Introduction
Today, I’m going to explain the process of How to Create an AWS account, something which everyone will obviously need to know if they wish to work with AWS be it in a professional or personal capacity.
To be totally honest, it’s not rocket science.
I have no doubt that everyone could figure this out on their own. However, I’m going to focus on some of the best practices you should follow when setting up an account to make sure everything is secure, and managing that account takes as little effort as possible.
With that being said, let’s dig into it.
Create an AWS Account
So, to get started, go to this link and click on “Create a new AWS Account” at the bottom.
So, here, we’re going to choose the root user of the account. For this, you’ll need to provide an email address and account name.
For now, we’re going to create the Root account and configure the root IAM user. I would strongly suggest following this same process for a General account and IAM user and reserve usage of the Root account for special occasions. You can link these two accounts in AWS Organisations.
If you are going to set up multiple accounts, then here’s a little trick you can do with email addresses:
This is going to make your life a lot easier when managing multiple AWS accounts.
We’re going to be using multiple emails. So, to avoid having to set up multiple emails here’s a little trick.
You can add a “+ABC” to the end of your email to customize it.
For example, “adamherd@gmail.com” could be an email I would use. But I can change it to something like:
- adamherd+RootUser@gmail.com
- adamherd+GeneralUser@gmail.com
Now, these two emails don’t require any extra setup. They are linked to the original email “adamherd@gmail.com”. And any emails received to these addresses will be redirected to that base email.
The great thing is though, AWS will treat these as separate emails. So you can use them to set up multiple AWS accounts, all of which will receive emails to the same base account.
This means you don’t need to manage multiple Gmail accounts for the separate accounts within AWS, so it eliminates some admin overhead in that regard.
So, go ahead and enter a root email address – maybe something like “…+RootUser@gmail.com” – and also an account name.
Once those details are in, you need to verify the account. You will receive a verification code that will be valid for ten minutes that you need to enter into the box on the screen.
After that, you can now set your password for the root account.
Now I would recommend using a password management app. The one I use is called KeePass, and that will safely store all of your passwords in one place where you don’t have to remember anything. You can just copy and paste them when you need them.
After this, you’ll need to enter some usual personal details like your address and name, etc.
You will now need to choose the account type.
Personally, I use the personal account type, which is for my own projects. But if you’re using this for a business need, then you can choose the business account.
And the next thing you’ll need to enter then is your credit card details.
Following this, you need to enter your phone number and then receive a text message with a verification code that you need to enter.
And now we get to choose the support plan that we want to use. Now, personally, I used the basic support free account as this suits the needs I’m using the service for.
So, it is limited in some ways as you can see on the screen but for what I’m doing, it’s perfect. And unless you’re a big business, it’s likely the basic support plan will be suitable for you. However, you can make your own judgment on which you think is best.
And once this is done, we have our account set up and we can now sign in with the credentials we just made. Go ahead and do that now.
Now, remember that best practice procedure I mentioned earlier? Well, this is where we’re going to implement it.
In general, you shouldn’t be using the root account for everyday things in AWS. It’s more secure to use IAM users for that.
Creating Root IAM User
An IAM user is a resource that has credentials and permissions to interact with AWS in certain ways. You can control these credentials and permissions from the root account. Which is what we’re going to do here.
Before we can create any IAM users, however, we need to go to Account which you’ll find under the dropdown in the top right of the screen.
Then from there, scroll down until you see “IAM User and Role Access to Billing Information”. Click edit and tick the box that appears. This will grant you access to IAM.
Now, from there we can go to the IAM service and navigate to the Users section in the left-hand side column. Click on Add Users in the top-right.
The user we’re going to create is going to be an administrator meaning they will have full permissions across the account, so I’d suggest naming it something similar to “iamadmin”. It doesn’t hurt to be descriptive with naming.
We have to choose what kind of credentials we want to associate with this user to log in. I’d suggest choosing Password and then Custom Password. You can use a password manager – like KeePass – to generate and save a secure password. Or you can save it yourself wherever you like.
And then lastly, for simplicity’s sake, let’s untick the box Require password reset. This means we won’t need to reset this password the next time we sign in.
Click next to the Permissions page and navigate to Attach existing policies directly. One of the first ones you should see is Administrator Access.
Tick that. Next up is the Tags page. We’re not gonna add any tags in this case so continue on to Review. Everything should look fine, so go ahead and hit Create User.
Success!
We now have an IAM user with administrator access that we can use for the various bits and pieces we wanna do in AWS.
Another suggestion I would make is to navigate back to the IAM service and make note of the account ID. Keep this somewhere safe as we’ll need this to log in to the iamadmin user. I have mine stores in KeePass also. Optionally, you can create an account alias to use instead, but let’s go with the account ID for now.
So, with that done, let’s log out of the root account and sign in with the iamadmin password we made.
Choose the “IAM user” box on this sign-in page and then enter your credentials and follow the instructions.
Your username will be “iamadmin” assumin you followed what I did. Otherwise, enter whatever username you chose yourself.
And now, you should be in the IAM user account. You can double-check this in the top right of the screen where you should see something like this:
The next thing that I would greatly ask that you do is to enable Multi-Factor Authentication on this account. This is recommended by AWS themselves and will give you that extra sense of security with your account.
There are a number of ways to do this, but a quick way is to navigate to the IAM service either in the root account or the IAM admin user we already created earlier.
Here, you should see a message like this:
Go ahead and click on Assign MFA. You’ll need to give your authentication device a name and then choose the method in which you’d like to authenticate.
My preferred way of doing this is to use an authenticator app like Google Authenticator, Duo Mobile, or Authy app. With these, you can simply scan the QR code provided, and now your phone will be an authentication device allowing access to your AWS account.
Note: you need to set up MFA separately for both the root account and any IAM users such as the IAM admin one we set up.
Conclusion – Create an AWS Account
Great, you now have an iamadmin user for the root account.
If you want to take things a step further, I would suggest following the exact same process for creating the General account IAM user, as this would be better to use over the Root account IAM user.
If you got something from this article, then perhaps you will enjoy some of my other posts here.
Specifically, you can check out How to Make a WordPress Blog with AWS Lightsail. Just like I did with this site.
Leave a Comment!