Reading time: 8 minutes
We must do a AWS cloud account initial configuration walkthrough before using any of our AWS accounts, let’s make it secure as possible. Without some of these configurations you may lose track of your resources and fail to meet basic security compliance. Also this post assumes you have created an account already.
- Download a Multi-factor authentication (MFA) app such as Google Authenticator or Authy on your phone.
- Optionally you may purchase a hardware MFA device. Click here to find the links to buy them from Amazon.com for commercial and AWS GovCloud regions. Some facilities or company may require hardware device because personal mobile phones may be restricted in the workplace.
Let’s get started with account settings, contacts, currency, and GovCloud sign if it applies to you.
Sign in with your root credentials. Root credentials are an email address and a password using the “Sign-in using root account credentials“.
Click on the account username and name dropdown and select “My Account“.
Verify the correct currency is selected for your country. Edit the Alternate Contacts for each point of contact for Billing, Operations, and Security. This is rarely used by AWS to contact in case of issues in those areas. The security challenge questions and answers is a must for every account. The AWS support team will need setup in order to assist you incase of account lock outs to proof your identity.
Enable billing info access
The root credentials should be barely used. In fact here’s a link to show you what the root account should only be used for. We’re going to create users, groups, etc. in an automated fashion in upcoming posts, subscribe!
Anyway, it’s best to allow IAM groups to view billing info, not users you’ll know later why.
AWS Email Marketing preferences
Are you tired of getting bunch of AWS emails about their products, use cases, client stories and events? Or do you have multiple AWS accounts and are receiving the same email several times? Here’s the place to manage those!
Select Email Signup & Preferences to select specific marketing topics. Select Unsubscribe from Email to totally stop all marketing emails.
Just enter the email address of the account that you want to unsubscribe from all emails. Select your reason and hit submit.
The root account is the only user that can change the AWS support plans and sign up for GovCloud (For U.S customers only, it requires approval by AWS). And lastly if you ever and truly wanted to cancel your AWS subscription then the close account option and all of its details are here and it can only be done with the root account.
Enable MFA for the root account
Another must action to take right away. Click on the username and select My Security Credentials.
Expand the MFA section and just follow the wizard.
This same page also shows a link to update the root account credentials, email, name. Expand the other sections on this page to learn what else you can do or view.
Sign out, then sign in again using your root credentials and verify it asks for MFA code.
|Authy app tends to get out of sync after a while||I personally prefer Google Authenticator. If you used Authy then the trick is to use the second code that shows up after you open the app. Or click on Troubleshoot MFA below the Submit button on the MFA page as shown in the screenshot above.|
|some hardware MFA tokens gets out of sync.||Click Troubleshoot MFA to resync it.|
|Completely locked out||Root account: AWS support|
Other accounts: Deactivate MFA with a user account that has the permissions via the AWS CLI. Then activate MFA again.
|What If an MFA Device Is Lost or Stops Working?||Attempt to sign in, on the MFA page click “Troubleshoot MFA” and select “Sign in using alternative factors of authentication“|
aws iam deactivate-mfa-device --user-name jdoe --serial-number arn:aws:iam::210987654321:mfa/jdoeDevice
Here’s official AWS documentation about MFA.
Navigate to the IAM dashboard to view our progress. Remember I said we’ll automate the rest soon!
Subscribe for more tutorials
As always if you see any errors, mistakes, have suggestions or questions please comment below. Don’t forget to like, share, and subscribe for more!