Skip to content

Commit

Permalink
New version of lesson 2, episode 2: Instances Management Tasks Using …
Browse files Browse the repository at this point in the history 
…the Scripts
  • Loading branch information
@JorgeBCh
JorgeBCh committed Oct 28, 2024
1 parent 80b2f33 commit 3826de9
Show file tree
Hide file tree
Showing 25 changed files with 705 additions and 410 deletions.
25 changes: 16 additions & 9 deletions docs/lesson01-setting-work-envs/01-create-aws-account.qmd
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,30 @@
---
title: "Create Your AWS Account"
---

::: callout-warning
## Prerequisites
**Please read [Workshops Organisation](/index.qmd#workshops-organisation)** if you haven't done so.

If you are attending a workshop using a **Cloud-SPAN AWS account**, you **don't need** to complete this episode.

If you are self-studying the course **or** attending a workshop using **your AWS account**, you must complete this episode and for that you will need:

**Please read [Workshops Organisation](/index.qmd#course-overview)** if you haven't done so. To complete this episode you will need: - if you are self-studying the course **or** attending a workshop using **your AWS account**: - an email address - a credit card --- new accounts get one-year of AWS Free Tier but a card number must be entered on creating an account - the phone number associated with the credit card - the address associated with the credit card - if you are attending a workshop using a **Cloud-SPAN AWS account** (and an AWS Linux instance), you **don't need** to complete this episode.
- an email address
- a credit card --- new accounts get one-year of AWS Free Tier but a card number must be entered on creating an account
- the phone number associated with the credit card
- the address associated with the credit card
:::

## Introduction

These are the main steps you will follow to open your AWS account:

1. Sign-up to AWS with your email (as username) and password.
2. Select your account type (Personal) and enter your contact information.
3. Enter Billing Information: your credit card details.
4. Confirm your identity to AWS through a phone call or SMS message.
5. Select support plan (Basic) and complete sign-up.
6. Login to your AWS account.
1. [Sign-up to AWS with your email (as username) and password](#sign-up-to-aws-with-your-email-and-password).
2. [Select your account type (Personal) and enter your contact information](#select-your-account-type-personal-and-enter-your-contact-information).
3. [Enter Billing Information: your credit card details](#enter-billing-information-your-credit-card-details).
4. [Confirm your identity to AWS through a phone call or SMS message](#confirm-your-identity-to-aws-through-a-phone-call-or-sms-message).
5. [Select support plan (Basic) and complete sign-up](#select-support-plan-basic-and-complete-sign-up).
6. [Login to your AWS account](#login-to-your-aws-account).

## 1. Sign-up to AWS with your email and password

Expand Down Expand Up @@ -111,7 +118,7 @@ You will then be prompted to:
3. At this stage you can only login to the Root user account. In the next episode you will create an IAM account which you will use to create and manage AWS resources.
:::

Finally you will be logged in as Root user to the **Console Home** screen shown below, able to use your account. We will first configure your account in the next episode.
Finally you will be logged in as the Root user to the **Console Home** screen shown below, able to use your account. We will first configure your account in the next episode.

![.](/images/open-acc/using-acc04-signedin-options-services-and-cookies.PNG.jpg){width="900px" fig-alt="Screen shot of AWS (management) Console in the browser showing the first page after you have logged in"}

Expand Down
72 changes: 46 additions & 26 deletions docs/lesson01-setting-work-envs/02-configure-account.qmd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,32 +5,34 @@ title: "Configure Your AWS Account"
::: callout-warning
## Prerequisites

**Please read [Workshops Organisation](/index.qmd#course-overview)** if you haven't done so. To complete this episode you will need:
**Please read [Workshops Organisation](/index.qmd#workshops-organisation)** if you haven't done so.

- if you are self-studying the course **or** attending a workshop using **your AWS account**:
- to have opened your AWS account as described in the first episode of this lesson: [Create Your AWS Account](/docs/lesson01-setting-work-envs/01-create-aws-account.qmd).
- to be logged in to your AWS account as the **Root User** (described also in that episode, at the end).
- ideally, your mobile phone to add multi-factor authentication (**MFA**) to your AWS account. However, **if you don't have a mobile phone, you can skip this step** and still use your AWS account.
- if you are attending a workshop using a **Cloud-SPAN AWS account** (and and AWS Linux instance), you **don't need** to complete this episode.
If you are attending a workshop using a **Cloud-SPAN AWS account**, you **don't need** to complete this episode.

If you are self-studying the course **or** attending a workshop using **your AWS account**, you must complete this episode and for that you will need:

- to have opened your AWS account as described in the first episode of this lesson: [Create Your AWS Account](/docs/lesson01-setting-work-envs/01-create-aws-account.qmd).
- to be logged in to your AWS account as the **Root User** (described also in that episode, at the end).
- ideally, your mobile phone to add multi-factor authentication (**MFA**) to your AWS account. However, **if you don't have a mobile phone, you can skip this step** and still use your AWS account.
:::

## Introduction

These are the main steps you will follow to configure your AWS account:

1. **Change the default region of your account to Ireland.**\
1. [Change the default region of your account to Ireland](#change-the-default-region-of-your-account-to-ireland).\
AWS services are provided through many regions around the world and a region is allocated by default. You will need to change the region of your account to Ireland because the Amazon Machine Image from which you will create your AWS instance is stored in the Ireland region. But you can later change your account region if you wish.

2. **Secure your AWS Root User account.**\
2. [Secure your AWS Root User account](#secure-your-aws-root-user-account).\
The account your created in the last episode is your Root user account and can perform any operation including closing the account. It is best practice to use the Root user account only for high-level administration and to create the first **IAM** (Identity Access Managment) user account for day-to-day work and account management. It is also best practice to secure the Root user account with multi-factor authentication (MFA).

3. **Create an IAM user account to create and manage AWS resources.**\
3. [Create an IAM user account to create and manage AWS resources](#create-an-iam-user-account-to-create-and-manage-aws-resources).\
IAM user accounts are attached to a **User Group** that has a set of specific permissions (such as reading, writing and deleting) on specified resources. We will create a User Group with predefined permissions and an IAM user account in that group.

4. **Create an alias for your account id.**\
Your Root user account id is a 12-digit number that is difficult to remember. We are going to create an alias that is easier to remember. This is especially useful because the alias will replace the 12-digit number in the web address for logging in to your account as IAM user.
4. [Create an alias for your IAM user account](#create-an-alias-for-your-iam-user-acount).\
Your IAM user account id is a 12-digit number that is difficult to remember. We are going to create an alias that is easier to remember. This is especially useful because the alias will replace the 12-digit number in the web address for logging in to your account as IAM user.

5. **Grant your IAM user account the permissions to access the Billing Dashboard.**\
5. [Grant your IAM user account the permissions to access the Billing Dashboard](#grant-your-iam-user-account-the-permissions-to-access-the-billing-dashboard).\
The Billing Dashboard of your account is only accessible to the Root user by default. As you will mostly be using your IAM user account, it is convenient that you can check your bills and related information with your IAM user account too. We are going set on the permissions that enable your IAM user account to access the Billing Dashboard.

## 1. Change the default region of your account to Ireland
Expand Down Expand Up @@ -83,7 +85,16 @@ To set up your mobile as MFA device you will need a Virtual MFA app on your mobi

**If you do not have a Virtual MFA app on your mobile phone:** Go to the app store on your phone, search for Duo Mobile *or* Google Authenticator, and install it.

Once you have installed an MFA app in your mobile: - Return to the above pop-up "Set up a virtual MFA device" on your computer and choose **Show QR code**. - Open the MFA app on your phone - Press **+ Add** in Duo Mobile or **+** in Google Authenticator - Press **Use QR code** in Duo Mobile or **Scan a QR code** in Google Authenticator. Your camera will open to scan a QR code. - Point your camera at your computer screen showing the QR code to scan. You may need to adjust the zoom for the scan to occur. - Once the scan is successful, the MFA app will display a number for about 30 seconds, and then another number for the same time, and so on until you close the app. - Of those numbers shown in your mobile MFA, you need to enter two consecutive numbers into the fields **MFA Code 1** and **MFA Code 2** on the last pop-up window "Set up a virtual MFA device" on your computer. You may need to scroll down to see MFA Code 2. **NB: enter the numbers with no space between them** even if they are shown with a space in your mobile. - Click on **Assign MFA**.
Once you have installed an MFA app in your mobile:

- Return to the above pop-up "Set up a virtual MFA device" on your computer and choose **Show QR code**.
- Open the MFA app on your phone
- Press **+ Add** in Duo Mobile or **+** in Google Authenticator
- Press **Use QR code** in Duo Mobile or **Scan a QR code** in Google Authenticator. Your camera will open to scan a QR code.
- Point your camera at your computer screen showing the QR code to scan. You may need to adjust the zoom for the scan to occur.
- Once the scan is successful, the MFA app will display a number for about 30 seconds, and then another number for the same time, and so on until you close the app.
- Of those numbers shown in your mobile MFA, you need to enter two consecutive numbers into the fields **MFA Code 1** and **MFA Code 2** on the last pop-up window "Set up a virtual MFA device" on your computer. You may need to scroll down to see MFA Code 2. **NB: enter the numbers with no space between them** even if they are shown with a space in your mobile.
- Click on **Assign MFA**.

You will see a success message which you can close.

Expand All @@ -95,7 +106,7 @@ We are going to create an IAM user account with which you will be able to create

We will create a user group called **Administrators**, then a user account called **YourName** (your actual name), and finally attach the account to the group. As this is the first IAM group and IAM account to be created, we need to do this with the Root user account, but then it will be possible to do it with the IAM account we will create because it will have Administrator privileges.

### Create the user group
### 3.1 Create the user group

Go to the IAM Dashboard page by typing **iam** in the AWS search box at the top and pressing Enter. On the IAM Dashboard, click on "User groups" under "Access Management" on the left, and then on **Create group** on the right.

Expand All @@ -121,15 +132,21 @@ You now have a user group called **Administrators**

![.](/images/config-acc/ca15-iam-user-group-created.jpg){width="900px" fig-alt="Screen shot of AWS Console User groups page in a browser, with the message Loading (information) circled"}

### Create your IAM user account and add it to the Administrators group
### 3.2 Create your IAM user account and add it to the Administrators group

To create your IAM user account, click on **Users** in the last page displayed in the previous step, on the left in the figure above.

The page titled "Users" will be displayed. Click on **Add users**.

![.](/images/config-acc/ca16-iam-users-screen.jpg){width="900px" fig-alt="Screen shot of AWS Console IAM Users page in a browser, with the option Add users circled"}

The page below will be displayed, where you can enter your IAM user account details by: - typing your user name (**a single word** of your choice) - checking the box "Access Key - Programmatic access" --- this option enables you to use the AWS CLI - checking the box "Password - AWS Management Console access" - checking the box "Autogenerated password" and - checking the box "User must create a new password at next sign-in"
The page below will be displayed, where you can enter your IAM user account details by:

- typing your user name (**a single word** of your choice --- we chose **adminuser**)
- checking the box "Access Key - Programmatic access" --- this option enables you to use the AWS CLI
- checking the box "Password - AWS Management Console access"
- checking the box "Autogenerated password" and
- checking the box "User must create a new password at next sign-in"

Then click on **Next: Permissions**

Expand All @@ -143,8 +160,8 @@ Check the box next to the group Administrators and then click on **Next: Tags**.

You will be presented with a page that says "Add user - Add tags (optional)", not shown here as we are not adding tags. Click on the button **Next: Review**.

::: callout-note
Note on tags
::: callout-note
## Note on tags

Adding tags --- or keywords --- to an AWS resource is optional. You don't need to tag your IAM user account because you only have one such account. Adding tags is useful when you are managing multiple user accounts/resources as it helps searching for specific resources based on their tags.
:::
Expand All @@ -153,39 +170,42 @@ Your will now be presented with a page displaying the options chosen for your IA

![.](/images/config-acc/ca18-iam-user-review.jpg){width="900px" fig-alt="Screen shot of AWS Console IAM Add user Review page in a browser with the button Create user circled"}

You will now see a page with the message ***Success --- You successfully created the users shown below...***
You will now see a page with the message ***Success*** --- *You successfully created the users shown below...*

**You need to download** the .csv file indicated in this page by clicking on **Download .csv**. This file contains the **credentials** both to login to the AWS Console and to access AWS resources programmatically with your new IAM user account. *Programmatically* means access from software applications including the AWS CLI.

For security reasons **you will not be able to access these credentials once you leave this page** but you can create new credentials.

Click on **Download .csv** to download and save the file in your computer.
Click on **Download.csv** to download and save the file in your computer.

![.](/images/config-acc/ca19-iam-user-created.jpg){width="900px" fig-alt="Screen shot of AWS Console IAM Add user success page in a browser with the web address to log in and button to download a .csv file circled"}

::: callout-note
## What's in the file?
## What's in the .csv file?

The file you downloaded is a *comma separated value* (CSV) file that you can open in any text editor. Its content is something like this:

`User name,Password,Access key ID,Secret access key,Console login link` `adminuser,0ji)8[bN3{F-X!h,BMZ4AD..KIAVQN34,o0/bSO3WJeO..Vgtc4E3LxXZVbQg,https://xxxxxxxxxxxx.signin.aws.amazon.com/console`

`User name,Password,Access key ID,Secret access key,Console login link`

`adminuser,0ji)..{F-X!h,BMZ4D..QN34,o0/bSO3W..VgtXZVbQg,https://xxx..xxx.signin.aws.amazon.com/console`

The first line specifies the names of the comma-separated values in the second line --- comma characters are not part of any of the values.

The values in the second line shown above will be different to those in your CSV file.

The first and second fields, `adminuser` and `0ji)8[bN3{F-X!h` are the username and the password to access the AWS Console. The third and the fourth fields, `BMZ4AD..KIAVQN34` and `o0/bSO3WJeO..Vgtc4E3LxXZVbQg`, are the *access key ID* and the *secret access key* which, combined, will enable you to use the AWS CLI and, more generally, to access AWS resources programmatically. The last field, `https://xxxxxxxxxxxx.signin.aws.amazon.com/console`, is the web address to login to the AWS Console with the IAM user account you have created, and other IAM accounts you may create later.
The first and second fields, `adminuser` and `0ji)..F-X!h` are the username and the password to access the AWS Console. The third and the fourth fields, `BMZ4D..QN34` and `o0/bSO3W..VgtXZVbQg`, are the *access key ID* and the *secret access key* which, combined, will enable you to use the AWS CLI and, more generally, to access AWS resources programmatically. The last field, `https://xxx..xxx.signin.aws.amazon.com/console`, is the web address to login to the AWS Console with the IAM user account you have created.

**NB**: the first time you login to the AWS Console you will have to change the password.

**NB**: we are representing here with "xxxxxxxxxxxx" the digits in the URL to login to the AWS Console, `https://xxxxxxxxxxxx.signin.aws.amazon.com/console`. This 12-digit number corresponds to your account id.
**NB**: we are using "xxx..xxx" to represent the 12 digits in the URL to login to the AWS Console, `https://xxx..xxxx.signin.aws.amazon.com/console`. The 12-digit number corresponds to your account id.
:::

Once you close the success message above, in the page that appears you should see the user account you have just created, listed along with the Groups (Administrators) of which it is a member and other information, for example: "Never" under "Last activity" means you have not yet logged in.

## 4. Create an alias for your IAM user acount

A 12-digit number can be difficult to remember so let's create an alias which is easier to remember. The alias can be used to login to your account.
A 12-digit number can be difficult to remember, so let's create an alias which is easier to remember. The alias can be used to login to your account.

Type **iam** in the AWS search box and press Enter to go to the "IAM Dashboard".

Expand All @@ -202,7 +222,7 @@ You can now login to your account using either web address: the one with your 12
::: callout-note
## Access your IAM user account with both URLs:

- open two **new** tabs in your browser (but do not close this browser tab so that we can finish up setting up your IAM account with the last step below).
- open two **new** tabs in your browser (but do not close this browser tab so that we can finish setting up your IAM account with the last step below).
- enter `https://xxxxxxxxxxxx.signin.aws.amazon.com/console` in one of the tabs, but change "xxx..xxx" with your 12-digit account number.
- enter `https://youralias.signin.aws.amazon.com/console` in the other tab, but change "youralias" with your actual account alias.
- in both tabs use your actual **username** and **password** from your .csv file.
Expand Down
Loading

0 comments on commit 3826de9

Please sign in to comment.