Introduction
Amazon Web Services (AWS) is the world’s leading cloud platform, offering over 200 services for computing, storage, databases, networking, and more. Whether you’re a beginner developer, startup founder, or enterprise architect, this comprehensive guide will walk you through everything you need to know about getting started with AWS.
Understanding AWS Pricing and Account Types
Before diving into setup, it’s crucial to understand AWS’s pricing model and account options.
AWS Free Tier
AWS offers a generous Free Tier that includes:
- 12 months free: Services like EC2 (750 hours/month), S3 (5GB storage), RDS (750 hours/month)
- Always free: DynamoDB (25GB), Lambda (1M requests/month), CloudWatch (10 metrics)
- 12-month trials: Services like Redshift, ElasticSearch, and more
The Free Tier is perfect for learning, development, and small-scale applications.
Paid Accounts
For production workloads, AWS offers several support plans:
- Basic: Free, community support only
- Developer: $29/month, business hours email support
- Business: $100/month, 24/7 phone/email support
- Enterprise: $15,000/month, dedicated support team
Step 1: Creating Your AWS Account
Prerequisites
- Valid email address
- Phone number for verification
- Credit or debit card (even for Free Tier)
- Government-issued ID (for identity verification)
Account Creation Process
- Visit AWS Homepage
- Go to aws.amazon.com
- Click “Create an AWS Account”
- Enter Account Details
Email: [email protected] Password: Use a strong password (12+ characters) AWS Account Name: Choose a descriptive name
- Contact Information
- Select account type (Personal or Professional)
- Fill in complete address information
- Agree to AWS Customer Agreement
- Payment Information
- Add credit/debit card details
- AWS charges $1 for verification (refunded within 3-5 days)
- Identity Verification
- Choose phone call or SMS verification
- Enter the PIN received during verification
- Support Plan Selection
- Start with Basic (free) support plan
- You can upgrade later as needed
Account Verification Timeline
- Email verification: Immediate
- Phone verification: 1-2 minutes
- Payment verification: 1-24 hours
- Full account activation: Up to 24 hours
Step 2: Initial Account Security Configuration
Security should be your first priority after account creation.
Enable Multi-Factor Authentication (MFA)
Lab 1: Setting up MFA for Root Account
- Access Security Credentials
- Sign in to AWS Console
- Click your account name → Security Credentials
- Navigate to “Multi-factor authentication (MFA)”
- Configure Virtual MFA Device
# Install authenticator app on your phone: # - Google Authenticator # - Microsoft Authenticator # - Authy
- Setup Process
- Click “Activate MFA”
- Choose “Virtual MFA device”
- Scan QR code with authenticator app
- Enter two consecutive MFA codes
- Save recovery codes securely
Create IAM Users
Never use the root account for daily operations. Create IAM users instead.
Lab 2: Creating Your First IAM User
- Navigate to IAM Service
Services → Security, Identity & Compliance → IAM
- Create New User
Users → Add Users Username: admin-user Access type: ✓ Programmatic access ✓ AWS Management Console access Console password: Custom password Require password reset: ✓ (recommended)
- Attach Policies
Attach existing policies directly Search and select: AdministratorAccess
- Review and Create
- Download the CSV file containing:
- Access Key ID
- Secret Access Key
- Console login link
- Store these credentials securely
- Download the CSV file containing:
Configure Password Policy
Lab 3: Setting Up Account Password Policy
- Access Account Settings
IAM → Account settings → Password policy
- Configure Policy
Minimum password length: 12 characters ✓ Require at least one uppercase letter ✓ Require at least one lowercase letter ✓ Require at least one number ✓ Require at least one non-alphanumeric character ✓ Allow users to change their own password Password expiration: 90 days Remember last: 24 passwords
Step 3: Understanding AWS Regions and Availability Zones
AWS operates in multiple geographic regions worldwide, each containing multiple Availability Zones (AZs).
Key Concepts
Regions: Geographic areas containing multiple AZs
- Examples: us-east-1 (N. Virginia), eu-west-1 (Ireland)
- Choose based on latency, compliance, and service availability
Availability Zones: Isolated data centers within a region
- Each region has 2-6 AZs
- Designed for fault tolerance and high availability
Edge Locations: Content delivery network (CDN) endpoints
- 400+ locations globally
- Used by CloudFront for content caching
Choosing the Right Region
Consider these factors:
- Latency: Choose regions close to your users
- Compliance: Some data must stay in specific jurisdictions
- Service Availability: Not all services are available in all regions
- Cost: Pricing varies by region
Lab 4: Exploring Regions and Services
- Check Current Region
Look at top-right corner of AWS Console Current region displayed (e.g., "US East (N. Virginia)")
- Switch Regions
Click region dropdown → Select different region Notice how available services may change
- Service Availability Check
# Use AWS CLI to list available regions for a service aws ec2 describe-regions --output table aws rds describe-source-regions --output table
Step 4: Installing and Configuring AWS CLI
The AWS Command Line Interface (CLI) provides programmatic access to AWS services.
Installation
Windows:
# Using MSI installer
Download from: https://awscli.amazonaws.com/AWSCLIV2.msi
# Or using pip
pip install awscli
macOS:
# Using Homebrew
brew install awscli
# Or using installer
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /
Linux:
# Ubuntu/Debian
sudo apt update
sudo apt install awscli
# Or using pip
pip3 install awscli
Configuration
Lab 5: Configuring AWS CLI
- Run Configuration Command
aws configure
- Enter Credentials
AWS Access Key ID: [Your Access Key from IAM user] AWS Secret Access Key: [Your Secret Key] Default region name: us-east-1 Default output format: json
- Test Configuration
# Test connectivity aws sts get-caller-identity # Expected output: { "UserId": "AIDACKCEVSQ6C2EXAMPLE", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/admin-user" }
- Configure Multiple Profiles
# Create additional profiles aws configure --profile development aws configure --profile production # Use specific profile aws s3 ls --profile development
Step 5: Core AWS Services Setup and Configuration
Amazon EC2 (Elastic Compute Cloud)
EC2 provides scalable computing capacity in the cloud.
Lab 6: Launching Your First EC2 Instance
- Navigate to EC2 Dashboard
Services → Compute → EC2
- Launch Instance
Click "Launch Instance" Name: my-first-instance
- Choose AMI (Amazon Machine Image)
Amazon Linux 2 AMI (HVM) - SSD Volume Type Architecture: 64-bit (x86)
- Select Instance Type
t2.micro (Free tier eligible) 1 vCPU, 1 GB RAM
- Configure Instance Details
Number of instances: 1 Network: Default VPC Subnet: Default Auto-assign Public IP: Enable
- Add Storage
Root volume: 8 GB (gp2) Delete on termination: ✓
- Add Tags
Key: Name, Value: MyFirstInstance Key: Environment, Value: Development
- Configure Security Group
Security group name: my-first-sg Description: Security group for my first instance Rules: - SSH (22) from My IP - HTTP (80) from Anywhere
- Launch and Create Key Pair
Key pair name: my-first-keypair Download .pem file and store securely
Connecting to Your Instance:
# Linux/Mac
chmod 400 my-first-keypair.pem
ssh -i "my-first-keypair.pem" ec2-user@[public-ip]
# Windows (using PuTTY)
# Convert .pem to .ppk using PuTTYgen
# Use .ppk file in PuTTY connection
Amazon S3 (Simple Storage Service)
S3 provides object storage with unlimited capacity.
Lab 7: Creating and Configuring S3 Bucket
- Create Bucket
# Using AWS CLI aws s3 mb s3://my-unique-bucket-name-12345 # Or via Console: Services → Storage → S3 → Create bucket
- Upload Objects
# Create a test file echo "Hello AWS!" > test.txt # Upload to S3 aws s3 cp test.txt s3://my-unique-bucket-name-12345/ # List objects aws s3 ls s3://my-unique-bucket-name-12345/
- Configure Bucket Policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-unique-bucket-name-12345/*" } ] }
- Enable Versioning
aws s3api put-bucket-versioning \ --bucket my-unique-bucket-name-12345 \ --versioning-configuration Status=Enabled
Amazon RDS (Relational Database Service)
Lab 8: Setting Up MySQL Database
- Create DB Subnet Group
aws rds create-db-subnet-group \ --db-subnet-group-name my-db-subnet-group \ --db-subnet-group-description "My DB subnet group" \ --subnet-ids subnet-12345 subnet-67890
- Launch RDS Instance
aws rds create-db-instance \ --db-instance-identifier my-database \ --db-instance-class db.t3.micro \ --engine mysql \ --master-username admin \ --master-user-password MySecurePassword123! \ --allocated-storage 20 \ --vpc-security-group-ids sg-12345 \ --db-subnet-group-name my-db-subnet-group
- Connect to Database
mysql -h my-database.cluster-xxxxx.us-east-1.rds.amazonaws.com \ -u admin -p
Step 6: Networking Configuration
Virtual Private Cloud (VPC)
Lab 9: Creating Custom VPC
- Create VPC
aws ec2 create-vpc --cidr-block 10.0.0.0/16
- Create Subnets
# Public subnet aws ec2 create-subnet \ --vpc-id vpc-12345 \ --cidr-block 10.0.1.0/24 \ --availability-zone us-east-1a # Private subnet aws ec2 create-subnet \ --vpc-id vpc-12345 \ --cidr-block 10.0.2.0/24 \ --availability-zone us-east-1b
- Create Internet Gateway
aws ec2 create-internet-gateway aws ec2 attach-internet-gateway \ --internet-gateway-id igw-12345 \ --vpc-id vpc-12345
- Configure Route Tables
# Create route table for public subnet aws ec2 create-route-table --vpc-id vpc-12345 # Add route to internet gateway aws ec2 create-route \ --route-table-id rtb-12345 \ --destination-cidr-block 0.0.0.0/0 \ --gateway-id igw-12345
Step 7: Monitoring and Cost Management
CloudWatch Setup
Lab 10: Setting Up Basic Monitoring
- Create CloudWatch Dashboard
aws cloudwatch put-dashboard \ --dashboard-name "MyDashboard" \ --dashboard-body file://dashboard.json
- Set Up Billing Alerts
# Create SNS topic for alerts aws sns create-topic --name billing-alerts # Subscribe to topic aws sns subscribe \ --topic-arn arn:aws:sns:us-east-1:123456789012:billing-alerts \ --protocol email \ --notification-endpoint [email protected]
- Create Billing Alarm
aws cloudwatch put-metric-alarm \ --alarm-name "BillingAlarm" \ --alarm-description "Billing alarm" \ --metric-name EstimatedCharges \ --namespace AWS/Billing \ --statistic Maximum \ --period 86400 \ --threshold 10 \ --comparison-operator GreaterThanThreshold \ --alarm-actions arn:aws:sns:us-east-1:123456789012:billing-alerts
Cost Optimization
- Use AWS Cost Explorer
- Analyze spending patterns
- Identify cost drivers
- Set up cost budgets
- Implement Tagging Strategy
# Tag resources for cost tracking aws ec2 create-tags \ --resources i-1234567890abcdef0 \ --tags Key=Project,Value=WebApp Key=Environment,Value=Production
- Right-Size Instances
- Use AWS Compute Optimizer
- Monitor CPU and memory utilization
- Consider Reserved Instances for steady workloads
Step 8: Security Best Practices
IAM Roles and Policies
Lab 11: Creating Custom IAM Role
- Create Trust Policy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
- Create Custom Policy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::my-bucket/*" } ] }
- Create Role
aws iam create-role \ --role-name MyEC2Role \ --assume-role-policy-document file://trust-policy.json aws iam put-role-policy \ --role-name MyEC2Role \ --policy-name S3AccessPolicy \ --policy-document file://s3-policy.json
Security Groups and NACLs
Lab 12: Configuring Network Security
- Create Security Group
aws ec2 create-security-group \ --group-name web-sg \ --description "Web server security group" \ --vpc-id vpc-12345
- Add Inbound Rules
# Allow HTTP aws ec2 authorize-security-group-ingress \ --group-id sg-12345 \ --protocol tcp \ --port 80 \ --cidr 0.0.0.0/0 # Allow HTTPS aws ec2 authorize-security-group-ingress \ --group-id sg-12345 \ --protocol tcp \ --port 443 \ --cidr 0.0.0.0/0
Troubleshooting Common Issues
Account Setup Problems
Issue: Credit card verification fails Solution:
- Ensure card has international transactions enabled
- Contact your bank to authorize AWS charges
- Try a different payment method
Issue: Account activation takes too long Solution:
- Check spam folder for AWS emails
- Contact AWS Support if after 24 hours
- Verify all account information is accurate
Access and Permissions
Issue: “Access Denied” errors Solution:
# Check current user identity
aws sts get-caller-identity
# Verify IAM permissions
aws iam get-user
aws iam list-attached-user-policies --user-name username
Issue: Can’t connect to EC2 instance Solution:
- Verify security group allows SSH (port 22)
- Check if instance has public IP
- Ensure key pair permissions:
chmod 400 keypair.pem
- Verify correct username (ec2-user for Amazon Linux)
Service Configuration
Issue: S3 bucket access denied Solution:
# Check bucket policy
aws s3api get-bucket-policy --bucket bucket-name
# Verify IAM permissions
aws iam simulate-principal-policy \
--policy-source-arn arn:aws:iam::123456789012:user/username \
--action-names s3:GetObject \
--resource-arns arn:aws:s3:::bucket-name/*
Next Steps and Advanced Topics
Automation and Infrastructure as Code
- AWS CloudFormation
- Define infrastructure in JSON/YAML templates
- Version control your infrastructure
- Automate resource provisioning
- AWS CDK (Cloud Development Kit)
- Define infrastructure using familiar programming languages
- Higher-level abstractions than CloudFormation
- Built-in best practices
- Terraform
- Third-party infrastructure as code tool
- Multi-cloud support
- Large community and ecosystem
Container Services
- Amazon ECS (Elastic Container Service)
- Fully managed container orchestration
- Docker container support
- Integration with other AWS services
- Amazon EKS (Elastic Kubernetes Service)
- Managed Kubernetes service
- Kubernetes API compatibility
- Automatic scaling and updates
Serverless Computing
- AWS Lambda
- Run code without managing servers
- Pay only for compute time used
- Event-driven architecture
- API Gateway
- Create and manage APIs
- Built-in security features
- Integration with Lambda
Machine Learning
- Amazon SageMaker
- Fully managed ML platform
- Built-in algorithms and frameworks
- Model training and deployment
- Amazon Rekognition
- Image and video analysis
- Facial recognition and analysis
- Content moderation
Conclusion
Setting up AWS properly requires attention to security, cost management, and understanding of core services. This guide has walked you through the essential steps from account creation to configuring key services. Remember these key principles:
- Security First: Always enable MFA, use IAM users instead of root, and follow the principle of least privilege
- Cost Awareness: Set up billing alerts, use tags effectively, and regularly review your usage
- Start Small: Begin with Free Tier services and gradually expand as you learn
- Automation: Use Infrastructure as Code tools as you scale
- Continuous Learning: AWS releases new services and features regularly
The labs in this guide provide hands-on experience with the most important AWS services. Practice these regularly and explore additional services as your needs grow. AWS offers extensive documentation, training courses, and certifications to help you deepen your cloud expertise.
Remember that cloud architecture is an iterative process. Start with simple configurations and gradually add complexity as you become more comfortable with the platform. The investment in learning AWS fundamentals will pay dividends as cloud computing continues to transform how we build and deploy applications.