Article by: Obafemi Deborah

Hey there,
Are you looking for a Cost-Effective AWS environment for your startup? You've just found the right content to simplify the Processes.

Are you Ready? Let's go 😇✅

Prerequisite to help you get started

• Have an AWS account

• Have a working PC

Click Here to get the essentials and benefits of using cloud facilities for your startup.

INTRODUCTION TO AWS

Amazon Web Service (AWS) is a cloud service provider that creates opportunities for organizations to cut costs and save time by providing the platforms, applications, and infrastructures required to process and save data securely. It has over 200 services as at March 2024. Examples of these services include;
• IAM (Identity Access Managemnt); Manages access to AWS resources.
• EC2 (Elastic Compute Cloud); A virtual server in the cloud.
• S3 (Simple Storage Service); A scalable Storage in the cloud.
• Lambda etc

The Two basic Ways to Access AWS are:

Command-line Interface (CLI): A terminal with a black environment or interface. Interactions are based on commands.

Graphical User Interface(GUI) also called AWS Management console; Called ClickOps. It is user-friendly, allows clicking, and uses Icons/graphics.

To Use AWS, each user must have an identity. This Identity could be

• A user; AWS addresses Identity most especially as users
• A service
• An application

There are two Major types of users in AWS;

• Root user: This is the initial user that comes with AWS. He is the account owner. Please note that it is not a good practice to continually use the root account in case of a password breach, thus the need for an IAM user.
• IAM(Identity and Access Management) users; One of AWS services that allow you to migrate an Organization’s architecture to the cloud and manage Access to AWS resources.

Migration in AWS

A cloud engineer moves an organization’s architecture to the cloud. Before migration, as a cloud engineer, you must evaluate and categorize your tasks to make migration easy.

IAM components Mostly used are;

• Users
• Groups/User groups
• Policies
• Roles

Steps to Creating a User in AWS
Launch/Signin to your AWS account

On the search bar, type “IAM”

On the left Pane, click on “Users” then click on “Create user”

Enter the User name, Check the “Provide user access…” box, select “I want to create an IAM user”, and Create your “password.” Ensure to check the box to ensure user change password at login. Then click in “Next”. It is not a good practice to save password over the browser, so click on “Never” when the prompt displays.

Next is to set permission. Choose the “Attach policy directly” option and click on “Next.”

Next, review the account, add a tag (Designation/Title) where necessary, and click “Create user.”

Finally, Copy the URL and send it to the User. Save the Credentials if need be.

Next, the User copies and pastes his/her URL in a browser. On the login page, the User logs in with his/her account ID and password. (Note that all Users created under a root Account have the same ID.)

The user is then prompted to change his/her password based on the option selected at account creation.

Note: if you are following my steps to practice, ensure to open the new IAM created in another browser, as AWS allows only one account in a browser or use ”New Incognito window.”

NOTE:
Creating an IAM user that will be able to perform/have privileges like the root account, we must attach the “AdministratorAccess” policy because by default, all users are denied access

USER GROUP in AWS:
This allows users to inherit the permission attached to a user group instead of individually attaching permission to users

Steps in Creating Groups in AWS

Select “User group” on the pane on the left and select the “Create group” button.

Enter a user group name and click on "Next

You can see that it has no user and Permission is not defined. This means that the users in the group does not have permission to do anything. Select the Group name “SupplyChain”

Next, click on “Users” then select “Add users”

Check the box of the users to be added and click on ”Add Users”

Next, select “Permissions”

Select “Add permission,” then click on “ Attach policies”

Check the box of the Policies you need and click on “attach Policy”

Before Permission was attached

After Permission is attached

POLICIES IN AWS

Policies, when associated with an entity or resource, define their permissions. It is said to be a collection of permissions.

Some Basic Policies in AWS
There are a lot of policies in AWS that allow users some privileges.

Categories of Policy creation:

1. Customer manages(Policies created by a user)
2. AWS managed( Policies Created and managed by AWS)
3. AWS managed-Job Function(Created by AWS but designed for a specific function or role e.g for billing, Readonly, Audit etc)

For example, the ReadOnly Policy can be assigned to an auditor who only needs to review an account. It helps restrict unauthorized modifications to sensitive files, reducing the risk of data tampering or malware attacks(https://www.lenovo.com/us/en)

AWS SECURITY:

Security must be considered when migrating to the Cloud for your startup. This is important for data Security and Integrity. AWS provides this feature using the IAM.

Looking at IAM in the Authorization and Authentication context, we consider the following:
WHO; Who has Access to what?
WHAT; What level of permission?
WHERE; Where to get what?
HOW; and how to get it.

One way to apply some level of security is "Enabling Multi-Factor Authentication(MFA)" feature. it checks for the following;
• Something u know( password/pin/signature)
• Something u have (token, OTP)
• Something u are(fingerprint, any biometrics)

Steps to enabling MFA

On your IAM account, click on the profile name and select "SECURITY CREDENTIALS" or from users, select the account name, then Click on "Enable MFA"

Select "ASSIGN MFA"

Download Google or MS authenticator on ur mobile phone. Select the authenticator app, then click "Next." Click on "Show QR code." Use your authenticator to scan the QR code and enter the two codes displayed. Then click on "Add MFA"

Billing and Cost Management in AWS

Using cloud facilities is not free, but it is affordable. For your startup, monitoring cost consumption for control and optimization is essential.

Steps to creating Budgets in AWS

On your IAM account, search for "budget", or on your profile name, click "Billing and Cost Management."

Next, click on "Create Budget"

You can create a Budget using a template or a Customized method

Select and fill in the necessary details then click "Create Budget"

Add alert threshold to notify you on your usage

"Review" and "create Budget"

When successfully created, we get this

Summary
Most startups are moving to the cloud because of its cost-effectiveness and ease of use. You won't have to break the bank to have your company migrate. This article has shown the ease of migration and ways to secure, optimize, and control costs using the budgeting mechanism. I'm looking forward to seeing you in the cloud.

References
Skill Africa
Achiever