Step 4 : Your AWS environment

Welcome to Ze cloud

If you have not already done so, here comes the time for you to follow that account creation process info, and especially take a few minutes to watch the small video linked there, including the part for creating your first IAM user (IAM = Identity & Access Management). I also included this appendix...

Create your first IAM user as an administrator ASAP as it will enable you to avoid using your "root account".

PLEASE ! Create an administrative IAM user for yourself in your new AWS account and after that, avoid using your "AWS root account" to manage your environment.

That's an "AWS best practice" for a reason...

There are hundreds of videos and articles all over the Internet about that "create aws account" topic, so feel free to watch and compare...just beware to select recent enough ones ( < 1 year old is usually ok).

I'll now wait for you to come back with your shiny admin login to this brand new AWS account....

...

Ah ! There you are ! And you're an Admin ! And you're at the AWS Management Console ! Great ! (also, butZacchaeus : Jolly Good !)

This is the "home" of your AWS management console : you can manage your account with the menu titled with your "IAM username" @ "account name", choose an "AWS Region" with the menu to the right of it, and access the service management consoles for all AWS services.

Each AWS service has its own "console" and you can have multiple "service consoles" in different tabs of your web browser, which is convenient, especially if you have to copy/paste or cross-check infos from one to the other.

Many AWS services operate at the "AWS Region" level and you can choose very different settings from region to region; some services like IAM or Billing are "global" and have no region selector.

We're going to prepare once and for all your "personal virtual infrastructure" inside the AWS cloud, using several AWS services, mainly :

IAM = Identity & Access Management : this service is used by all others to manage permissions
EC2 = Elastic Cloud Computing : your virtual servers
S3 = Simple Storage Service : your virtual file storage

We'll also indirectly use this service, which you won't need to check because the defaults are ok for us.

VPC = Virtual Private Cloud : your own networks, which together form a "private cloud" in the AWS cloud

This "personal infrastructure" will be extremely simple but we'll take precautions to avoid introducing any "security hole"...

What we'll do in this section :

create an AWS "IAM Role" for your server to access AWS services during startup
choose an "AWS Region" to build our mini-infrastructure
create an AWS "S3 bucket" for your server to auto-configure during startup
have a quick look at your AWS "Default VPC"
create an AWS "Key pair" (similar to our [certificate+key] pairs in our own PKI), for you to access your server interactively if you need
create an AWS "Security Group" for your server (a kind of firewall rule)
"fill the bucket" : organize and transfer our security and configuration files into the S3 bucket
create an AWS EC2 "Launch Template" : a set of option choices defining a kind of "server model", that you'll use later on, to repeatedly launch the server itself in the quickest possible way (since you'll "terminate" =destroy the server after each session)

Then we'll be ready to test our setup.

PreviousStep 3 : Setup OpenVPN connections Next4.1-Creating the IAM Role

Last updated 5 years ago