Skip to content

Instantly share code, notes, and snippets.

@davidpaulhunt
Last active May 18, 2018 18:11
Show Gist options
  • Save davidpaulhunt/a63da7357e29bb12f65d17c19abd54c0 to your computer and use it in GitHub Desktop.
Save davidpaulhunt/a63da7357e29bb12f65d17c19abd54c0 to your computer and use it in GitHub Desktop.
Steps I followed to get started using AWS on my machine.

IAM User Account Creation

Assuming that your account has been created for you, be certain to receive and store the following key/value pairs:

  • username
  • password
  • access_key_id
  • secret_access_key
  • sign-in link

If your account is created via the aws console, your credentials will probably come as a CSV. If your account is created via the aws command line interface, your credentials will probably be output as an object in the console, e.g.

Username:     myawsname
Password:     AV3ryV3ryL0ngStr1ngF0RY0urV3ryFIrstP4SSW0rd=
Access Key:   {
  "UserName":         "myawsname",
  "Status":           "Active",
  "CreateDate":       "2018-01-01T10:30:30.030Z",
  "SecretAccessKey":  "AT0k3N+y0U5houLDk33pS3CReT",
  "AccessKeyId":      "ASTR1NGT1EDT0Y0URK3Y",
}
Sign-in Link:   https://your-subdomain.signin.aws.amazon.com/console

Follow the sign-in link and signin for the first time.

The first time you signin, you'll be asked to change your password. Most likely, your new password will be subject to a password policy set by your organization or root account manager.

Tip: If you have used a sub-account previously and have a password manager or auto-fill enabled, the account name/alias field may be overwritten. In that case, you'll need to write the account name manually along with your username and initial password.

Securing Your IAM User Account

These are items I did to make my usage easier during development i.e. to keep me from hitting tension when developing on one or more future projects.

All of these actions are taken from the same screen. To get there:

  1. Go to "My Security Credentials" (you can select this by hovering over your username in the nav bar)
  2. Go to "Users" (you can select this from the left side bar)
  3. Find your username in the table and select it
  4. Go to the "Security credentials" tab

Now, you'll see options to execute all or some of the following actions.

Setup Multi-Factor Authentication

tags: MFA 2FA security

The easiest way to do this is to use a "Virtual MFA Device" i.e. an authentication or password manager app that supports the open TOTP standard. More Info

Tip: You don't necessarily need a mobile app. For example, the One Password desktop app can read QR codes on your screen.

  1. In the "Sign-in credentials" section, select the pencil icon next to "Assigned MFA device".

  2. Follow the prompts until you're presented with a QR code and form.

  3. Open your authentication or password manager app, create a new entry, and scan the QR code.

  4. Enter the current MFA code from your app into the first form field.

  5. Wait until a new MFA code appears in your app, then enter it into the second form field.

  6. Submit the form.

That's it! Your account now has MFA authentication enabled.

Upload an SSH Key

tags: ssh security

TODO: add ssh steps

$ ssh-keygen
  > Filename: /Users/${user}/.ssh/myawsname
  > Passphrase (hit enter to leave blank):  <enter>
  > Confirm Passphrase: <enter>

$ cat ~/.ssh/myawsname.pub
  > ssh-rsa mysuperlongstring...........endshere user@some-address

copy and paste, then add to aws

Upload a Signing Certificate

tags: certificate security

TODO: add cert steps

see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-up-ami-tools.html?icmpid=docs_iam_console#ami-tools-managing-certs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment