Getting Started with AWS (Part 3)

If you would like to read the other parts in this article series please go to:

Introduction

The first article in this series introduced Amazon Web Services (AWS), a public cloud computing platform available from Amazon and described the free usage tier and how you can sign up for it so you can test drive AWS for 12 months. Once you’ve signed up for the AWS Free Tier, the next logical step is to become familiar with the various management and development tools provided by Amazon for creating and managing cloud resources on AWS, and that’s what the second article was about. But before you begin deploying web applications or virtual machine instances to the Amazon cloud, you need to make sure the security, billing and reporting settings for your account are configured appropriately, and that’s what this article and the next few in this series are about. We’ll start off by examining the steps you should take to secure your account and your AWS environment.

Securing your AWS account

The first step you should take is to secure the Amazon account you used when you signed up for the free usage tier. This is important because you provided your credit card information when you signed up for the AWS Free Tier, so if your Amazon account should get compromised then you might find yourself being billed for cloud services you have not used and did not intend to purchase.

Begin by signing in to the AWS Management Console using your Amazon account, then select the My Account option in the menu beneath your account name as shown in Figure 1 below:

Figure 1: Accessing the Account Settings of your AWS account.

The Account Settings page is displayed as shown in Figure 2 below:

Figure 2: Step 1 of configuring the security your AWS Account Settings.

Should you be unavailable when your account credentials become compromised you may want to configure an alternate contact for billing, operations and security for your account. This can be done by clicking Edit in the Alternate Contacts section of your Account Settings as shown in Figure 3:

Figure 3: Step 2 of configuring the security your AWS Account Settings.

Security challenge questions add an extra layer of security for protecting your AWS account because Amazon can use these questions to identify you should your account become compromised. By default there are no security challenge questions configured for your account, so it’s important to click Edit in the Configure Security Challenge Questions section of your Account Settings as shown in Figure 4 below and then select the three questions and provide the answers you want to use to secure your account:

Figure 4: Step 3 of configuring the security your AWS Account Settings.

TIP:
Be sure to record somewhere the questions you selected and the answers you provided for them. This is especially important if you’re like me and provide phony answers to such security challenge questions.

The next section of the accounts setting page prompts you to specify IAM user access to your billing information as shown in Figure 5 below. IAM stands for Identity and Access Management and this needs a bit of explanation before you can configure these settings so we’ll postpone looking at this section for the moment until the next article in this series.

Figure 5: Step 4 of configuring the security your AWS Account Settings.

The next section of the Account Settings page is called Reserved Instance Marketplace Settings and is shown in Figure 6 below:

Figure 6: Step 5 of configuring the security your AWS Account Settings.

Reserved Instances are a feature of Amazon EC2 which is the infrastructure as a service (IaaS) portion of AWS. If you’re familiar with Microsoft Azure, which is Microsoft’s IaaS cloud platform, then you know that you can use Microsoft Azure to run “virtual servers” in the cloud. These virtual servers, or “virtual machines” as Microsoft calls them, behave just like physical servers and have an operating system and can run applications like Microsoft SQL Server. Just like physical servers, virtual machines provide compute capacity you can use to run your server workloads (applications and services) in the cloud without the need of having to purchase physical server system hardware. In the Amazon world of AWS however, the term “instance” (short for “compute instance”) is used to refer to a virtual server running in Amazon EC2, and there are several different kinds of instances you can run including:

On-Demand Instances – Pay by the hour for the computing power with no long-term commitment. This is the simplest and most flexible option since you can cancel the Instance at any time with no penalty. It also makes sense to use On-Demand Instances if you’re testing and evaluating AWS using the free usage tier and don’t want to incur any costs.
Reserved Instances – Get a big discount by purchasing a Reserved Instance from AWS and committing to either a one- or three-year term. You can also purchase Reserved Instances created by third-party sellers from the AWS Reserved Instance Marketplace with a commitment of anywhere from one month to three years. Finally, you can pay for the entire term up front (which gives you the biggest discount), pay a portion up front (which gives you a big discount on the hourly rate), or simply pay the normally discounted hourly rate for Reserved Instances.
Spot Instances – Bid on unused capacity in the Amazon EC2 cloud. As long as your bid stays above the current Spot Price you can run the instance. This option can be a good choice if your Instance doesn’t need to be run continuously.

As Figure 6 above shows, if you want to access the Reserved Instance Marketplace so you can purchase and use Reserved Instances created by third party sellers, you will need to provide your business name (the name of the Seller of Record that will appear on any legal documentation Amazon sends you) along with your bank account information, and also your tax information so the appropriate IRS forms can be generated for tax exemption purposes (the walkthrough in this series focuses on US customers but there are similar VAT exemptions you can configure for non-US customers). You should be aware of these things but you don’t need to configure them at this point since you’re only using the free usage tier to test and evaluate AWS service offerings.

Figure 7 shows the final sections of the Account Settings page. There are two important things you can do here:

You can use the Cancel Services section to cancel any AWS services that you may have inadvertently signed up for. This may be useful to you as you explore AWS using the free usage tier because you might unintentionally subscribed to some AWS services that are not included in the free usage tier which can lead to unexpected billing charges to your credit card.
You can use the Close Account section to close down your AWS account. If you are no longer going to be using AWS, make sure you close down your account because if you’ve signed up for the AWS Free Tier, after 12 months have elapsed you will be charged for any AWS services you are still using such as Instances still running in Amazon EC2.

Figure 7: Step 6 of configuring the security your AWS Account Settings.

Conclusion

Now that we’ve examined how to configure the security of the Account Settings for your AWS account, the next article in this series will examine AWS Identity and Access Management (IAM), the web service that allows Amazon Web Services (AWS) customers to create and manage users and user permissions in AWS.

If you would like to read the other parts in this article series please go to:

Getting Started with AWS (Part 3)

Introduction

Securing your AWS account

Conclusion

About The Author

Mitch Tulloch

Leave a Comment Cancel Reply

Introduction

Securing your AWS account

Conclusion

About The Author

Mitch Tulloch

Read Next

Leave a Comment Cancel Reply