Skip to content
Cloudly Engineer logo

The Cloudly Engineer

Enough talk, let's build!

  • Home
  • About Me
  • All Posts
  • Downloads
  • Register
  • Other great cloud related sites
  • Password Reset
  • Log Out
Search

Tag: security questions

AWS Cloud account initial configuration

Reading time: 8 minutes

We must do a AWS cloud account initial configuration walkthrough before using any of our AWS accounts, let’s make it secure as possible. Without some of these configurations you may lose track of your resources and fail to meet basic security compliance. Also this post assumes you have created an account already.

Prerequisites

  • Download a Multi-factor authentication (MFA) app such as Google Authenticator or Authy on your phone.
  • Optionally you may purchase a hardware MFA device. Click here to find the links to buy them from Amazon.com for commercial and AWS GovCloud regions. Some facilities or company may require hardware device because personal mobile phones may be restricted in the workplace.

Account Settings

Let’s get started with account settings, contacts, currency, and GovCloud sign if it applies to you.

Sign in with your root credentials. Root credentials are an email address and a password using the “Sign-in using root account credentials“.

Click on the account username and name dropdown and select “My Account“.

Verify the correct currency is selected for your country. Edit the Alternate Contacts for each point of contact for Billing, Operations, and Security. This is rarely used by AWS to contact in case of issues in those areas. The security challenge questions and answers is a must for every account. The AWS support team will need setup in order to assist you incase of account lock outs to proof your identity.

Enable billing info access

The root credentials should be barely used. In fact here’s a link to show you what the root account should only be used for. We’re going to create users, groups, etc. in an automated fashion in upcoming posts, subscribe!

Anyway, it’s best to allow IAM groups to view billing info, not users you’ll know later why.

AWS Email Marketing preferences

Are you tired of getting bunch of AWS emails about their products, use cases, client stories and events? Or do you have multiple AWS accounts and are receiving the same email several times? Here’s the place to manage those!

Link: https://aws.amazon.com/email-preferences/

Select Email Signup & Preferences to select specific marketing topics. Select Unsubscribe from Email to totally stop all marketing emails.

Just enter the email address of the account that you want to unsubscribe from all emails. Select your reason and hit submit.

The root account is the only user that can change the AWS support plans and sign up for GovCloud (For U.S customers only, it requires approval by AWS). And lastly if you ever and truly wanted to cancel your AWS subscription then the close account option and all of its details are here and it can only be done with the root account.

Enable MFA for the root account

Another must action to take right away. Click on the username and select My Security Credentials.

Expand the MFA section and just follow the wizard.

This same page also shows a link to update the root account credentials, email, name. Expand the other sections on this page to learn what else you can do or view.

Test MFA

Sign out, then sign in again using your root credentials and verify it asks for MFA code.

MFA troubleshooting

ProblemSolution
Authy app tends to get out of sync after a whileI personally prefer Google Authenticator. If you used Authy then the trick is to use the second code that shows up after you open the app. Or click on Troubleshoot MFA below the Submit button on the MFA page as shown in the screenshot above.
some hardware MFA tokens gets out of sync. Click Troubleshoot MFA to resync it.
Completely locked outRoot account: AWS support
Other accounts: Deactivate MFA with a user account that has the permissions via the AWS CLI. Then activate MFA again.
What If an MFA Device Is Lost or Stops Working?Attempt to sign in, on the MFA page click “Troubleshoot MFA” and select “Sign in using alternative factors of authentication“
aws iam deactivate-mfa-device --user-name jdoe --serial-number arn:aws:iam::210987654321:mfa/jdoeDevice

Here’s official AWS documentation about MFA.

Navigate to the IAM dashboard to view our progress. Remember I said we’ll automate the rest soon!

So far we have completed 2 out of 5 basic security setup for this account.

Subscribe for more tutorials

John
Smith
johnsmith@example.com

As always if you see any errors, mistakes, have suggestions or questions please comment below. Don’t forget to like, share, and subscribe for more! 

December 12, 2019February 25, 2020

Waleed S.1 Comment

Recent Posts

  • Amazon EKS IAM roles and policies with Terraform August 2, 2022
  • Terraform AWS Multi-Account Setup November 19, 2021
  • Terraform AWS KMS Multi-Region Keys November 12, 2021
  • Export AWS Security Groups & rules to CSV October 27, 2021
  • Get started with EC2 Image Builder in Terraform August 23, 2021
  • AWS Three-Tier VPC with ALB in Terraform June 3, 2021
  • AWS Three-Tier VPC network with Terraform April 15, 2021
  • AWS Service Control Policies with Terraform January 16, 2021
  • AWS CloudShell December 15, 2020
  • Intro to Terragrunt and Terraform November 27, 2020
  • Create new AWS accounts with Organizations and Terraform November 16, 2020
  • Create an EC2 IAM role with Terraform October 26, 2020
  • AWS IAM groups and policies – Terraform September 1, 2020
  • AWS KMS Customer Managed CMK with Terraform August 26, 2020
  • AWS Key management service (KMS) – Part 1 May 21, 2020

Want to learn more and stay up to date?

John
Smith
johnsmith@example.com

Categories

  • Aws
  • Certifications
  • Cloud Engineer
  • Google Cloud
  • Google Firebase
  • Planning
  • Training

Tags

AMI announcement api keys app asymmetric automation aws aws-alb aws-vpc aws access keys aws accounts aws account settings aws billing aws email marketing aws kms aws mfa aws multi-account aws organizations aws sign up azure best practice certificates certification certifications certified cheat sheets cli cloud cloud accounts cloud computing cloud engineer interview questions cloud governance cloudshell cloud storage cmk cmks console-tips-tricks dns ebs ec2-iam-role ec2-security-groups eks encryption exam export-security-groups firebase firebase realtime database firebase storage free tier google google cloud GovCloud sign up guide IaC iam iam-groups iam-policies image-builder install ios JavaScript jobs keys kms mfa troubleshoot naming organize permissions realtime database root mfa route 53 routing policies s3 security security questions security rules service control policies setup swift symmetric terraform terraform-modules terraform-setup terragrunt tips tools training vpc web white-papers

Search

Give a free coffee! :)

Sign up for newsletters

John
Smith
johnsmith@example.com
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Follow me on Twitter

My Tweets
Cloudly Engineer logo
New PostsGuide to become a great cloud engineer
John
Smith
johnsmith@example.com
 

Loading Comments...