-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.json
71 lines (71 loc) · 16.7 KB
/
index.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
[
{
"uri": "/1-create-new-aws-account/",
"title": "Creating a new AWS account",
"tags": [],
"description": "",
"content": "Content:\n Create an AWS Account Add a payment method Verify your phone number Choose an AWS Support plan Wait for your account to be activated Create an AWS Account Go to the Amazon Web Services (AWS) home page. Click Create an AWS Account in the top right corner. Note: If you signed in to AWS recently, click Sign in to the Console. If Create a new AWS account isn\u0026rsquo;t visible, first click on Sign in to a different account, and then click Create a new AWS account. Enter the account information and and then select Continue. Important: Make sure you enter the correct information, especially email. Select the type of account. Note: Personal and Professional both share the same features. Enter your company or personal information. Important: For professional AWS accounts, it\u0026rsquo;s a best practice to enter the company phone number rather than a personal cell phone. Read and agree to the AWS Customer Agreement. Select Create Account and Continue. Add a payment method On the Payment Information page, enter the information about your payment method, and then choose Verify and Add.\n Note: If you want to use a different billing address for your AWS billing information, select Use a new address before you select Verify and Add. Verify your phone number Choose your country or region code from the list. Enter a phone number where you can be reached in the next few minutes. Enter the code displayed in the CAPTCHA, and then submit. In a few moments, an automated system contacts you. Enter the PIN you receive, and then choose Continue. Choose an AWS Support plan On the Select a Support Plan page, choose one of the available Support plans. For a description of the available Support plans and their benefits, see Compare AWS Support Plans. Wait for your account to be activated After you choose a Support plan, a confirmation page indicates that your account is being activated. Accounts are usually activated within a few minutes, but the process might take up to 24 hours.\nYou can sign in to your AWS account during this time. The AWS home page might display a Complete Sign Up button during this time, even if you\u0026rsquo;ve completed all the steps in the sign-up process.\nOnce your account is fully activated, you will receive a confirmation email. Check your email and spam folder for the confirmation email. After you receive this email, you have full access to all AWS services.\n"
},
{
"uri": "/",
"title": "Setting up an AWS account",
"tags": [],
"description": "",
"content": "Creating your first AWS account Overview In this first lab, you will be creating your new AWS account and use Multi-factor Authentication (MFA) to improve your account security. Next, you will create an Administrator Group and Admin User to manage access to resources in your account instead of using the root user.\nFinally, we will step through account authentication with AWS Support in the event you experience authentication problems.\nAWS Account An AWS account is the basic container for all the AWS resources you can create as an AWS customer. By default, each AWS account will have a root user. The root user has full access within your AWS account, and root user permissions cannot be limited. When you first create your AWS account, you will be assessing it as the root user.\nAs a best practice, do not use the AWS account root user for any task where it\u0026rsquo;s not required. Instead, create a new IAM user for each person that requires administrator access. Thereafter, the users in the administrators user group should set up the user groups, users, and so on, for the AWS account. All future interaction should be through the AWS account\u0026rsquo;s users and their own keys instead of the root user. However, to perform some account and service management tasks, you must log in using the root user credentials.\n\rMulti-Factor Authentication (MFA) MFA adds extra security because it requires users to provide unique authentication from an AWS supported MFA mechanism in addition to their regular sign-in credentials when they access AWS websites or services.\nIAM User Group An IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. Any user in that user group automatically has the permissions that are assigned to the user group.\nIAM User An IAM user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. A user in AWS consists of a name and credentials.\nPlease note that an IAM user with administrator permissions is not the same thing as the AWS account root user.\nAWS Support AWS Basic Support offers all AWS customers access to our Resource Center, Service Health Dashboard, Product FAQs, Discussion Forums, and Support for Health Checks – at no additional charge. Customers who desire a deeper level of support can subscribe to AWS Support at the Developer, Business, or Enterprise level.\nCustomers who choose AWS Support gain one-on-one, fast-response support from AWS engineers. The service helps customers use AWS\u0026rsquo;s products and features. With pay-by-the-month pricing and unlimited support cases, customers are freed from long-term commitments. Customers with operational issues or technical questions can contact a team of support engineers and receive predictable response times and personalized support.\nMain Content Creating a new AWS Account Setting up MFA for the AWS Account root user Creating an Administrator Accounts and Groups Getting support for Account Authentication "
},
{
"uri": "/2-mfa-setup-for-aws-user-root/1-virtual-mfa-device/",
"title": "Virtual MFA Devices",
"tags": [],
"description": "",
"content": "\rTo enable MFA, you need to log in to AWS using the root user.\n\rActivate virtual MFA devices via Console To set up and activate virtual MFA devices:\n Sign-in to the AWS Console. In the upper right corner, you will see your account name. Click the drop-down and select My Security Credentials. Expand Multi-factor authentication (MFA) and select Active MFA. In Manage MFA Device, select Virtual MFA device then select Continue. Install a compatible Authenticator application on your phone. After installing the app, select Show QR Code and use your Authenticator application to scan the QR code. Sample MFA registration with Microsoft Authenticator: In the MFA code 1 box, enter 6 numeric characters from the app. Wait 30 seconds or until the next refresh, then enter the next 6 characters into the MFA Code 2 box and select Assign MFA. You have now completed activating your virtual MFA device! "
},
{
"uri": "/2-mfa-setup-for-aws-user-root/",
"title": "MFA for AWS Accounts",
"tags": [],
"description": "",
"content": "For increased security, we recommend that you configure multi-factor authentication (MFA) to help protect your AWS resources.\nYou can enable one MFA device (of any kind) per root user or IAM user.\nIn this guide, we will go through 3 MFA options:\n Virtual MFA devices (applications) on your smartphone such as Microsoft Authenticator, Google Authenticator, or Okta Verify. Physical U2F security key such as a YubiKey. Hardware MFA devices such as the Gemalto token. "
},
{
"uri": "/2-mfa-setup-for-aws-user-root/2-u2f-security-key/",
"title": "U2F Security Key",
"tags": [],
"description": "",
"content": "\rThe following steps require a U2F security key.\n\rEnable U2F security key via Console U2F is an open authentication standard hosted by the FIDO Alliance. When you enable a U2F key in AWS, the U2F security key creates a new key pair for use with only AWS. First, you enter your credentials. When prompted, you tap the U2F security key, which responds to the authentication challenge issued by AWS.\n Sign-in to AWS Console. In the upper right corner, you\u0026rsquo;ll see your account name, select and select My Security Credentials. Note: To manage a U2F security key for your own IAM user while protecting sensitive MFA-related actions, you must have the permissions from the following policy.\n In the left bar, select Policies then select Create policy. Select JSON tab and paste the policy document from below: {\r\u0026#34;Version\u0026#34;: \u0026#34;2012-10-17\u0026#34;,\r\u0026#34;Statement\u0026#34;: [\r{\r\u0026#34;Sid\u0026#34;: \u0026#34;AllowManageOwnUserMFA\u0026#34;,\r\u0026#34;Effect\u0026#34;: \u0026#34;Allow\u0026#34;,\r\u0026#34;Action\u0026#34;: [\r\u0026#34;iam:DeactivateMFADevice\u0026#34;,\r\u0026#34;iam:EnableMFADevice\u0026#34;,\r\u0026#34;iam:GetUser\u0026#34;,\r\u0026#34;iam:ListMFADevices\u0026#34;,\r\u0026#34;iam:ResyncMFADevice\u0026#34;\r],\r\u0026#34;Resource\u0026#34;: \u0026#34;arn:aws:iam::*:user/${aws:username}\u0026#34;\r},\r{\r\u0026#34;Sid\u0026#34;: \u0026#34;DenyAllExceptListedIfNoMFA\u0026#34;,\r\u0026#34;Effect\u0026#34;: \u0026#34;Deny\u0026#34;,\r\u0026#34;NotAction\u0026#34;: [\r\u0026#34;iam:EnableMFADevice\u0026#34;,\r\u0026#34;iam:GetUser\u0026#34;,\r\u0026#34;iam:ListMFADevices\u0026#34;,\r\u0026#34;iam:ResyncMFADevice\u0026#34;\r],\r\u0026#34;Resource\u0026#34;: \u0026#34;arn:aws:iam::*:user/${aws:username}\u0026#34;,\r\u0026#34;Condition\u0026#34;: {\r\u0026#34;BoolIfExists\u0026#34;: {\r\u0026#34;aws:MultiFactorAuthPresent\u0026#34;: \u0026#34;false\u0026#34;\r}\r}\r}\r]\r}\rSelect Next: Tags. You\u0026rsquo;ll be presented with a screen about Tags, a tool used to identify groups of AWS resources. Select Next: Review. This is a screen that allows you to review the policy that you are creating. Enter the name of the policy (for example, MFAHardDevice) and select Create policy. In the left bar, select Dashboard and then select Enable MFA. Expand Multi-factor authentication (MFA) and then select Active MFA. Under Manage MFA Device, select U2F security key then press Continue. Plug the U2F security key into your computer. Follow the on-screen prompts to press the U2F security key, and then select Close when U2F is successfully set up. "
},
{
"uri": "/3-create-admin-user-and-group/",
"title": "Creating an Administrator Group and Admin User",
"tags": [],
"description": "",
"content": "Creating an Admininistrator Group Log-in to the AWS Console from the AWS Web Services homepage Navigate to the Identity and Access Management (IAM) page by either: Clicking on the account name in the top right corner and select My Security Credentials Typing IAM into the services search-bar and selecting \u0026lsquo;IAM\u0026rsquo; From the left pane, select User Groups then select Create Group Under Name the group, enter the Group name (For example, AdminGroup) and scroll down the page. In the Attach permissions policies section, type AdministratorAccess in the search box and select the checkbox. Finally, select Create Group. Creating an Admin User From the left pane of the IAM console, select Users then click on Add User. Enter a User name (For example, AdminUser). To allow the user to be authenticated for web-console access, check AWS Management Console access. To allow the user to be authenticated for AWS API, CLI, and SDK access, check Programmatic Access. To set your own password instead of using an autogenerated one, click Custom password and type in your desired password. Uncheck User must create a new password at next sign-in to avoid being prompted to create a new password on the first login. (note: you must remember this password for future logins) Click Next:Permissions. Click the Add user to group tab and select AdminGroup which we had created earlier. Click Next:Tags Tags are an optional option to organize, track, or control user access, so you can either add your appropriate tags or skip this step. Click Next:Review. Review the user details then select Create User. After creating the user, you will offered to download a file containing the access credentials as needed. Please store this securely until the credentials have been communicated with your users. Once they are able to access their IAM users, you may securely delete this file.\n\r "
},
{
"uri": "/2-mfa-setup-for-aws-user-root/3-other-hardware-mfa-device/",
"title": "Hardware MFA Device",
"tags": [],
"description": "",
"content": "\rThe following steps require a hardware MFA device.\n\rEnabling a hardware MFA device through Console A hardware MFA device generates a six-digit numeric code based upon a time-synchronized one-time password algorithm. Hardware MFA devices and U2F security keys are both physical devices that you purchase. The difference is that hardware MFA devices generate a code that you view and then enter when prompted when signing it to AWS.\n Sign-in to the AWS Console. In the upper right corner, you\u0026rsquo;ll see your account name, select and select My Security Credentials. Note: To manage a hardware MFA device for your own IAM user while protecting sensitive MFA-related actions, you must have the permissions from the following policy.\n In the left bar, select Policies then select Create policy. Select JSON tab and paste the policy document from below: {\r\u0026#34;Version\u0026#34;: \u0026#34;2012-10-17\u0026#34;,\r\u0026#34;Statement\u0026#34;: [\r{\r\u0026#34;Sid\u0026#34;: \u0026#34;AllowManageOwnUserMFA\u0026#34;,\r\u0026#34;Effect\u0026#34;: \u0026#34;Allow\u0026#34;,\r\u0026#34;Action\u0026#34;: [\r\u0026#34;iam:DeactivateMFADevice\u0026#34;,\r\u0026#34;iam:EnableMFADevice\u0026#34;,\r\u0026#34;iam:GetUser\u0026#34;,\r\u0026#34;iam:ListMFADevices\u0026#34;,\r\u0026#34;iam:ResyncMFADevice\u0026#34;\r],\r\u0026#34;Resource\u0026#34;: \u0026#34;arn:aws:iam::*:user/${aws:username}\u0026#34;\r},\r{\r\u0026#34;Sid\u0026#34;: \u0026#34;DenyAllExceptListedIfNoMFA\u0026#34;,\r\u0026#34;Effect\u0026#34;: \u0026#34;Deny\u0026#34;,\r\u0026#34;NotAction\u0026#34;: [\r\u0026#34;iam:EnableMFADevice\u0026#34;,\r\u0026#34;iam:GetUser\u0026#34;,\r\u0026#34;iam:ListMFADevices\u0026#34;,\r\u0026#34;iam:ResyncMFADevice\u0026#34;\r],\r\u0026#34;Resource\u0026#34;: \u0026#34;arn:aws:iam::*:user/${aws:username}\u0026#34;,\r\u0026#34;Condition\u0026#34;: {\r\u0026#34;BoolIfExists\u0026#34;: {\r\u0026#34;aws:MultiFactorAuthPresent\u0026#34;: \u0026#34;false\u0026#34;\r}\r}\r}\r]\r}\rSelect Next: Tags. You\u0026rsquo;ll be presented with a screen about Tags, a tool used to identify groups of AWS resources. Select Next: Review. This is a screen that allows you to review the policy that you are creating. Enter the name of the policy (for example, MFAHardDevice) and select Create policy. In the left bar, select Dashboard and then select Enable MFA. Expand Multi-factor authentication (MFA) and then select Active MFA. Under Manage MFA Device, select Other Hardware MFA Device then press Continue. Enter Serial Number in the back of the device. Enter MFA code 1. Wait 30 seconds or until the code changes, then enter MFA code 2. Select Assign MFA. "
},
{
"uri": "/4-verify-new-account/",
"title": "Getting Support for Account Authentication",
"tags": [],
"description": "",
"content": "During AWS account setup, sometimes problems may arise when validating contact number information, such as failure to receive SMS messages or calls from the AWS. To remediate this issue, please follow the following steps to complete the vation of the account information:\nContent:\n Verify your account information Create a support case with AWS Support Verify your account information Kindly check your account details again and make sure they are entered correctly:\n Check that the phone number and international calling code are correctly enetered to receive SMS or calls. If you use a mobile phone, check your phone to make sure you are still within coverage to receive SMS or calls. Check that the payment method information has been entered correctly. Create a support case with AWS Support If you are still not able to receive an SMS message or authentication call even after verifying your account information, please contact AWS Support to assist you in manually activating your account.\n Go to the AWS Support Console and select Create case. Select Account and billing support and enter the support information:\nType: Select Account.\nCategory: Select Activation.\nSubject: Write your encounter briefly (e.g. Did not receive an SMS message or call for verification)\nDescription: Provide details of your situation.\nAttachments: Attach any images which may lend greater clarify to the situation.\n Under Contact options, select Chat in Contact methods. Click Submit. The AWS Support team will contact you and assist in activating your account. You can create support requests with AWS Support even if your account is not activated.\n\r"
},
{
"uri": "/categories/",
"title": "Categories",
"tags": [],
"description": "",
"content": ""
},
{
"uri": "/tags/",
"title": "Tags",
"tags": [],
"description": "",
"content": ""
}]