AWS Setup and Configuration
- Setup and Configuration
- User Setup
AWS Account Root User
When an AWS account is opened, its owner (who created it) becomes the root user of the account. The root user has full access to all resources available within AWS — everything from EC2 to billing information. It is recommended that the root user account is not used for everyday tasks. Instead, its access details should locked away for the specific tasks restricted to the root user, e.g. closing the account.
Identity Access Management (IAM)
The root user can create other users within the AWS account using AWS Identity and Access Management (IAM). These IAM users can be given access only to the resources they need, which can be extended and revoked as required. Users of CFDDFC require access only to Amazon Elastic Compute Cloud (EC2) and the AWS Marketplace (although they might also wish to use additional services such as Amazon Simple Storage Service (S3) to archive data).
Create an IAM Group for CFDDFC
- Login to the Amazon EC2 Console.
- Select IAM from Services (which is a global service, i.e. independent of regions).
- Select Groups from the left menu.
- Click Create New Group.
- In Group Name, enter a memorable name e.g. “CFDDFC” and click Next Step.
- In Attach Policy, search and select
AWSMarketplaceRead-only; click Next Step.
- In Review, confirm the policies are correct by clicking Create Group.
The policies should display as below when selecting the new group in the main Groups page.
Create an IAM User
- In the IAM console, select Users from the left menu.
- Click Add User and enter a personal user name, e.g. “john-smith”, see below.
- Check both Programmatic access and AWS Management Console access and click Next: Permissions.
- In Add user to group, check the CFDDFC group and click Next: Tags.
- In Tags, click Next: Review.
- In Review, confirm the policies are correct by clicking Create User.
- The access details for the user are then presented in a panel like the one shown below.
- There are two forms of access to AWS: 1) a password for the console; 2) access keys for the command line interface.
- The password is required to run CFDDFC with the AWS console.
- Access keys, including an access key ID and secret access key, are required to use the CFDDFC command line interface.
- The password and access keys can be copied from the panel (clicking show) or downloaded in a CSV file.