Complete AWS Setup Guide: From Subscription to Configuration with Hands-On Labs

Introduction

Amazon Web Services (AWS) is the world’s leading cloud platform, offering over 200 services for computing, storage, databases, networking, and more. Whether you’re a beginner developer, startup founder, or enterprise architect, this comprehensive guide will walk you through everything you need to know about getting started with AWS.

Understanding AWS Pricing and Account Types

Before diving into setup, it’s crucial to understand AWS’s pricing model and account options.

AWS Free Tier

AWS offers a generous Free Tier that includes:

  • 12 months free: Services like EC2 (750 hours/month), S3 (5GB storage), RDS (750 hours/month)
  • Always free: DynamoDB (25GB), Lambda (1M requests/month), CloudWatch (10 metrics)
  • 12-month trials: Services like Redshift, ElasticSearch, and more

The Free Tier is perfect for learning, development, and small-scale applications.

Paid Accounts

For production workloads, AWS offers several support plans:

  • Basic: Free, community support only
  • Developer: $29/month, business hours email support
  • Business: $100/month, 24/7 phone/email support
  • Enterprise: $15,000/month, dedicated support team

Step 1: Creating Your AWS Account

Prerequisites

  • Valid email address
  • Phone number for verification
  • Credit or debit card (even for Free Tier)
  • Government-issued ID (for identity verification)

Account Creation Process

  1. Visit AWS Homepage
  2. Enter Account Details Email: [email protected] Password: Use a strong password (12+ characters) AWS Account Name: Choose a descriptive name
  3. Contact Information
    • Select account type (Personal or Professional)
    • Fill in complete address information
    • Agree to AWS Customer Agreement
  4. Payment Information
    • Add credit/debit card details
    • AWS charges $1 for verification (refunded within 3-5 days)
  5. Identity Verification
    • Choose phone call or SMS verification
    • Enter the PIN received during verification
  6. Support Plan Selection
    • Start with Basic (free) support plan
    • You can upgrade later as needed

Account Verification Timeline

  • Email verification: Immediate
  • Phone verification: 1-2 minutes
  • Payment verification: 1-24 hours
  • Full account activation: Up to 24 hours

Step 2: Initial Account Security Configuration

Security should be your first priority after account creation.

Enable Multi-Factor Authentication (MFA)

Lab 1: Setting up MFA for Root Account

  1. Access Security Credentials
    • Sign in to AWS Console
    • Click your account name → Security Credentials
    • Navigate to “Multi-factor authentication (MFA)”
  2. Configure Virtual MFA Device # Install authenticator app on your phone: # - Google Authenticator # - Microsoft Authenticator # - Authy
  3. Setup Process
    • Click “Activate MFA”
    • Choose “Virtual MFA device”
    • Scan QR code with authenticator app
    • Enter two consecutive MFA codes
    • Save recovery codes securely

Create IAM Users

Never use the root account for daily operations. Create IAM users instead.

Lab 2: Creating Your First IAM User

  1. Navigate to IAM Service Services → Security, Identity & Compliance → IAM
  2. Create New User Users → Add Users Username: admin-user Access type: ✓ Programmatic access ✓ AWS Management Console access Console password: Custom password Require password reset: ✓ (recommended)
  3. Attach Policies Attach existing policies directly Search and select: AdministratorAccess
  4. Review and Create
    • Download the CSV file containing:
      • Access Key ID
      • Secret Access Key
      • Console login link
    • Store these credentials securely

Configure Password Policy

Lab 3: Setting Up Account Password Policy

  1. Access Account Settings IAM → Account settings → Password policy
  2. Configure Policy Minimum password length: 12 characters ✓ Require at least one uppercase letter ✓ Require at least one lowercase letter ✓ Require at least one number ✓ Require at least one non-alphanumeric character ✓ Allow users to change their own password Password expiration: 90 days Remember last: 24 passwords

Step 3: Understanding AWS Regions and Availability Zones

AWS operates in multiple geographic regions worldwide, each containing multiple Availability Zones (AZs).

Key Concepts

Regions: Geographic areas containing multiple AZs

  • Examples: us-east-1 (N. Virginia), eu-west-1 (Ireland)
  • Choose based on latency, compliance, and service availability

Availability Zones: Isolated data centers within a region

  • Each region has 2-6 AZs
  • Designed for fault tolerance and high availability

Edge Locations: Content delivery network (CDN) endpoints

  • 400+ locations globally
  • Used by CloudFront for content caching

Choosing the Right Region

Consider these factors:

  1. Latency: Choose regions close to your users
  2. Compliance: Some data must stay in specific jurisdictions
  3. Service Availability: Not all services are available in all regions
  4. Cost: Pricing varies by region

Lab 4: Exploring Regions and Services

  1. Check Current Region Look at top-right corner of AWS Console Current region displayed (e.g., "US East (N. Virginia)")
  2. Switch Regions Click region dropdown → Select different region Notice how available services may change
  3. Service Availability Check # Use AWS CLI to list available regions for a service aws ec2 describe-regions --output table aws rds describe-source-regions --output table

Step 4: Installing and Configuring AWS CLI

The AWS Command Line Interface (CLI) provides programmatic access to AWS services.

Installation

Windows:

# Using MSI installer
Download from: https://awscli.amazonaws.com/AWSCLIV2.msi
# Or using pip
pip install awscli

macOS:

# Using Homebrew
brew install awscli
# Or using installer
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

Linux:

# Ubuntu/Debian
sudo apt update
sudo apt install awscli
# Or using pip
pip3 install awscli

Configuration

Lab 5: Configuring AWS CLI

  1. Run Configuration Command aws configure
  2. Enter Credentials AWS Access Key ID: [Your Access Key from IAM user] AWS Secret Access Key: [Your Secret Key] Default region name: us-east-1 Default output format: json
  3. Test Configuration # Test connectivity aws sts get-caller-identity # Expected output: { "UserId": "AIDACKCEVSQ6C2EXAMPLE", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/admin-user" }
  4. Configure Multiple Profiles # Create additional profiles aws configure --profile development aws configure --profile production # Use specific profile aws s3 ls --profile development

Step 5: Core AWS Services Setup and Configuration

Amazon EC2 (Elastic Compute Cloud)

EC2 provides scalable computing capacity in the cloud.

Lab 6: Launching Your First EC2 Instance

  1. Navigate to EC2 Dashboard Services → Compute → EC2
  2. Launch Instance Click "Launch Instance" Name: my-first-instance
  3. Choose AMI (Amazon Machine Image) Amazon Linux 2 AMI (HVM) - SSD Volume Type Architecture: 64-bit (x86)
  4. Select Instance Type t2.micro (Free tier eligible) 1 vCPU, 1 GB RAM
  5. Configure Instance Details Number of instances: 1 Network: Default VPC Subnet: Default Auto-assign Public IP: Enable
  6. Add Storage Root volume: 8 GB (gp2) Delete on termination: ✓
  7. Add Tags Key: Name, Value: MyFirstInstance Key: Environment, Value: Development
  8. Configure Security Group Security group name: my-first-sg Description: Security group for my first instance Rules: - SSH (22) from My IP - HTTP (80) from Anywhere
  9. Launch and Create Key Pair Key pair name: my-first-keypair Download .pem file and store securely

Connecting to Your Instance:

# Linux/Mac
chmod 400 my-first-keypair.pem
ssh -i "my-first-keypair.pem" ec2-user@[public-ip]

# Windows (using PuTTY)
# Convert .pem to .ppk using PuTTYgen
# Use .ppk file in PuTTY connection

Amazon S3 (Simple Storage Service)

S3 provides object storage with unlimited capacity.

Lab 7: Creating and Configuring S3 Bucket

  1. Create Bucket # Using AWS CLI aws s3 mb s3://my-unique-bucket-name-12345 # Or via Console: Services → Storage → S3 → Create bucket
  2. Upload Objects # Create a test file echo "Hello AWS!" > test.txt # Upload to S3 aws s3 cp test.txt s3://my-unique-bucket-name-12345/ # List objects aws s3 ls s3://my-unique-bucket-name-12345/
  3. Configure Bucket Policy { "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-unique-bucket-name-12345/*" } ] }
  4. Enable Versioning aws s3api put-bucket-versioning \ --bucket my-unique-bucket-name-12345 \ --versioning-configuration Status=Enabled

Amazon RDS (Relational Database Service)

Lab 8: Setting Up MySQL Database

  1. Create DB Subnet Group aws rds create-db-subnet-group \ --db-subnet-group-name my-db-subnet-group \ --db-subnet-group-description "My DB subnet group" \ --subnet-ids subnet-12345 subnet-67890
  2. Launch RDS Instance aws rds create-db-instance \ --db-instance-identifier my-database \ --db-instance-class db.t3.micro \ --engine mysql \ --master-username admin \ --master-user-password MySecurePassword123! \ --allocated-storage 20 \ --vpc-security-group-ids sg-12345 \ --db-subnet-group-name my-db-subnet-group
  3. Connect to Database mysql -h my-database.cluster-xxxxx.us-east-1.rds.amazonaws.com \ -u admin -p

Step 6: Networking Configuration

Virtual Private Cloud (VPC)

Lab 9: Creating Custom VPC

  1. Create VPC aws ec2 create-vpc --cidr-block 10.0.0.0/16
  2. Create Subnets # Public subnet aws ec2 create-subnet \ --vpc-id vpc-12345 \ --cidr-block 10.0.1.0/24 \ --availability-zone us-east-1a # Private subnet aws ec2 create-subnet \ --vpc-id vpc-12345 \ --cidr-block 10.0.2.0/24 \ --availability-zone us-east-1b
  3. Create Internet Gateway aws ec2 create-internet-gateway aws ec2 attach-internet-gateway \ --internet-gateway-id igw-12345 \ --vpc-id vpc-12345
  4. Configure Route Tables # Create route table for public subnet aws ec2 create-route-table --vpc-id vpc-12345 # Add route to internet gateway aws ec2 create-route \ --route-table-id rtb-12345 \ --destination-cidr-block 0.0.0.0/0 \ --gateway-id igw-12345

Step 7: Monitoring and Cost Management

CloudWatch Setup

Lab 10: Setting Up Basic Monitoring

  1. Create CloudWatch Dashboard aws cloudwatch put-dashboard \ --dashboard-name "MyDashboard" \ --dashboard-body file://dashboard.json
  2. Set Up Billing Alerts # Create SNS topic for alerts aws sns create-topic --name billing-alerts # Subscribe to topic aws sns subscribe \ --topic-arn arn:aws:sns:us-east-1:123456789012:billing-alerts \ --protocol email \ --notification-endpoint [email protected]
  3. Create Billing Alarm aws cloudwatch put-metric-alarm \ --alarm-name "BillingAlarm" \ --alarm-description "Billing alarm" \ --metric-name EstimatedCharges \ --namespace AWS/Billing \ --statistic Maximum \ --period 86400 \ --threshold 10 \ --comparison-operator GreaterThanThreshold \ --alarm-actions arn:aws:sns:us-east-1:123456789012:billing-alerts

Cost Optimization

  1. Use AWS Cost Explorer
    • Analyze spending patterns
    • Identify cost drivers
    • Set up cost budgets
  2. Implement Tagging Strategy # Tag resources for cost tracking aws ec2 create-tags \ --resources i-1234567890abcdef0 \ --tags Key=Project,Value=WebApp Key=Environment,Value=Production
  3. Right-Size Instances
    • Use AWS Compute Optimizer
    • Monitor CPU and memory utilization
    • Consider Reserved Instances for steady workloads

Step 8: Security Best Practices

IAM Roles and Policies

Lab 11: Creating Custom IAM Role

  1. Create Trust Policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
  2. Create Custom Policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::my-bucket/*" } ] }
  3. Create Role aws iam create-role \ --role-name MyEC2Role \ --assume-role-policy-document file://trust-policy.json aws iam put-role-policy \ --role-name MyEC2Role \ --policy-name S3AccessPolicy \ --policy-document file://s3-policy.json

Security Groups and NACLs

Lab 12: Configuring Network Security

  1. Create Security Group aws ec2 create-security-group \ --group-name web-sg \ --description "Web server security group" \ --vpc-id vpc-12345
  2. Add Inbound Rules # Allow HTTP aws ec2 authorize-security-group-ingress \ --group-id sg-12345 \ --protocol tcp \ --port 80 \ --cidr 0.0.0.0/0 # Allow HTTPS aws ec2 authorize-security-group-ingress \ --group-id sg-12345 \ --protocol tcp \ --port 443 \ --cidr 0.0.0.0/0

Troubleshooting Common Issues

Account Setup Problems

Issue: Credit card verification fails Solution:

  • Ensure card has international transactions enabled
  • Contact your bank to authorize AWS charges
  • Try a different payment method

Issue: Account activation takes too long Solution:

  • Check spam folder for AWS emails
  • Contact AWS Support if after 24 hours
  • Verify all account information is accurate

Access and Permissions

Issue: “Access Denied” errors Solution:

# Check current user identity
aws sts get-caller-identity

# Verify IAM permissions
aws iam get-user
aws iam list-attached-user-policies --user-name username

Issue: Can’t connect to EC2 instance Solution:

  • Verify security group allows SSH (port 22)
  • Check if instance has public IP
  • Ensure key pair permissions: chmod 400 keypair.pem
  • Verify correct username (ec2-user for Amazon Linux)

Service Configuration

Issue: S3 bucket access denied Solution:

# Check bucket policy
aws s3api get-bucket-policy --bucket bucket-name

# Verify IAM permissions
aws iam simulate-principal-policy \
  --policy-source-arn arn:aws:iam::123456789012:user/username \
  --action-names s3:GetObject \
  --resource-arns arn:aws:s3:::bucket-name/*

Next Steps and Advanced Topics

Automation and Infrastructure as Code

  1. AWS CloudFormation
    • Define infrastructure in JSON/YAML templates
    • Version control your infrastructure
    • Automate resource provisioning
  2. AWS CDK (Cloud Development Kit)
    • Define infrastructure using familiar programming languages
    • Higher-level abstractions than CloudFormation
    • Built-in best practices
  3. Terraform
    • Third-party infrastructure as code tool
    • Multi-cloud support
    • Large community and ecosystem

Container Services

  1. Amazon ECS (Elastic Container Service)
    • Fully managed container orchestration
    • Docker container support
    • Integration with other AWS services
  2. Amazon EKS (Elastic Kubernetes Service)
    • Managed Kubernetes service
    • Kubernetes API compatibility
    • Automatic scaling and updates

Serverless Computing

  1. AWS Lambda
    • Run code without managing servers
    • Pay only for compute time used
    • Event-driven architecture
  2. API Gateway
    • Create and manage APIs
    • Built-in security features
    • Integration with Lambda

Machine Learning

  1. Amazon SageMaker
    • Fully managed ML platform
    • Built-in algorithms and frameworks
    • Model training and deployment
  2. Amazon Rekognition
    • Image and video analysis
    • Facial recognition and analysis
    • Content moderation

Conclusion

Setting up AWS properly requires attention to security, cost management, and understanding of core services. This guide has walked you through the essential steps from account creation to configuring key services. Remember these key principles:

  • Security First: Always enable MFA, use IAM users instead of root, and follow the principle of least privilege
  • Cost Awareness: Set up billing alerts, use tags effectively, and regularly review your usage
  • Start Small: Begin with Free Tier services and gradually expand as you learn
  • Automation: Use Infrastructure as Code tools as you scale
  • Continuous Learning: AWS releases new services and features regularly

The labs in this guide provide hands-on experience with the most important AWS services. Practice these regularly and explore additional services as your needs grow. AWS offers extensive documentation, training courses, and certifications to help you deepen your cloud expertise.

Remember that cloud architecture is an iterative process. Start with simple configurations and gradually add complexity as you become more comfortable with the platform. The investment in learning AWS fundamentals will pay dividends as cloud computing continues to transform how we build and deploy applications.

Share: