SHIFT-WIKI

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


aws

Getting Started With AWS

This article describes some basic steps on getting started with AWS. Used technologies:

  • AWS Accounts
  • AWS Organizations
  • Billing: Tax and Budget
  • AWS CloudTrail

AWS Account

Create an AWS account by going to AWS Signup and start the registration process. This account will be the master account also known as the organization account.

Note that you need a working creditcard and a working phone to complete the registration process. You get a year of free tier with your account. Your creditcard only gets charged if you use services that are not eligible for the free tier or if you exceed the free tier maximums .
Note that some services won't be available for your account in the first 24 hours after registration.

AWS Organization

Create an organization as described here. You can use the AWS account created in the previous step.

Notice that you need to verify the email address you used to create the master account.

Tax Settings

Go to your account (in the right top corner) and select My Billing Dashboard. Then go to Manage Tax Registration and fill in your tax settings.

You need to do this for each account you add later on.

Payment Currency Preference

Go to your account (in the right top corner) and select My Account. Scroll down to Payment Currency Preference and change the currency to euro.

AWS Test Account

You can create additional accounts in your organization like this.

Note that the password is automatically created and cannot be retrieved. To log on as the root user of a member account go to the console login page and choose “Sign in using root account credentials” and then start the “Forgot your password?” process.


After logging in you need to set the region to the correct one, Ireland for example.

Close Test Account

Depending on your needs there are several ways to remove an account. Follow these steps to close an account:

  • Log on as the root account of the account you want to close
  • Navigate to the Account Settings page.
  • Scroll down to the Close Account heading.
  • Choose the check box, and then choose Close Account.
  • In the confirmation box, choose Close Account.
Note that it will take 90 days before the account is permanently removed from your organization, and in the meantime you can still login to check for example your billing information.

Set Budget on AWS Account

This can only be done in the master account. It should also work from member accounts but even after enabling access and setting correct IAM policies this still did not work.

Go to your account (in the right top corner) and select My Billing Dashboard. Then go to Budgets and click “Create a budget” * Select Cost budget and click “Set your Budget”

  • Set up a name, the period (monthly) and the budgeted amount
  • Set the budget to recurring, and select the month the budge should start
  • Keep all the advanced setting at the default unless you have specific requirements.
  • Click on Configure Alerts to go to the alerts page
  • Set the threshold to 80% of the budgeted amount of the actual costs
  • Provide the email address the alert should be sent to
  • Click on Confirm to review the budget and then on Create to create the budget
There should be a filter option to only select a specific account. The filter option is not shown right now. It might however take up to 4 days to show all options and possibilities. To be continued.
Update: When I checked about a week later the filter option was there so I could simply select the account on which the budget was meant for.

AWS CloudTrail Logging

From the userguide:

If you have created an organization in AWS Organizations, you can also create a trail that will log all events for all AWS accounts in that organization. This is referred to as an organization trail. Organization trails can apply to all AWS Regions or one Region. Organization trails must be created in the master account, and when specified as applying to an organization, are automatically applied to all member accounts in the organization. Member accounts will be able to see the organization trail, but cannot modify or delete it. By default, member accounts will not have access to the log files for the organization trail in the Amazon S3 bucket.

See cloudtrail for multiple accounts and Creating Organization CloudTrail for more information.

To create an organization trail with the AWS Management Console

  • Sign in to the AWS Management Console and open the CloudTrail console. You must be signed in as a user, role, or root account in the master account with sufficient permissions to create an organization trail.
  • Set the region to Ireland
  • Choose Trails, and then choose Create trail, ad fill in the following information:
    • Cloud Trail Name: OrganizationTrail
    • Apply trail to all regions: Yes
    • Apply trail to my organization: Yes
    • For Management events: All
    • For Data events: None
    • Storage Location: Create New Bucket: organizationtrail
  • Keep Advanced properties default and click create

Now the trail is created and shows in the console.

Note that now all logs are being collected as compressed files in the S3 bucket. This is a little bit useless, somewhere in the future I'll figure out what to do with them.
aws.txt · Last modified: 2021/09/24 00:24 by 127.0.0.1