Creating & Configuring an AWS Account

Please see our blog post for background information: Kintyre Cloud-Native Runway

Minimum AWS requirements to set up your account to test and deploy your cloud-native application

AWS Account with administrative permissions

This can be achieved with either of the following:

1. login to the AWS Management Console with the account root user an IAM user with administrative policy association.
2. programmatic access to the AWS APIs with an IAM access key or role. See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html for more information.

Create an AWS Account

There are basically two ways to create an AWS Account, either using the sign up process publically on the web, or use an existing an account with AWS Organizations.

What you’ll need at mimimum

• Email address - if this is your first AWS account, any email address that you have will do. If you will be using this account as part of a team or organization, Kintyre recommends that you setup an email distribution list with multiple members added to the group.
• Account Name/Short Description - …

Using AWS sign up process

Additional items you will need:

• Password - you’ll need to choose a strong password; we’d suggest you store this password in a valut or privlidged access managmeent system
• Full Name, Company, Address, Phone - you’ll need to identify yourself with this information, although we are not sure what is actually validated from this list if anything
• Credit Card/Payment - you will need to

https://portal.aws.amazon.com/billing/signup#/start

3 screen shots (forgot to take the 2nd screen with type of acccount, name and contact info)

Using AWS Organizations

Allows you to avoid billing information and a root password.

2 screen shots so far - create, list with grayed out account status waiting for account to be come available

• Login to AWS Account using your credentials

Setup IAM user

Setup IAM user - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console

When creating user make sure it has the following attributes

• Programmatic Access
• Access key ID - Store this in your vault for later use
• Secret access key - Store this in your vault for later use
• AdministratorAccess Privileges

Setup AWS CLI

• Download and Install AWS CLI - https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html
• Configure AWS CLI profile with Serverless Deployment User you just created using Named Profiles - https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

You should now have everything you need to deploy the reference application into your AWS account.

Recommended AWS account setup requirements and steps

Requirements:

• AWS Account with console access
• 1 Dedicated VPC with 2 subnets
• 1 Role defining privileges for the deployment user
• IAM User with programmatic access, assigned to role and access keys
• CloudTrail and Config enabled
• AWS Billing setup

Steps:

• Create AWS Account & log In
• Create Account - https://aws.amazon.com/account/
• Login to AWS Account using your credentials

Create VPC and Subnets

• Create VPC - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-public-private-vpc.html

Create the Deployment User role

• Create Role - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html
• Role must have AdministratorAccess permissions

Create IAM user and assign to role

• Setup IAM user - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console

When creating user make sure it has the following attributes

• Programmatic Access
• Access key ID - Store this in your vault for later use
• Secret access key - Store this in your vault for later use
• Role Assignment - assign the user ot the role you created above

Setup CloudTrail

• CloudTrail - https://aws.amazon.com/cloudtrail/

Setup Config

• Config - https://aws.amazon.com/config/

Setup Billing

• Setup billing bucket - https://docs.aws.amazon.com/cur/latest/userguide/cur-s3.html

Kintyre Also has a GitHub repo that can assist in setting up an AWS account according to account best practices. https://github.com/Kintyre/quail-hollow

What’s Next?

This blog post has set the stage and put us in the position where we can deploy the reference application into the account but obviously this hasn’t been done yet and I will go into the details of that in a later post. The next post in this series will start getting into the developer setup perspective.