===================================== Creating & Configuring an AWS Account ===================================== Please see our blog post for background information: `Kintyre Cloud-Native Runway `_ Minimum AWS requirements to set up your account to test and deploy your cloud-native application ================================================================================================ **AWS Account with administrative permissions** This can be achieved with either of the following: #. login to the `AWS Management Console `_ with the `account root user `_ an `IAM user with administrative policy association `_. #. programmatic access to the AWS APIs with an IAM access key or role. See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html for more information. Create an AWS Account ===================== There are basically two ways to create an AWS Account, either using the sign up process publically on the web, or use an existing an account with AWS Organizations. What you'll need at mimimum --------------------------- * **Email address** - if this is your first AWS account, any email address that you have will do. If you will be using this account as part of a team or organization, Kintyre recommends that you setup an email distribution list with multiple members added to the group. * **Account Name/Short Description** - ... Using AWS sign up process ------------------------- Additional items you will need: * **Password** - you'll need to choose a strong password; we'd suggest you store this password in a valut or privlidged access managmeent system * **Full Name**, **Company**, **Address**, **Phone** - you'll need to identify yourself with this information, although we are not sure what is actually validated from this list if anything * **Credit Card/Payment** - you will need to https://portal.aws.amazon.com/billing/signup#/start 3 screen shots (forgot to take the 2nd screen with type of acccount, name and contact info) Using AWS Organizations ----------------------- Allows you to avoid billing information and a root password. 2 screen shots so far - create, list with grayed out account status waiting for account to be come available * Login to AWS Account using your credentials Setup IAM user Setup IAM user - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console When creating user make sure it has the following attributes * Programmatic Access * Access key ID - Store this in your vault for later use * Secret access key - Store this in your vault for later use * AdministratorAccess Privileges Setup AWS CLI ^^^^^^^^^^^^^ * Download and Install AWS CLI - https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html * Configure AWS CLI profile with Serverless Deployment User you just created using Named Profiles - https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html You should now have everything you need to deploy the reference application into your AWS account. Recommended AWS account setup requirements and steps ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ **Requirements:** * AWS Account with console access * 1 Dedicated VPC with 2 subnets * 1 Role defining privileges for the deployment user * IAM User with programmatic access, assigned to role and access keys * CloudTrail and Config enabled * AWS Billing setup **Steps:** * Create AWS Account & log In * Create Account - https://aws.amazon.com/account/ * Login to AWS Account using your credentials Create VPC and Subnets ^^^^^^^^^^^^^^^^^^^^^^ * Create VPC - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-public-private-vpc.html Create the Deployment User role ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Create Role - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html * Role must have AdministratorAccess permissions Create IAM user and assign to role ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * Setup IAM user - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console **When creating user make sure it has the following attributes** * Programmatic Access * Access key ID - Store this in your vault for later use * Secret access key - Store this in your vault for later use * Role Assignment - assign the user ot the role you created above Setup CloudTrail ^^^^^^^^^^^^^^^^ * CloudTrail - https://aws.amazon.com/cloudtrail/ Setup Config ^^^^^^^^^^^^ * Config - https://aws.amazon.com/config/ Setup Billing ^^^^^^^^^^^^^ * Setup billing bucket - https://docs.aws.amazon.com/cur/latest/userguide/cur-s3.html Kintyre Also has a GitHub repo that can assist in setting up an AWS account according to account best practices. https://github.com/Kintyre/quail-hollow **What's Next?** This blog post has set the stage and put us in the position where we can deploy the reference application into the account but obviously this hasn't been done yet and I will go into the details of that in a later post. The next post in this series will start getting into the developer setup perspective.