work with the S3 Service and nothing more (we don't want the user to run around creating servers and using other AWS Services). IAM lets us create an IAM account to which we can attach these 'restrictions'/policies.
From the AWS Docs: AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
To create an IAM Account, search IAM in the search bar at the top. This will be the main way we navigate AWS henceforth.
Click on the first option IAM
Your IAM Dashboard might look a little different from mine, since this is the first time that you are using the AWS IAM Service. Click on Users in the side nav-bar.
I have created a few IAM users as you can see; I have blurred the names. Click on Add users
Give your user a name. I have named mine "server-admin" In the "Select AWS access type", select Password; the user we create will be required to sign in using a password. We can create the password, but I'll let AWS auto-generate a password and Require the user to reset their password. After filling in the details, click on Next: Permissions
I have a few custom groups as you can see.
Click on Create group in the "Add user to group" section.
Select the first option "AdiministratorAccess"
Proceed to Create Group and Click on Next: Tags
Tags are especially useful when you have multiple users; you can use tag to organize and track users. We will skip this section for now. Click on Next: Review
This page provides a summary of our User. Finally, Click on Create user
Congratulations!!! You have successfully created your first IAM User. Make sure to click on Download .csv to get the credentials and sign in information associated with the user.
Step 3: Sign in as an IAM User
Now that we've created the IAM User named "server-admin", we can sign in by visiting the URL in our new_user_credentials.csv that we downloaded in the previous step.
The "Account ID" should be filled for you. Fill in the "IAM user name" and "Password" from the .csv file.
You will be prompted to change your password once signed in.
You will be presented with the AWS Management Console, similar to the console we saw when we created our AWS Root Account.
Click on Switch to the new Console Home
Again, your console might look a little different from mine, but that is because I have used some AWS Services as you can see in the image.
Step 4: Recap
- We started by creating an AWS Root Account
- In AWS Management Console (dashboard) we searched for the IAM Service to create an IAM Account.
- We signed into the IAM Account and changed our password as directed.
Since our IAM Account (mine is named "server-admin") has Administrator-Access, we can use it to create another IAM Account with less access/privilege to AWS Services.
We can now refrain from using our root account for day to day activities, and use the IAM Account instead.
Some of the Tasks that Require Root Account (root user credentials)
- Changing account settings: account name, email address, root user password and access keys
- Closing the AWS Account
- Change or Cancel your AWS Support Plan
- Viewing certain tax invoices.
Further reading (resources used in this tutorial article)