INTRODUCTION

In the rapidly evolving digital world of today, startups are increasingly turning to cloud services to build and scale their operations quickly and efficiently. Amazon Web Services (AWS) stands out as a popular choice, because it offers a wide range of tools and services that can be tailored to meet the specific needs of any business, regardless of size. However, for small tech startups with limited budgets, the challenge lies in setting up and managing an AWS environment that is both effective and budget friendly.

AWS ENVIRONMENT FAMILIARIZATION

Introduction to AWS Management Console
The AWS Management Console is a web-based interface provided by Amazon Web Services (AWS) that serves as the central hub for managing and interacting with AWS resources. It offers a graphical user interface (GUI) that allows users to easily navigate through and control a wide array of AWS services, such as computing power (EC2), storage (S3), databases (RDS), and Identity and Access management(IAM)among others.
The AWS Management Console is significant because it simplifies the complex task of managing cloud infrastructure. By providing a visual and interactive interface, it allows users to configure, monitor, and optimize their AWS resources without needing deep technical expertise.click here to go amazon
Create an account if you don't have an existing one by following the green arrow and Sign in into an existing account following the brown arrow.

Navigating Key AWS Services
Understanding how to navigate key services within the AWS Management Console is crucial for setting up and managing a cost-effective cloud environment. Here is a guide to navigating three of the most important AWS services: EC2, S3, and IAM.
Once logged into the AWS Management Console, search "EC2","S3", or "IAM" through the search bar and select as appropriate. The picture below shows an example of using the search bar to navigate "EC2".

Alternatively, you can navigate through the services menu to locate the services.
For "EC2", navigate to the "Compute" section in the services menu and click on EC2. The picture showing it is attached below.

For "S3", find it under the "Storage" section in the services menu. The picture is also attach below.

For "IAM", select it from the "Security, Identity, & Compliance" section in the services menu. The picture is attach below

BASIC IAM SETUP

Creating an IAM User
Using the root account for everyday operations is risky and can lead to security vulnerabilities. By creating IAM users with appropriate permissions, you can significantly enhance the security, manageability, and scalability of your AWS environment. This practice not only protects your startup’s resources but also ensures that you maintain a well-organized and secure cloud infrastructure.
Steps to create an IAM User
Step 1: Sign in to the AWS Management Console.
Step 2: Navigate to the IAM Service.
Step 3: In the IAM dashboard, click on "Users" in the left-hand navigation pane.
Step 4: Click the "Create new users" button at the top of the page to start creating a new user.

Step 5: Enter a unique username for the new user. This can be a name or an identifier that reflects the user’s role or function within your organization.
Step 6: Grant the user access to the AWS CLI, SDKs, and APIs. Select this option if the user needs to interact with AWS programmatically.

Step 7: Grant the user access to the AWS Management Console via a username and password. Select this option if the user needs to log in to the console.


Step 8: You can use an autogenerate for your password but it is preferable to create your personal password.
Step 9: Clicking "user must create a new password at next sign-in" will give the user permission to change the password.
Step 10: Choose from a list of predefined AWS policies to attach to the user. For example, you can assign the "AdministratorAccess" policy for full permissions or "ReadOnlyAccess" for limited access.
Step 11: If you have predefined IAM groups, you can add the user to a group that already has the necessary permissions attached.
Step 12: If another user already has the permissions you want to assign, you can copy their permissions directly.
Step 13: If you want to add permissions later, you can skip this step for now and click to the next step.


Step 14: You can add metadata to the user by assigning tags. Tags are key-value pairs that help you organize and track users in your AWS account. For example, you can add tags like Department: Finance or Role: Developer.
Step 15: On the review page, double-check the user details, access types, and permissions you’ve assigned.
Step 16: Once you’re satisfied with the configuration, click the "Create User" button.

Step 17: After creating the user, you’ll receive a confirmation page with the user’s access credentials. This may include a password (for console access) or an access key ID and secret access key (for programmatic access).
Step 18: Download the .csv file containing the user’s credentials, or copy the credentials to share with the user. Ensure these credentials are stored securely.

Creating an IAM group
Step 1: In the IAM dashboard, click on "User Groups" on the left-hand navigation pane.
Step 2: Click the "Create Group" button at the top of the User Groups page to begin the process.

Step 3: Enter a name for the group that reflects the roles or responsibilities of the users who will be added to it. For example, you might name the group "Developers," "FinanceTeam," or "ReadOnlyUsers." Make sure the name is unique within your AWS account.

Step 4: Once you’re satisfied with the configuration, click the "Create Group" button.
.

How to Add Users to the Group
After creating the group, you can add users to it. This can be done by selecting the group from the "User Groups" list, then clicking "Add Users to Group." You’ll be presented with a list of existing IAM users. Check the boxes next to the users you want to add and click "Add Users."


How to Attach Policies to the Group
Step 1:Click on the name of the group to which you want to add policies. This will take you to the group’s detail page.
Step 2: On the group’s detail page, find the "Permissions" tab and click on the "Add Permissions" button.
Step 3: Select the "Attach policies directly" option. This allows you to search for and attach existing IAM policies to the group.

Step 4: You can search for policies by name or filter them by policy type (AWS Managed or Customer Managed). Common policies include "AdministratorAccess," "PowerUserAccess," or "ReadOnlyAccess."
Step 5: Check the boxes next to the policies you want to attach to the group.
Step 6: Click the "Attach policies" button to finalize the process. The selected policies will now be attached to the group, and all users in the group will inherit these permissions.

The Group now has policies and users attached to it.

How to add Policies to Users
In AWS Identity and Access Management (IAM), a policy is a document written in JSON (JavaScript Object Notation) format that defines permissions. Policies specify what actions are allowed or denied for certain AWS resources. They are used to manage access control across AWS services by attaching these policies to users, groups, roles, or directly to resources.

Types of Policy

1. AWS-managed policies: These are pre-built policies created and maintained by AWS. They are designed to provide permissions for common use cases, such as providing administrative access, read-only access, or specific service access. AWS managed policies are ideal for quickly granting standard permissions without the need to create your own policies. These policies are maintained and updates by AWS.
2. Customer-managed policies: These are policies that you create and manage within your AWS account. Customer managed policies allow you to define specific permissions tailored to your organizational needs. Use customer managed policies when you need customized permissions that aren’t covered by AWS managed policies. You are responsible for creating, updating, and maintaining these policies.

How to create customer managed policies
Step 1: In the IAM dashboard, click on "Policies" in the left-hand navigation pane. This page lists all existing policies, both AWS-managed and custom-managed.
Step 2: Click on the "Create Policy" button at the top of the Policies page.

Step 3:You can create the policy using either the Visual Editor or by manually entering JSON.
Step 4: If you are comfortable with writing the JSON, switch to the "JSON" tab and enter the policy document directly. You can define the policy by specifying "Version", "Statement", "Effect", "Action", and "Resource" fields. For example.

Step 5: Once you’ve defined the permissions, click "Next: Tags" to add any optional tags, then "Next: Review" to see a summary of the policy.

Step 6: Provide a unique name for your custom managed policy. You can also add an optional description to explain its purpose.

Step 7: After reviewing the details, click the "Create Policy" button to save your custom managed policy.

Setting Up AWS Budgets

Step 1: In the search bar at the top of the AWS Management Console, type "Budgets" and select "Budgets" from the dropdown. You’ll be directed to the AWS Budgets dashboard, which provides an overview of your current budgets and expenditures.

Step 2: Click on the "Create a budget" button on the Budgets dashboard.

Step 3: Choose either template or customized for your budget set up.
Step 4: AWS provides different budget types, such as "Cost Budget," "Usage Budget," "Savings Plans Budget," and "Reserved Instance Budget." For tracking costs. Select "Cost Budget" because it tracks your costs against a specified amount and click "Next".

Step 5:Enter a descriptive name for your budget.
Step 6: Choose the time period for your budget, such as Monthly, Quarterly, or Annually.
Step 7: Select when the budget should start. You can choose an immediate start or set a future date.
Step 8: Optionally, set an end date, or choose "No end date" if you want the budget to continue indefinitely.

Step 9: Enter the amount you want to budget for the selected period. For example, if you want to track your monthly spending and keep it under $500, you will use "1" as the amount.

Step 10: Define the scope of your budget. You can include or exclude specific services, linked accounts, tags, and more.
Step 11: AWS allows you to refine your budget by adding filters for specific services, linked accounts, regions, and more.


Step 12: Decide when you want to receive alerts. For example, you can set an alert for when your costs exceed 80% of your budget.
Step 13: Enter the percentage of the budget that will trigger an alert. Common thresholds are 50%, 80%, and 100%.
Step 14:Enter the email addresses that should receive the alerts. You can add multiple recipients if needed. And click on "next".

Step 15: AWS allows you to set alerts based on actual spending or forecasted spending. You can set different thresholds for both types.
Step 16: Before finalizing, review all the details to ensure everything is accurate. Click the "Create budget" button to finalize your setup. Your budget will now be active, and AWS will start tracking your costs against it.

Return to the AWS Budgets dashboard to monitor your spending and budget performance. You can view detailed reports, adjust the budget, or modify alert thresholds as needed. When your spending approaches or exceeds your set thresholds, AWS will automatically send alerts to the specified email addresses.

CONCLUSION

Setting up a cost-effective AWS environment is crucial for any small tech startup aiming to leverage cloud services without overspending. By familiarizing yourself with the AWS Management Console, creating and managing IAM users and groups, and implementing cost monitoring through budgets and alerts, you can establish a secure, scalable, and financially sustainable cloud infrastructure. This approach not only optimizes resource usage but also ensures that the startup remains within its budgetary constraints, allowing it to focus on growth and innovation. Properly managing your AWS environment from the outset lays a strong foundation for future success in the cloud.