Scribd
Upload
8 views

Setting Up Your Aws Environment Slides

The document discusses setting up an AWS environment securely. It recommends: 1) creating budgets to avoid unexpected costs; 2) enforcing password policies; 3) using multi-factor authentication for the root user for better security; 4) creating an administrative IAM user instead of using the root user for tasks; 5) using CloudTrail to view event histories; 6) configuring the AWS CLI; and 7) creating TLS certificates with ACM by validating domain ownership. The summary highlights the key points about each topic.

Uploaded by

Nathalie
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
8 views

Setting Up Your Aws Environment Slides

The document discusses setting up an AWS environment securely. It recommends: 1) creating budgets to avoid unexpected costs; 2) enforcing password policies; 3) using multi-factor authentication for the root user for better security; 4) creating an administrative IAM user instead of using the root user for tasks; 5) using CloudTrail to view event histories; 6) configuring the AWS CLI; and 7) creating TLS certificates with ACM by validating domain ownership. The summary highlights the key points about each topic.

Uploaded by

Nathalie
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

Setting Up Your AWS Environment

Ben Piper
AUTHOR, AWS CERTIFIED SOLUTIONS ARCHITECT STUDY GUIDE

benpiper.com
Avoiding a big bill by using AWS Budgets

Module Creating an IAM password policy

Overview Protecting the root user using multi-


factor authentication (MFA)
Creating an administrative user
Viewing CloudTrail event history
Configuring the AWS command line
interface
Creating a TLS certificate using Amazon
Certificate Manager (ACM)
Avoiding a Big Bill by Using AWS Budgets
Demo
Creating an AWS Budget
- Log in as the root user
- Go to the Billing service console
An AWS Budget won’t
prevent you from exceeding
the budgeted amount.
Creating an IAM Password Policy
AWS Identity Types

Root user principal IAM (non-root) principal


Full access to all AWS resources Any entity that can perform actions on
AWS services and resources
Only one root user per account
Policies determine what permissions a
principal has
Demo
Creating an IAM password policy to set
minimum password requirements
Protecting the Root User using
Multi-factor Authentication (MFA)
Demo
Enabling multi-factor authentication for
the root user
- Log in as the root user
- Browse to the IAM service console
Creating an Administrative User
An IAM principal has no permissions
by default
Policies determine what permissions a
principal has
Demo Creating an administrative user
- Create a group
- Attach the AdministratorAccess
policy to the group
- Create a new IAM user
- Assign the user to the group
CloudTrail Event History
Demo

Viewing CloudTrail event history


Configuring the AWS Command Line
Interface (CLI)
Demo
Configuring the AWS CLI
- Have your access key identifier and
secret access key handy
- Open a terminal with the AWS CLI
installed
Creating a TLS Certificate using ACM
Amazon Certificate Manager (ACM)

Issues public TLS certificates for use with


AWS services
Before ACM issues a TLS certificate, you
must verify that you control the DNS
records for the domain
Demo
Verify DNS configuration in Route 53
Request a TLS certificate from ACM
Summary
Summary
Avoiding a big bill by using AWS Budgets
- Alerts you when your balance exceeds
a certain amount
- Does not prevent you from going over
budget
Summary

Creating an IAM password policy


Summary Protecting the root user using multi-
factor authentication
- Root user has complete control over
the account
- Instead of root, use an IAM
administrative user for administration
tasks
Summary
Creating an administrative IAM user
- Assign the AdministratorAccess
policy to a group
- Add the user to the group
Summary
Viewing CloudTrail event history
- Stores 90 days of events
Summary
Configuring the AWS CLI
- Changes less than the AWS
Management Console
Summary
Creating a TLS certificate using ACM
- Requires DNS or email validation to
prove that you control the domain
Coming up Next

Building reliable virtual private cloud (VPC)


networks

You might also like