rubicon44TechBlog
    Search by

    Create AWS Account(Create Root And Admin User).

    created_at:October 29, 2022

    updated_at:October 29, 2022

    Today, I am going to explain Building AWS Infrastructure.

    Purposes of this article creation

    • To be able to build Infrastructure in AWS on my own.

    Building AWS Infrastructure Process

    In this case, I will build AWS Infrastructure.

    【Process】

    1. Create AWS Account(Create Root User)
    2. Create Admin User
    3. Strengthen authentication with MFA(Multi-Factor Authentication)
    4. Alert notification when usage limits are exceeded

    Create AWS Account(Create Root User)

    An account to use AWS is called “AWS account”.

    An AWS account can be created by registering a mail address, login password, contact address, telephone number, and credit card for payment.

    An AWS account is also called “root user” because it is a user with administrative privileges who can perform all operations (Hereafter, an AWS account is referred to as root user.).

    ※The AWS CLI (AWS Command Line Interface) tool allows users to operate AWS using commands without having to go through the AWS console. Use the AWS CLI when you want to operate AWS from a program, perform similar operations repeatedly, or document your settings.

    【root user】
    In most cases, the first user you create will be the administrator (root user). The first IAM user you create should have “full privileges” (Create admin user.). This will allow almost all AWS operations (with the exception of a few, such as contract information) to be performed without using the root user.

    When operating AWS, we almost never use the root user, but rather create an admin user with administrative privileges in IAM, and use that account to create new accounts, etc.

    【How to create root user】
    Root users are created by following the steps from the official sign-up page.

    Create Admin User

    A signed-in root user is a powerful account that can perform all operations on AWS, as well as operations related to contracts, such as changing payment methods and cancellations. In the unlikely event of a leak, the damage could be severe. Therefore, the root user should only be used when such special operations are necessary. For normal AWS operations, create an admin user and use that user.

    【admin user】
    This account is basically used.

    When deploying or when you want to create a new user (deploy user) with separate permissions for each API, create and attach with this account.

    【How to create admin user】
    Admin user (responsible for account creation, policy management, etc.) is created using IAM.

    IAM Users and Policies

    A user who can operate AWS is called an IAM user. The privileges of what kind of operations can be performed on IAM users are set.

    ※The explanations of “IAM Groups,” “IAM Roles,” and “Actions and Policies” are omitted.

    Strengthen authentication with MFA(Multi-Factor Authentication)

    Authentication for the AWS Management Console is, by default, a combination of “user name” and “password”. If these information is compromised, a third party may be able to use it without permission.

    As a more secure method of operation, an authentication method called MFA can be used. MFA uses a device that periodically displays random numbers, which are entered along with the password during authentication. In other words, if you do not have a device that displays random numbers, you will not be able to sign in even if you know the password.

    MFA-compatible devices are available in keychain form or as smartphone apps. If you use AWS for business, you should have MFA enabled for safety.

    Alert notification when usage limits are exceeded

    AWS is a pay-as-you-go system where you pay only for what you use. If you create more and more servers, etc. without paying attention to the cost, the amount of money you spend can be tremendous.

    To avoid overuse, it is a good idea to check your billing regularly and set up alerts to receive alerts when you exceed a certain level of fees.

    【How to set up alert notification】

    1. Log back in with your AWS account(root user).
    2. Set up your budget and alerts.

    ※A root user, not an IAM account, is required to manipulate billing information (admin user is also not allowed to manipulate billing-related information).

    ※AWS allows you to receive alerts when you exceed or are about to exceed a predetermined budget. This is set up using the “AWS Budgets” function.

    References

    NONE.

    Word Explanation

    NONE.

    Summary/What I learned this time

    【Summary】
    NONE.

    【What I learned this time】
    NONE.

    © 2022, rubicon44TechBlog All rights reserved.