AWS Management Console

There are several ways to approach consuming resources and configuring services in AWS. The simplest and most intuitive way to access the AWS environment is through AWS Management Console. Before you begin using AWS Management Console, you will be required to create an account and log in to the console with your newly created account.

Simply browse to https://aws.amazon.com/ and you will be presented with the home page of Amazon Web Services. Click on the Create an AWS Account button to begin the AWS account creation process:

On the next page, simply enter an email address that you would like to use with AWS as the root user, a password that meets the AWS complexity requirements, and the AWS account name that you would like to use. Your password must fulfill the following conditions:

  • It must be eight characters long
  • It must include any three out of the following: lowercase, uppercase, numbers, and special characters
  • It must not be identical to your AWS account name:

There are some general considerations regarding the email used for the initial user that is creating the AWS account. We will call this user the root user, as they have permission to the root and thus full control of the AWS account. Since the root user is tied to the email you enter on the signup page, this email will have complete access to the AWS account, including the ability to create and delete resources, view and modify billing data, and control the creation of IAM users, groups, and permission assignments. Make sure that you choose your email address wisely so that it is not tied to one individual. Instead, choose a new email address or an existing group that is in control of this account.

It is generally not recommended to use the AWS root user account for any day-to-day tasks. Once you have created your account, it is recommended that you create IAM users with the appropriate permissions so that you can manage all of the features of your account. After you have gained access with an IAM user, it is also recommended that you do the following:

  • Delete the root user's access keys so that no programmatic access is allowed for that user.
  • Create and activate an MFA token on your root account. This gives the root user two-factor authentication and will prevent unauthorized access to your account by third parties.
  • Create individual IAM users for the rest of your team. The recommendation is that you do not assign any permissions to the users being created as you should create and use groups to assign permissions to your users.
  • Apply an IAM password policy that complies with your enterprise password policy.

Store the MFA device and the password for the root user in a safe place and put a procedure in place that will allow authorized personnel to access those credentials in the event that you lose access to all of your administrative IAM users. We will guide you through the process of securing the root user and your account in Chapter 3, Managing AWS Security with Identity and Access Management.

It is also wise to put some kind of breaking the glass policy in place for the retrieval of these credentials. Breaking the glass refers to fire alarms that have an alarm activation button behind a small glass panel that is broken if we push the button. You should implement some kind of policy that will show broken glass when a user requests or uses the root user. This refers to any kind of digital trace, such as sending an email whenever the root user is logged in or any similar event that can be captured and put forward as evidence of use of the root account.

The steps to complete account signup are as follows:

  1. Enter your contact details, address, and phone number
  2. Agree to the AWS terms and conditions
  3. Enter a credit card number for billing purposes

After you have completed the signup process, you will gain access to AWS Management Console. Along with the ability to manage your account, you will have the ability to search for services, and learn about AWS. Let's take a look at the structure of the console:

On the top bar, there are several pull-down menus:

  • Services
  • Resource groups
  • A small bell symbol, representing alerts
  • Your account name 
  • Region
  • Support

Clicking on the Services pull-down menu will open the Services screen where you can either browse grouped services or choose the selector on the right to sort them from A to Z. You also have the ability to search for a specific service. There is also a history of your recently visited AWS services, which is on the left:

Clicking on Resource Groups will show a menu for dealing with resource groups. These allow you to tag and manage groups of instances and services all at once. You can add any resource to a resource group – this can span the entire region that the services and instances are deployed in. This can help in automating tasks such as patching, monitoring, and security operations. From the pull-down menu, you also have the ability to create a resource group, see your saved groups, and access the Tag Editor:

The little bell symbol that represents alerts will show the latest alerts and notifications regarding your account:

Clicking on your username will open a drop-down menu that will allow you to perform the following actions:

  • Manage your own account
  • Manage your organization's account (if not using root, your IAM user needs to be granted the permissions that allow organization management)
  • Access your Billing Dashboard (if the IAM user has permissions)
  • Manage your own security credentials (if IAM users are allowed to do so)
  • Switch Role (if the IAM user has the ability to switch role to a role with different permissions)
  • Sign Out:

The region selector (which is set to Ohio in the following screenshot) allows you to select the region in which you would like to deploy your services. Selecting a region can be very important from different standpoints, possibly the most important being compliance with national regulations. Different countries and regions have different laws that have been put in place regarding sensitive and personal data and how the data is stored and handled. By choosing to deploy your services only in the region that is within the national or regional territory where the laws are applicable, you can ensure compliance with those regulations. You would also want to select a region based on the location of the majority of your users. This can help deliver better performance for your application with reduced latency and more available bandwidth to transfer data. At the time of writing, there are five North American regions, five Asian regions, four European regions, and one South American region, all of which are available to the typical user. US government entities are also able to choose the GovCloud region, which has specifics that are only available to them. Also, any registered business that has a license to operate within the Peoples Republic of China is also able to choose from several Chinese regions on top of the publicly available ones:

Clicking on Support opens the Support pull-down menu, where we have the ability to access the following:

  • Support Center: Here, we can open tickets with AWS in the event of technical issues
  • Forums: Where we can get help and discuss features with our peers
  • Documentation: A link to the AWS documentation
  • Training: A link to the training resource with self-paced labs, online and classroom training
  • Other resources: Other resources related to AWS

The body of the console is divided into the following parts: 

  • AWS services
  • Build a solution
  • Learn to build
  • Helpful tips
  • Explore AWS

The AWS services section has a Search functionality, and allows you to simply enter a common term such as database or messaging. From here, the search interface will show you suggestions that are based on your search, along with common services that are related to database, as shown in the following screenshot: 

It is essentially a quicker way to access services compared to the Services pull-down menu.

The other sections are a good place to start if you are new to AWS and AWS Management Console. The Learn to build section will give you an introduction to how to create and use services and will provide you with tutorials, videos, self-paced labs, project guides, and documentation that you can use to get hands-on experience with AWS. The Build a solution section includes wizards and workflows that will guide you through the creation of common resources and service types, while Helpful tips and Explore AWS will give you helpful advice on a number of topics.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset