How to create a new Amazon AWS account plus 2 users to manage it

We aim to use Amazon S3 Object Store, so we need to create an Amazon AWS account.

Now, when you first create an AWS account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account, including S3. This identity is called the AWS account root user and is accessed by signing in with the email address and password. Amazon AWS strongly recommend that you do not use the root user for everyday tasks, such as accessing S3. Instead, we will setup two Identity and Access Managment (IAM) Users, one for your admin control role and a technical admin one for us at Sticky so we can set up the services that need integrating, but that’s for later – first, let’s set up an account the AWS root user. For financial and data protection reasons, it’s important that these details are kept secret and safe – enabling access to only a few people within your organisation’s senior management structure.


Steps

1 Goto to the AWS signup page and choose a strong password. Don’t forget this information.

2 Choose a suitable name for your root account. If you agree and are authorised to proceed, click the ‘create an account continue’ button.

3 Provide a payment method. Use a new address that matches the billing address for the payment card, if necessary.

4 AWS security will call the telephone number you supply. This will be an automated security message and will ask you for the 4 digit code displayed on the screen the moment you click ‘Call Me Now’. Think about who will pick up the call if using an office line. One option is to use your mobile number?

5 If all went well, continue.

6 Choose the Free Plan

7 You can now sign-in using the root user account. This will be one of the few times we should need to sign in with the root account – it will be stored aware securely and instead, we will create 2 new admin users for everyday use – one for you and one for Sticky to use on your behalf. But let’s go ahead and sign in with the root user.

8 User the email address you registered

9 And the password you chose

10 Access the AIM service – type AIM to get to it quickly

11 First a note about enhancing security on the account. If you already ready use MFA or 2FA as part of your security approach then we recommend you use it here. If not, then do not for the root user.

Next, click ‘Manage Users’ to start the process of setting up the 2 users needed.

11 First, we will add a user for you with full Admin access to AWS services via your web browser.

12 Create a user name for yourself. It’s unlikely you need Programmatic access for software development and more secure if you do not, so uncheck that, but you will need Console Access via your browser. Choose a strong password.

13 We will create a group to help us manage access Administrator level permissions and add the user to it.

14 Choose a suitable group name – ‘yourbusines-admins’ or ‘administrators’ or ‘admins’, something like that  – I’ll use ‘admins’ in this demo. Check the box next to AdministratorAccess to provide that level of access to the group. Click to create the group.

14 You get a chance to review

15 If it looks like the above but using your User Name, then Create

16 That is your user created. Again, you will have the opportunity to enable MFA if you use it, which you should if you do.

17 Now Add the user for Sticky and assign it to the group so that we can set up your services as discussed, S3 for example.

18 We will suggest the user name to use for us. We will need both Programmatic access and Console access. Select ‘Autogenerated password’ and Require Password Reset so that we change the password when we first login, as part of secure practice.

19 Check to add our user to the group with AdministratorAccess – shown as ‘admins’ in this demo.

20 Next email the sign in instructions to us, along with the temporary password (click ‘Show’ and copy and paste that password) into the email. (We will change that password when we sign in). Don’t send us the Secret Access Key, ignore that, we will create a new one.

21 Well done. Sign out of AWS Console with the root user and instead sign in with the user you created for yourself. Setup MFA if you use it. If you have a role buddy, set up a similar account for them.

That’s it for this stage. Remember to store away the AWS root user (account name, password, email address), perhaps on paper in a secure location and another copy off-site in second secure location. Keep it secret.

We will be in touch to confirm when we are able to sign in and continue creating ‘limited’ AIM users and services needed for the project.

 

Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This post doesn't have any comment. Be the first one!

hide comments
ShareTw.Fb.Pin.
...

This is a unique website which will require a more modern browser to work!

Please upgrade today!