Preparing the environment

Before we start digging into our project, we have to have an AWS account and the AWS CLI installed on our system. Even if you already have an AWS account, it is recommended that you open a new one because every new AWS account will come with a free tier available for 12 months following your AWS sign-up date. With the free tier, you will not have to pay for most of the resources we will install throughout the book. To set up a new account, perform the following steps:

  1. Open http://aws.amazon.com/ and then choose Create an AWS Account.
  2. Follow the online instructions.

Once you create your account, you will have to create security credentials for yourself. IAM (Identity and Access Management) is a service where you manage the security configuration of your AWS account. Here, you can create more than one user and allow them granularly to specific cloud resources. For every user, you can create up to two security credentials that you can use to access AWS APIs via different SDKs or the AWS CLI tool.

When you sign up a new AWS account, a root user is created, but usage of this account with security credentials should be avoided. This account has unlimited access to your account, and if you expose your security credentials accidentally to the public domain, such as a public git repository, your account can be compromised. For the sake of simplicity, we will create a new IAM user with administrator access.

The Internet is full of stories of stolen AWS keys. It is known that some malicious software is scanning every commit published to GitHub and when they detect AWS credentials accidentally published to a public repository, they spin up lots of virtual machines using those credentials to mine Bitcoins or for other purposes. While they make money with that, the owner of the AWS account is faced with excessive bills. Therefore, you should be very protective about access keys. Do not share them with anyone and restrict the usage right of AWS users using IAM policies. The credentials of the user we create here will not be hardcoded in any code and will be merely used to configure the AWS CLI. Even though the risk of granting administrator access to this user is relatively low in this case, we recommend that you be aware of potential issues.

To create the user, perform the following steps:

  1. Navigate to https://console.aws.amazon.com/iam.
  2. In the navigation pane, choose Users and then choose Create New Users.
  3. Type the user name for the user to be created. You can create up to five users at the same time, but we need only one for now.
  4. Make sure that the Generate an access key for each user checkbox is selected.
  5. Click on Create.
  6. On the next screen, you will be given the security credentials of the user you just created. This is the only opportunity to view the credentials. If you do not save them, you will need to create new access keys for the user. That's why it's important to save the Access Key ID and Secret Access Key now.

The user you just created does not have any access to AWS resources. AWS users gain the right to access depending on the IAM policies attached to them. Now we will attach an AdministratorAccess policy to that. To accomplish that, perform the following steps:

  1. In the Users section, click on the user that you created.
  2. On Permissions tab, click on the AttachPolicy button.
  3. Check the AdministratorAccess policy and click on the Attach Policy button in the bottom-right section.

We have completed creating a user with administrator rights.