Complete AWS Setup Guide: From Subscription to Configuration with Hands-On Labs

Introduction

Amazon Web Services (AWS) is the world’s leading cloud platform, offering over 200 services for computing, storage, databases, networking, and more. Whether you’re a beginner developer, startup founder, or enterprise architect, this comprehensive guide will walk you through everything you need to know about getting started with AWS.

Understanding AWS Pricing and Account Types

Before diving into setup, it’s crucial to understand AWS’s pricing model and account options.

AWS Free Tier

AWS offers a generous Free Tier that includes:

12 months free: Services like EC2 (750 hours/month), S3 (5GB storage), RDS (750 hours/month)
Always free: DynamoDB (25GB), Lambda (1M requests/month), CloudWatch (10 metrics)
12-month trials: Services like Redshift, ElasticSearch, and more

The Free Tier is perfect for learning, development, and small-scale applications.

Paid Accounts

For production workloads, AWS offers several support plans:

Basic: Free, community support only
Developer: $29/month, business hours email support
Business: $100/month, 24/7 phone/email support
Enterprise: $15,000/month, dedicated support team

Step 1: Creating Your AWS Account

Prerequisites

Valid email address
Phone number for verification
Credit or debit card (even for Free Tier)
Government-issued ID (for identity verification)

Account Creation Process

Visit AWS Homepage
- Go to aws.amazon.com
- Click “Create an AWS Account”
Enter Account Details Email: [email protected] Password: Use a strong password (12+ characters) AWS Account Name: Choose a descriptive name
Contact Information
- Select account type (Personal or Professional)
- Fill in complete address information
- Agree to AWS Customer Agreement
Payment Information
- Add credit/debit card details
- AWS charges $1 for verification (refunded within 3-5 days)
Identity Verification
- Choose phone call or SMS verification
- Enter the PIN received during verification
Support Plan Selection
- Start with Basic (free) support plan
- You can upgrade later as needed

Account Verification Timeline

Email verification: Immediate
Phone verification: 1-2 minutes
Payment verification: 1-24 hours
Full account activation: Up to 24 hours

Step 2: Initial Account Security Configuration

Security should be your first priority after account creation.

Enable Multi-Factor Authentication (MFA)

Lab 1: Setting up MFA for Root Account

Access Security Credentials
- Sign in to AWS Console
- Click your account name → Security Credentials
- Navigate to “Multi-factor authentication (MFA)”
Configure Virtual MFA Device # Install authenticator app on your phone: # - Google Authenticator # - Microsoft Authenticator # - Authy
Setup Process
- Click “Activate MFA”
- Choose “Virtual MFA device”
- Scan QR code with authenticator app
- Enter two consecutive MFA codes
- Save recovery codes securely

Create IAM Users

Never use the root account for daily operations. Create IAM users instead.

Lab 2: Creating Your First IAM User

Navigate to IAM Service Services → Security, Identity & Compliance → IAM
Create New User Users → Add Users Username: admin-user Access type: ✓ Programmatic access ✓ AWS Management Console access Console password: Custom password Require password reset: ✓ (recommended)
Attach Policies Attach existing policies directly Search and select: AdministratorAccess
Review and Create
- Download the CSV file containing:
  - Access Key ID
  - Secret Access Key
  - Console login link
- Store these credentials securely

Configure Password Policy

Lab 3: Setting Up Account Password Policy

Access Account Settings IAM → Account settings → Password policy
Configure Policy Minimum password length: 12 characters ✓ Require at least one uppercase letter ✓ Require at least one lowercase letter ✓ Require at least one number ✓ Require at least one non-alphanumeric character ✓ Allow users to change their own password Password expiration: 90 days Remember last: 24 passwords

Step 3: Understanding AWS Regions and Availability Zones

AWS operates in multiple geographic regions worldwide, each containing multiple Availability Zones (AZs).

Key Concepts

Regions: Geographic areas containing multiple AZs

Examples: us-east-1 (N. Virginia), eu-west-1 (Ireland)
Choose based on latency, compliance, and service availability

Availability Zones: Isolated data centers within a region

Each region has 2-6 AZs
Designed for fault tolerance and high availability

Edge Locations: Content delivery network (CDN) endpoints

400+ locations globally
Used by CloudFront for content caching

Choosing the Right Region

Consider these factors:

Latency: Choose regions close to your users
Compliance: Some data must stay in specific jurisdictions
Service Availability: Not all services are available in all regions
Cost: Pricing varies by region

Lab 4: Exploring Regions and Services

Check Current Region Look at top-right corner of AWS Console Current region displayed (e.g., "US East (N. Virginia)")
Switch Regions Click region dropdown → Select different region Notice how available services may change
Service Availability Check # Use AWS CLI to list available regions for a service aws ec2 describe-regions --output table aws rds describe-source-regions --output table

Step 4: Installing and Configuring AWS CLI

The AWS Command Line Interface (CLI) provides programmatic access to AWS services.

Installation

Windows:

# Using MSI installer
Download from: https://awscli.amazonaws.com/AWSCLIV2.msi
# Or using pip
pip install awscli

macOS:

# Using Homebrew
brew install awscli
# Or using installer
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

Linux:

# Ubuntu/Debian
sudo apt update
sudo apt install awscli
# Or using pip
pip3 install awscli

Configuration

Lab 5: Configuring AWS CLI

Run Configuration Command aws configure
Enter Credentials AWS Access Key ID: [Your Access Key from IAM user] AWS Secret Access Key: [Your Secret Key] Default region name: us-east-1 Default output format: json
Test Configuration # Test connectivity aws sts get-caller-identity # Expected output: { "UserId": "AIDACKCEVSQ6C2EXAMPLE", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/admin-user" }
Configure Multiple Profiles # Create additional profiles aws configure --profile development aws configure --profile production # Use specific profile aws s3 ls --profile development

Step 5: Core AWS Services Setup and Configuration

Amazon EC2 (Elastic Compute Cloud)

EC2 provides scalable computing capacity in the cloud.

Lab 6: Launching Your First EC2 Instance

Navigate to EC2 Dashboard Services → Compute → EC2
Launch Instance Click "Launch Instance" Name: my-first-instance
Choose AMI (Amazon Machine Image) Amazon Linux 2 AMI (HVM) - SSD Volume Type Architecture: 64-bit (x86)
Select Instance Type t2.micro (Free tier eligible) 1 vCPU, 1 GB RAM
Configure Instance Details Number of instances: 1 Network: Default VPC Subnet: Default Auto-assign Public IP: Enable
Add Storage Root volume: 8 GB (gp2) Delete on termination: ✓
Add Tags Key: Name, Value: MyFirstInstance Key: Environment, Value: Development
Configure Security Group Security group name: my-first-sg Description: Security group for my first instance Rules: - SSH (22) from My IP - HTTP (80) from Anywhere
Launch and Create Key Pair Key pair name: my-first-keypair Download .pem file and store securely

Connecting to Your Instance:

# Linux/Mac
chmod 400 my-first-keypair.pem
ssh -i "my-first-keypair.pem" ec2-user@[public-ip]

# Windows (using PuTTY)
# Convert .pem to .ppk using PuTTYgen
# Use .ppk file in PuTTY connection

Amazon S3 (Simple Storage Service)

S3 provides object storage with unlimited capacity.

Lab 7: Creating and Configuring S3 Bucket

Create Bucket # Using AWS CLI aws s3 mb s3://my-unique-bucket-name-12345 # Or via Console: Services → Storage → S3 → Create bucket
Upload Objects # Create a test file echo "Hello AWS!" > test.txt # Upload to S3 aws s3 cp test.txt s3://my-unique-bucket-name-12345/ # List objects aws s3 ls s3://my-unique-bucket-name-12345/
Configure Bucket Policy { "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-unique-bucket-name-12345/*" } ] }
Enable Versioning aws s3api put-bucket-versioning \ --bucket my-unique-bucket-name-12345 \ --versioning-configuration Status=Enabled

Amazon RDS (Relational Database Service)

Lab 8: Setting Up MySQL Database

Create DB Subnet Group aws rds create-db-subnet-group \ --db-subnet-group-name my-db-subnet-group \ --db-subnet-group-description "My DB subnet group" \ --subnet-ids subnet-12345 subnet-67890
Launch RDS Instance aws rds create-db-instance \ --db-instance-identifier my-database \ --db-instance-class db.t3.micro \ --engine mysql \ --master-username admin \ --master-user-password MySecurePassword123! \ --allocated-storage 20 \ --vpc-security-group-ids sg-12345 \ --db-subnet-group-name my-db-subnet-group
Connect to Database mysql -h my-database.cluster-xxxxx.us-east-1.rds.amazonaws.com \ -u admin -p

Step 6: Networking Configuration

Virtual Private Cloud (VPC)

Lab 9: Creating Custom VPC

Create VPC aws ec2 create-vpc --cidr-block 10.0.0.0/16
Create Subnets # Public subnet aws ec2 create-subnet \ --vpc-id vpc-12345 \ --cidr-block 10.0.1.0/24 \ --availability-zone us-east-1a # Private subnet aws ec2 create-subnet \ --vpc-id vpc-12345 \ --cidr-block 10.0.2.0/24 \ --availability-zone us-east-1b
Create Internet Gateway aws ec2 create-internet-gateway aws ec2 attach-internet-gateway \ --internet-gateway-id igw-12345 \ --vpc-id vpc-12345
Configure Route Tables # Create route table for public subnet aws ec2 create-route-table --vpc-id vpc-12345 # Add route to internet gateway aws ec2 create-route \ --route-table-id rtb-12345 \ --destination-cidr-block 0.0.0.0/0 \ --gateway-id igw-12345

Step 7: Monitoring and Cost Management

CloudWatch Setup

Lab 10: Setting Up Basic Monitoring

Create CloudWatch Dashboard aws cloudwatch put-dashboard \ --dashboard-name "MyDashboard" \ --dashboard-body file://dashboard.json
Set Up Billing Alerts # Create SNS topic for alerts aws sns create-topic --name billing-alerts # Subscribe to topic aws sns subscribe \ --topic-arn arn:aws:sns:us-east-1:123456789012:billing-alerts \ --protocol email \ --notification-endpoint [email protected]
Create Billing Alarm aws cloudwatch put-metric-alarm \ --alarm-name "BillingAlarm" \ --alarm-description "Billing alarm" \ --metric-name EstimatedCharges \ --namespace AWS/Billing \ --statistic Maximum \ --period 86400 \ --threshold 10 \ --comparison-operator GreaterThanThreshold \ --alarm-actions arn:aws:sns:us-east-1:123456789012:billing-alerts

Cost Optimization

Use AWS Cost Explorer
- Analyze spending patterns
- Identify cost drivers
- Set up cost budgets
Implement Tagging Strategy # Tag resources for cost tracking aws ec2 create-tags \ --resources i-1234567890abcdef0 \ --tags Key=Project,Value=WebApp Key=Environment,Value=Production
Right-Size Instances
- Use AWS Compute Optimizer
- Monitor CPU and memory utilization
- Consider Reserved Instances for steady workloads

Step 8: Security Best Practices

IAM Roles and Policies

Lab 11: Creating Custom IAM Role

Create Trust Policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
Create Custom Policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::my-bucket/*" } ] }
Create Role aws iam create-role \ --role-name MyEC2Role \ --assume-role-policy-document file://trust-policy.json aws iam put-role-policy \ --role-name MyEC2Role \ --policy-name S3AccessPolicy \ --policy-document file://s3-policy.json

Security Groups and NACLs

Lab 12: Configuring Network Security

Create Security Group aws ec2 create-security-group \ --group-name web-sg \ --description "Web server security group" \ --vpc-id vpc-12345
Add Inbound Rules # Allow HTTP aws ec2 authorize-security-group-ingress \ --group-id sg-12345 \ --protocol tcp \ --port 80 \ --cidr 0.0.0.0/0 # Allow HTTPS aws ec2 authorize-security-group-ingress \ --group-id sg-12345 \ --protocol tcp \ --port 443 \ --cidr 0.0.0.0/0

Troubleshooting Common Issues

Account Setup Problems

Issue: Credit card verification fails Solution:

Ensure card has international transactions enabled
Contact your bank to authorize AWS charges
Try a different payment method

Issue: Account activation takes too long Solution:

Check spam folder for AWS emails
Contact AWS Support if after 24 hours
Verify all account information is accurate

Access and Permissions

Issue: “Access Denied” errors Solution:

# Check current user identity
aws sts get-caller-identity

# Verify IAM permissions
aws iam get-user
aws iam list-attached-user-policies --user-name username

Issue: Can’t connect to EC2 instance Solution:

Verify security group allows SSH (port 22)
Check if instance has public IP
Ensure key pair permissions: chmod 400 keypair.pem
Verify correct username (ec2-user for Amazon Linux)

Service Configuration

Issue: S3 bucket access denied Solution:

# Check bucket policy
aws s3api get-bucket-policy --bucket bucket-name

# Verify IAM permissions
aws iam simulate-principal-policy \
  --policy-source-arn arn:aws:iam::123456789012:user/username \
  --action-names s3:GetObject \
  --resource-arns arn:aws:s3:::bucket-name/*

Next Steps and Advanced Topics

Automation and Infrastructure as Code

AWS CloudFormation
- Define infrastructure in JSON/YAML templates
- Version control your infrastructure
- Automate resource provisioning
AWS CDK (Cloud Development Kit)
- Define infrastructure using familiar programming languages
- Higher-level abstractions than CloudFormation
- Built-in best practices
Terraform
- Third-party infrastructure as code tool
- Multi-cloud support
- Large community and ecosystem

Container Services

Amazon ECS (Elastic Container Service)
- Fully managed container orchestration
- Docker container support
- Integration with other AWS services
Amazon EKS (Elastic Kubernetes Service)
- Managed Kubernetes service
- Kubernetes API compatibility
- Automatic scaling and updates

Serverless Computing

AWS Lambda
- Run code without managing servers
- Pay only for compute time used
- Event-driven architecture
API Gateway
- Create and manage APIs
- Built-in security features
- Integration with Lambda

Machine Learning

Amazon SageMaker
- Fully managed ML platform
- Built-in algorithms and frameworks
- Model training and deployment
Amazon Rekognition
- Image and video analysis
- Facial recognition and analysis
- Content moderation

Conclusion

Setting up AWS properly requires attention to security, cost management, and understanding of core services. This guide has walked you through the essential steps from account creation to configuring key services. Remember these key principles:

Security First: Always enable MFA, use IAM users instead of root, and follow the principle of least privilege
Cost Awareness: Set up billing alerts, use tags effectively, and regularly review your usage
Start Small: Begin with Free Tier services and gradually expand as you learn
Automation: Use Infrastructure as Code tools as you scale
Continuous Learning: AWS releases new services and features regularly

The labs in this guide provide hands-on experience with the most important AWS services. Practice these regularly and explore additional services as your needs grow. AWS offers extensive documentation, training courses, and certifications to help you deepen your cloud expertise.

Remember that cloud architecture is an iterative process. Start with simple configurations and gradually add complexity as you become more comfortable with the platform. The investment in learning AWS fundamentals will pay dividends as cloud computing continues to transform how we build and deploy applications.