To start using the AWS cloud platform just go to the Amazon Web Services homepage and click on Create an AWS Account (or go directly to: https://portal.aws.amazon.com/billing/signup#/start ).

Pricing

The creation of the account is free and requires one year of use of the free tier, i.e. the possibility of using various services for free for the first 12 months of use.

Also for many other services there are free plans that are always valid for all AWS customers and you can try numerous software solutions for free for a specified period of time.

Finally, the price of services is so low that it allows you to experiment freely with a few dollars a month.

Here are some examples:

Free for 12 months:

  • EC2: 750 hours/month of t2.micro (linux or windows)
  • S3: 5GB/month
  • RDS: 750 hours/month of db.t2.micro

Free with no time limit:

  • DynamoDB: 25GB di storage
  • Lambda: first 1,000,000  of free requests per month

 

Account opening

Let’s see in detail what are the first steps in creating an AWS account:

  1. enter the account header data and accept the platform’s terms of service (AWS Customer Agreement). It is useful to remember that the conditions of service include a specific addendum for the GDPR.
  2. add the data for the monthly payment by credit card (or debit card)
  3. proceed with the verification of the telephone number provided
  4. finally choose the support. The basic support plan is free of charge but you can choose to switch to the DeveloperBusiness or Enterprise plans at any time.

 

Preliminary operations

The preliminary operations in an AWS account have the objective to increase the security of the account.

The creation of an AWS account involved the creation of an administrative super user (root user) that has all the possible rights included the possibility to delete the account. So one of the first activities that should be performed into a new AWS account is the creation of an administrative account without this particular destructive power. You could in fact delete for error your account with all the resources contained or someone could steal the access to the credentials.

Enter in the console and Insert “IAM” in the Find Services input field. In the Security Status section there are 5 steps to perform:

 

1. Delete your root access keys

Select “Manage Security Credentials

Deleting root access keys.png

Then select “Access Keys” e then “Delete”

Deleting root access keys2.png

 

2. Activate MFA on your root account

Select “Activate MFA on your root account“, then “Multi-Factor Authentication (MFA)” and “Activate MFA

AWS Enable Root Account MFA.png

Select “A virtual MFA device

AWS Enable Root Account MFA 2.png

and then choose a supported application at the link “AWS Multi-Factor Authentication” and install it on your device. Finally insert the authentication codes generated by the app and click on “Activate Virtual MFA

AWS Enable Root Account MFA 3.png

 

3. Create individual IAM users

Select “Create individual IAM users” then “Manage Users” and after click “Add User

Add User.png

Add a name (or a codeID) for the user and choose the access type. Add User 2.png

On step 2 select “Attach existing policies directly” and then select “AdministratorAccess

Add User 3.png

Then click “Next” until step 5 where you can review your username and password and send them by mail or download as csv file.

Add User 5.png

From now you can access with this new user instead of the root account through your customized IAM link.

4. Use groups to assign permissions

Instead of assigning permissions to single users you can create a Group (a collection of users) and assign permissions to Group. This best practice make it easier to manage the permissions and increases the security.

Select “Use groups to assign permissions” and click to “Manage Groups

groups.png

Click “Create New Group

groups1.png

Insert a name for your new Group (es: Administrators, Developers, SysAdmins,…) and click “Next Step

groups2

Attach a Policy to the Group (for a group of administrators select the policy AdministratorAccess) and click “Next Steps” and then “Create Group

groups3.png

5. Apply an IAM password policy

Select “Apply an IAM password policy“, click to “Manage Password Policy” and in the next page click on “Set Password Policy

Password Policy.png

Now you can configure the Password Policy (all the rules and rotation periods for the passwords) for all the users of your AWS account. My suggestion is to select all the possible options for better security.

set password policy.png

That’all. Now you should have a 5 out of 5 completed in the Security Status section of your IAM dashboard.