Table of Contents
Getting Started With AWS
This article describes some basic steps on getting started with AWS. Used technologies:
- AWS Accounts
- AWS Organizations
- Billing: Tax and Budget
- AWS CloudTrail
AWS Account
Create an AWS account by going to AWS Signup and start the registration process. This account will be the master account also known as the organization account.
Note that you need a working creditcard and a working phone to complete the registration process. You get a year of free tier with your account. Your creditcard only gets charged if you use services that are not eligible for the free tier or if you exceed the free tier maximums .
Note that some services won't be available for your account in the first 24 hours after registration.
AWS Organization
Create an organization as described here. You can use the AWS account created in the previous step.
Notice that you need to verify the email address you used to create the master account.
Tax Settings
Go to your account (in the right top corner) and select My Billing Dashboard. Then go to Manage Tax Registration and fill in your tax settings.
You need to do this for each account you add later on.
Payment Currency Preference
Go to your account (in the right top corner) and select My Account. Scroll down to Payment Currency Preference and change the currency to euro.
AWS Test Account
You can create additional accounts in your organization like this.
Note that the password is automatically created and cannot be retrieved. To log on as the root user of a member account go to the console login page and choose “Sign in using root account credentials” and then start the “Forgot your password?” process.
After logging in you need to set the region to the correct one, Ireland for example.
Close Test Account
Depending on your needs there are several ways to remove an account. Follow these steps to close an account:
- Log on as the root account of the account you want to close
- Navigate to the Account Settings page.
- Scroll down to the Close Account heading.
- Choose the check box, and then choose Close Account.
- In the confirmation box, choose Close Account.
Note that it will take 90 days before the account is permanently removed from your organization, and in the meantime you can still login to check for example your billing information.
Set Budget on AWS Account
This can only be done in the master account. It should also work from member accounts but even after enabling access and setting correct IAM policies this still did not work.
Go to your account (in the right top corner) and select My Billing Dashboard. Then go to Budgets and click “Create a budget” * Select Cost budget and click “Set your Budget”
- Set up a name, the period (monthly) and the budgeted amount
- Set the budget to recurring, and select the month the budge should start
- Keep all the advanced setting at the default unless you have specific requirements.
- Click on Configure Alerts to go to the alerts page
- Set the threshold to 80% of the budgeted amount of the actual costs
- Provide the email address the alert should be sent to
- Click on Confirm to review the budget and then on Create to create the budget
There should be a filter option to only select a specific account. The filter option is not shown right now. It might however take up to 4 days to show all options and possibilities. To be continued.
Update: When I checked about a week later the filter option was there so I could simply select the account on which the budget was meant for.
AWS CloudTrail Logging
From the userguide:
If you have created an organization in AWS Organizations, you can also create a trail that will log all events for all AWS accounts in that organization. This is referred to as an organization trail. Organization trails can apply to all AWS Regions or one Region. Organization trails must be created in the master account, and when specified as applying to an organization, are automatically applied to all member accounts in the organization. Member accounts will be able to see the organization trail, but cannot modify or delete it. By default, member accounts will not have access to the log files for the organization trail in the Amazon S3 bucket.
See cloudtrail for multiple accounts and Creating Organization CloudTrail for more information.
To create an organization trail with the AWS Management Console
- Sign in to the AWS Management Console and open the CloudTrail console. You must be signed in as a user, role, or root account in the master account with sufficient permissions to create an organization trail.
- Set the region to Ireland
- Choose Trails, and then choose Create trail, ad fill in the following information:
- Cloud Trail Name: OrganizationTrail
- Apply trail to all regions: Yes
- Apply trail to my organization: Yes
- For Management events: All
- For Data events: None
- Storage Location: Create New Bucket: organizationtrail
- Keep Advanced properties default and click create
Now the trail is created and shows in the console.
Note that now all logs are being collected as compressed files in the S3 bucket. This is a little bit useless, somewhere in the future I'll figure out what to do with them.