In this chapter, you learned how to get started with AWS by creating a free account and establishing a root user for your account. You learned how to secure root access using multi-factor authentication, and then created a number of IAM resources that are required to administer your account. You first created an administrative IAM role called admin, and then created an Administrators group which you assigned the single permission of being permitted to assume your administrative IAM role. This approach of assuming roles is the recommend and best practice method of administering AWS, and supports more complex multi-account topologies where you can host all of your IAM users in one account and assume administrative roles in other accounts.
You then created a Users group and assigned a managed policy that forces a requirement for multi-factor authentication (MFA) for any user belonging to that group. MFA should be considered a mandatory security requirement these days for any organization that uses AWS, and the approach of simply assigning your users to a Users group that enforces an MFA requirement is a very simple and scalable mechanism to achieve this. After creating a user and assigning it to both the Administrators and Users group, you learned what is required for a first time user to set up their access, which involves logging in with a one-time password, establishing a new password, and then setting up an MFA device. Once a user has logged in using MFA, the user is then able to perform whatever permissions have been assigned to them – for example, the user you created in this chapter was assigned to the Administrators group, and so was able to assume the administrative IAM role, which you were able to perform in the AWS console by using the Switch Role functionality that is built into the console.
With your IAM setup complete and the ability to assume the admin role via the console, we next turned our attention to the command line, installing the AWS CLI, generating an access key via the console, and then configuring your access key credentials in the local ~/.aws folder that is used by the AWS CLI to store credentials and configuration profiles. You learned how to configure a named configuration profile in the ~/.aws/configuration file, which automatically assumes the admin role and prompts for an MFA code whenever the CLI detects that new temporary session credentials are required. You also created an EC2 key pair so that you will be able to access EC2 instances using SSH.
Finally, you were introduced to AWS CloudFormation, and learned how to define a CloudFormation template and deploy a CloudFormation stack, which is a collection of resources based upon your CloudFormation template definition. You learned about the basic structure of a CloudFormation template, how to create a stack using the AWS console, and how to deploy a stack using the AWS CLI.
In the next chapter, you will be introduced to the Elastic Container Service, where you will put your new AWS account to good use and learn how to create ECS clusters and deploy Docker applications to ECS.