The Ultimate Guide to Creating a Free Tier AWS Account: IAM Setup, MFA, and Billing Alarms
In this article, we will provide a comprehensive guide on how to create a free tier AWS account. We will walk you through the process of setting up an IAM user, enabling Multi-factor Authentication (MFA) for enhanced security, and implementing billing alarms to prevent over-expenditure. Additionally, we will explore the concept of AWS CloudWatch alarms and how to configure them to monitor your billing threshold. Lastly, we will demonstrate how to create a Simple Notification Service (SNS) topic for receiving email notifications when your account exceeds the specified limit. By following these steps, you can ensure the security and cost-effectiveness of your AWS account.
Table of Contents:
Understanding Key Terminologies
Amazon Web Services (AWS)
Root User
IAM User
IAM Policy
AWS CloudWatch Alarm
Simple Notification Service (SNS)
Creating an AWS Account
Free Tier Account Registration
Verifying Email Address and Creating a Root User Password
Providing Personal Information and Credit/Debit Card Details
Confirming Identity and Choosing a Basic Support-Free Plan
Accessing AWS Management Console as the Root User
Enabling Multi-factor Authentication
Accessing IAM Dashboard
Adding MFA (Multi-factor Authentication) to the Root User
Configuring Google Authenticator App for Verification
Creating an IAM User
Granting Access to Specific Users
Defining IAM User Credentials
Setting up Billing Alerts
Protecting Against Over-Expenditure
Enabling Receive Billing Alerts and Free Tier Usage Alerts
Configuring Email Notifications
Creating a CloudWatch Alarm with SNS Topic
Monitoring Estimated AWS Charges
Configuring CloudWatch Alarm
Configuring SNS Topic for Notifications
Let's first understand some of these terminologies:
Amazon Web Services (AWS): AWS is a cloud provider platform that provides computing, networking and storage services on demand that scales easily.
Root User: The root user is the account owner and is created when the AWS account is created. This is the default user and should not be used or shared.
IAM User: An IAM user is a resource to give access to your AWS account to specific users and provides them specific permissions to access resources in your AWS account.
IAM Policy: IAM policies define permissions for actions that users or groups can perform in an AWS account. Users and groups are assigned JSON documents called policies.
AWS CloudWatch alarm: CloudWatch alarm helps you to watch CloudWatch metrics and to receive notifications when the metrics fall outside of the levels (high or low thresholds) that you configure. In our case, we are setting a CloudWatch alarm to monitor the billing threshold.
Simple Notification Service (SNS): SNS is a managed service that provides message delivery from publishers to subscribers. Publishers communicate asynchronously with subscribers by sending messages to a topic. SNS topic is a logical access point that acts as a communication channel.
Create an AWS account
Go to the below AWS site to create a free tier account and click Create a Free Account button.
Enter your email address and give any name to your AWS account. You can also change this name later. Click Verify email address. You will get the verification code in your email. Enter the code and click Verify.
Create a root user password. Make sure that you create a strong password containing more than 8 digits then click Continue.
In the next step, select Personal - for your own projects. Enter your Full Name, Phone Number, Country or Region, and your address details. Click the checkbox after reading AWS Customer Agreement and click continue to the next steps.
In the next step, enter your Credit or Debit card details. It will deduct a minimal amount just for verification purposes and click continue. On the next page, it will ask for the OTP and Rs. 2.00 will get deducted from your account. Finally, enter the OTP and click on Submit button.
Confirm your Identity on the next page by verifying your Phone number. This phone number will be used to send you verification codes in the future. Select text message and enter your phone number, do the security check and click Send SMS. Enter the OTP sent to your phone number.
Choose a Basic support-Free plan which comes under the free tier and finally click on Complete Sign up.
Go to the AWS management console and select sign in to the console and sign in using the email and password that we set up previously for the root user.
The root user has access to every AWS service and resource in an account. If the credentials for the root account are stolen, it may lead to unnecessary costs in your account therefore it's recommended to not use a root account and instead create an IAM user.
Enable Multi-factor authentication
Search for IAM in the services section and select IAM. The IAM dashboard will appear, in the security recommendation click Add MFA and then Assign MFA on the next page.
Give a name to the Device name box and select an Authenticator app and click next. Download the Google Authenticator app on your phone. It will generate a 6 digits verification code that you will have to enter whenever you log in as a root user.
Click on the Show QR code on the next page. Open the Google Authenticator app on your phone and click on the '+' button and scan the QR code visible on your AWS account screen. Enter the 6 digits code from the app in the box MFA code 1. Wait for 30 seconds and enter the next code in the box MFA code 2 and click Add MFA.
Multi-factor authentication is enabled for your root account.
Create IAM user with create credentials
Go to the "Users" section in the left panel of the IAM Management Console.
Click on "Add Users" and provide a name for the user.
Select the option "Provide user access to the AWS Management Console" and choose "I want to create an IAM user" within that option.
In the "Console password" section, select "Custom password" and create a strong password for the user.
Click "Next" to proceed.
On the next page, select "Attach policies directly" and choose the "AdministratorAccess" policy for the user.
Click "Next" and then "Create user" to successfully create the user.
Enable MFA for IAM user: Go to User, click on your username and go to security credentials and click Assign MFA device. Set the MFA for this user in the same way that we have created for the root user.
Create a Billing Alert
To safeguard your account from using services that are not under the free tier and to get email notifications whenever you cross the minimum bill amount we have to create a billing alarm. Go to the dropdown under your root user and click Billing Dashboard.
Click on Bills in the right panel and then Billing Preferences. Select the checkbox for Receive PDF Invoice By Email and Receive Free Tier Usage Alerts and Receive Billing Alerts. Give your email address to receive the notifications for billing alerts and click save preferences.
Create CloudWatch Alarm With SNS Topic
You can monitor your estimated AWS charges by using Amazon CloudWatch and configure an SNS (Simple Notification Service) topic to receive notifications when the alarm is triggered.
Search for "CloudWatch" in the AWS Management Console and select it. Ensure that you are in the US East (N. Virginia) region where the billing metric data is stored.
Click on "All alarms" in the left panel and select "Create alarm". Choose the desired metric, and scroll down to find the billing section.
Click on "Billing" and then select "Total estimated charge". Choose the desired currency (e.g., USD) and select the metric.
On the next page, define the threshold value. For example, if you want to receive an alert when your billing amount exceeds $5 USD, enter that value and click "Next".
On the "Create action" page, select "Create a new topic". Provide a name for the topic and enter your email address to receive notifications. Click "Create topic" and then click "Next".
Click on the " View in SNS Console" and then see the details of the " billing alarm for Empty wallet people" of the SNS topic.
Now, click on the "Create Subscription" button to create a subscription using your email address. Select the topic name and choose "Email" as the protocol option. Enter your email address in the endpoint option, and then click on the "Create Subscription" button.
On the next page, Provide a name and description for your alarm and configure additional settings if needed. Click "Next" to review the alarm settings, and then click "Create alarm" to create the CloudWatch alarm for monitoring your estimated AWS charges.
Go to your email and confirm the subscription to the SNS topic. This step ensures that you receive notifications when the alarm is triggered.
- The status is Ok as my billing is less than 5 USD.
By following these steps, you will create a CloudWatch alarm that triggers an SNS notification when your AWS account billing exceeds the specified threshold. You can customize the SNS topic settings to include other notification methods like SMS or mobile push notifications for better alerting capabilities.
By following the step-by-step instructions outlined in this article, you can create a free tier AWS account with enhanced security measures and effective billing management. Utilizing IAM users, enabling MFA, and setting up billing alarms will help safeguard your account and provide timely notifications to prevent unexpected costs. Take control of your AWS account and ensure efficient utilization of resources while enjoying the benefits of AWS cloud services.
Thank you for reading this blog. If you found this blog helpful, please like, share, and follow me for more blog posts like this in the future.
— Happy Learning !!!