As software engineers, when we get on board a project that will deploy applications on the Cloud, it is expected to feel overwhelmed by the new “build-test-deploy” workflow at first glance. You may also be interested in getting started on the Cloud to expand your horizons.
When you search for cloud training, plenty of excellent materials are available, but the first step toward getting started might impose some barriers to your development.
You will eventually discover terms like:
- Cloud native applications
- DevOps and DevSecOps
- Infrastructure as Code
- Governance
- And so on
I felt the same exhausting feeling when I started my journal as a DevOps/Cloud engineer. There are different roles, such as:
- Developer
- Architect
- Data engineer, analyst, scientist
- AI or Machine Learning
- Networking
- Security
- And so on
What we will do today:
AWS Free Tier
When you create a new account, the AWS Free Tier offering allows you to get started with a limited number of resources you can use for free without paying a single cent.
Create an AWS account
Register your new account
Go to https://signin.aws.amazon.com/signup?request_type=register page to sign up for AWS.
It is essential to keep in mind that the Root user is responsible for your account’s administrative functions and bill payment.
Enable Multi-factor authentication – highly recommended
As soon as you create your AWS account, the very first and most important step is to enable the MFA for the Root user.
Go to IAM > Security credentials, scroll down to Multi-factor authentication (MFA), and click Assign MFA Device. The option that I’ve been using so far is the Authenticator app. With that option, you install an app on your phone, such as Google Authenticator or Microsoft Authenticator.
With that app installed and set up as the MFA device for your Root user, every time you try to sign in on AWS, it will ask for the temporary auto-generated code displayed in that app.
Install the AWS CLI
You can take a look at the documentation page for more details. The summary of commands for each platform is the following:
# Linux
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
# MacOS
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /
# Windows
msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msiCreate an admin user
Create an additional user for every task in your account other than managing it. I used to create a <name>-admin user.
- Go to IAM / Users, click on Create User.
- Check the option Provide user with access to the AWS Management Console – optional.
- Select the option I want to create an IAM user
- Password is up to you. Either select Autogenerate password or Custom password, as well as if the user must change the password at next sign-in. Click on Next.
- Select Attach policies directly
- Select at least these two policies: AdministratorAccess and IAMUserChangePassword
- Click on Create user.
It is highly recommended that we enable Multi-factor authentication for this user as well, just as we did for the Root user.
Configure your Dev user
You could start your development with the Root user. However, as a good practice, it might be a good idea to have a Dev user. With the Root user, you can log in for administrative tasks or to set up an AWS Organization, which I will cover in a future letter.
While logged in to AWS Console as the Root user, go to the IAM service to create the groups and user(s).
Create the IAM Groups
Let’s create two groups. Both groups will have full access to create resources, like a VM (EC2) or a Database, but only one will have access to manage other users and roles.
The goal of this letter is not to cover how to manage users in the Identity Center, what an Identity Provider is or how to set them up.
Select “User groups” on the left-side menu and click Create group.
Create the first Dev-PowerUserAccess group and select the PowerUserAccess policy in the “Attach permissions policies – Optional” section.
Create the second Dev-AdministratorAccess group and select the AdministratorAccess policy in the “Attach permissions policies – Optional” section.
These names are just suggestions. Feel free to change it or even to have only one group with full access.
Create an IAM User
Select “Users” on the left-side menu and click Create user.
- Type the user name: my-dev-user
- Select the option “Provide user access to the AWS Management Console – optional”
- Select the option “I want to create an IAM user”
- Console password: select the option “Autogenerated password”
- Select the option”Users must create a new password at next sign-in – Recommended”
- Click Next. In the Set permissions screen, select the “Add user to group” option, and select one of the two group you have created. Click Next and click Create user.
- In the Retrieve password screen, you can download the CSV file or take note of the password
It is highly recommended that we enable Multi-factor authentication for this user as well, just as we did for the Root user.
Set up the user keys for CLI interactions
Go to the newly created user, go to the Security credentials tab, scroll down to Access keys and create them.
- Select the option Command Line Interface (CLI)
- Click Next. In the last window, select the option to download the CSV file
Set up the AWS CLI
Open the terminal and run the aws configure command by pasting the keys copied from the CSV file:
aws configure
AWS Access Key ID [None]: AAAAAAAAAAAAAAAAAA
AWS Secret Access Key [None]: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Default region name [eu-central-1]:
Default output format [json]:
# (optional) On MacOS or Linux, if there is a PAGER environment variable set
# to "less", you might want to add the cli_pager as empty in the ~/.aws/config file
cat ~/.aws/config
[default]
region = eu-west-2
output = json
cli_pager =Test the connection
You can validate that your credentials are correctly set up by checking, for example, the current user details with the following command:
aws sts get-caller-identity
{
"UserId": "BBBBBBBBBBBBBBBBBBB",
"Account": "111122223333",
"Arn": "arn:aws:iam::111122223333:user/my-dev-user"
}Thanks for your time!
Talk to you soon ✌🏼