> For the complete documentation index, see [llms.txt](https://zeferby.gitbook.io/transparent-openvpn-for-fantasy-grounds/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://zeferby.gitbook.io/transparent-openvpn-for-fantasy-grounds/aws-setup-step-by-step/step-4-configure-your-aws-environment.md).

# Step 4 : Your AWS environment

## <img src="/files/-Liwf08uKSIsrtNTnLt3" alt="" data-size="line"> Welcome to Ze cloud :white\_sun\_cloud: :thunder\_cloud\_rain: :white\_sun\_small\_cloud:&#x20;

{% hint style="warning" %}
If you have not already done so, here comes the time for you to follow that [account creation process info](/transparent-openvpn-for-fantasy-grounds/proposed-solution/amazon-web-services.md#how-to-create-an-aws-account), and especially take a few minutes to watch the small video linked there, **including the part for creating your first IAM user** (**IAM** = Identity & Access Management). I also included [this appendix](/transparent-openvpn-for-fantasy-grounds/appendixes/aws-user-with-api-keys.md)...
{% endhint %}

{% hint style="success" %}
**Create your first IAM user as an administrator** ASAP as it will enable you to avoid using your "root account".
{% endhint %}

{% hint style="info" %}
**PLEASE ! Create an** [**administrative IAM user for yourself**](/transparent-openvpn-for-fantasy-grounds/appendixes/aws-user-with-api-keys.md) in your new AWS account and **after that, avoid using your "AWS root account"** to manage your environment.

*That's an "AWS best practice" for a reason...*
{% endhint %}

There are [***hundreds of videos***](https://www.youtube.com/results?search_query=create+aws+account) ***and articles all over the Internet*** about that "*create aws account*" topic, so feel free to watch and compare...just beware to select recent enough ones ( < 1 year old is usually ok).

<img src="/files/-LiyFw54lDxzKA13Rtxr" alt="" data-size="line"> *I'll now wait for you to come back with your shiny **admin login** to this brand new **AWS account**....*

...

:eyes:&#x20;

...

:eyes:&#x20;

...

:grin: **Ah ! There you are ! And you're an Admin ! And you're at the AWS Management Console !**\
**Great ! (*****also, but***:copyright:***Zacchaeus : Jolly Good !*****)**

![The AWS Management Console](/files/-Lis6HJbS7v63GI-Stw7)

This is the "home" of your AWS management console : you can **manage your account** with the menu titled with your "IAM username" @ "account name", **choose an "AWS Region"** with the menu to the right of it, and **access the service management consoles** for all AWS services.

Each AWS service has its own "console" and you can have **multiple "service consoles" in different tabs** of your web browser, **which is convenient**, especially if you have to copy/paste or cross-check infos from one to the other.

Many AWS services operate at the "AWS Region" level and you can choose very different settings from region to region; some **services like IAM or Billing are "global"** and have no region selector.

**We're going to prepare once and for all your "personal virtual infrastructure"** inside the AWS cloud, using several AWS services, mainly :

* **IAM = Identity & Access Management** : this service is used by all others to manage permissions
* **EC2 = Elastic Cloud Computing** : your virtual servers
* **S3 = Simple Storage Service** : your virtual file storage

We'll also indirectly use this service, which you won't need to check because the defaults are ok for us.

* **VPC = Virtual Private Cloud** : your own networks, which together form a "private cloud" in the AWS cloud

*This "personal infrastructure" will be **extremely simple** but **we'll take precautions** to avoid introducing any "security hole"...*

## What we'll do in this section :

1. create an AWS "**IAM Role**" for your server to access AWS services during startup
2. choose an "**AWS Region**" to build our mini-infrastructure
3. create an AWS "**S3 bucket**" for your server to auto-configure during startup
4. have a quick look at your AWS "**Default VPC**"
5. create an AWS "**Key pair**" (similar to our \[certificate+key] pairs in our own PKI), for you to access your server interactively if you need
6. create an AWS "**Security Group**" for your server (a kind of firewall rule)
7. "**fill the bucket**" : organize and transfer our security and configuration files into the S3 bucket
8. create an AWS EC2 "**Launch Template**" : a set of option choices defining a kind of "server model", that you'll use later on, to repeatedly launch the server itself in the quickest possible way (since you'll "terminate" =destroy the server after each session)

**Then we'll be ready to test our setup.**
